As provided in our current distribution of MAGNeT, the user interface consists of three programs, magnet-read, mkmagnet, and magnet-parse, along with a couple of scripts to automate traffic collection.
magnet-read is the primary means of obtaining MAGNeT traffic traces; its function is to read the data from the kernel's circular buffer. Our first version of magnet-read copied records out of the shared memory and wrote them to a file on disk. We found, however, that this approach was unable to keep up with the demands of a simple test application that tries to saturate a 100-Mbps Ethernet network. Instead, the current version of magnet-read uses the memory-mapped I/O features in the Linux kernel. Once an empty ``binary trace file'' exists, magnet-read maps this file into its memory space and then saves data to disk by simply performing a memory copy between the kernel/user shared memory and the memory region mapped to the binary trace file. This approach reduces overhead significantly and allows MAGNeT to record data on even high-speed networks with little chance of record loss. The mkmagnet application creates and initializes the binary trace file prior to it being mapped into memory by magnet-read. Finally, magnet-parse reads data collected by magnet-read and dumps a tab-delimited ASCII table of the collected data for further processing, performing endian translation as necessary.
The MAGNeT distribution also includes two shell scripts that allow network administrators to create an automated application-monitoring environment. magnet.cron, the overall MAGNeT management script, ensures that the MAGNeT device file exists and that a binary trace file has been created by mkmagnet. Additionally, if invoked while magnet-read is running, magnet.cron terminates the current MAGNeT data collection session and calls magnet.copy to transfer the data to a remote archive.5 Before exiting, magnet.cron starts magnet-read as a background process to save network events to disk. Thus, the management script may be added as a crontab event (e.g., run everyday at midnight) to collect data on a diverse set of machines without requiring special action by the users of the network.