IPCAD stands for IP Cisco Accounting Daemon. It runs in background, listens traffic on the specified interfaces, and records the traffic for later retrieval and analysis. The project can use raw BPF devices, PCAP library, divert, tee or Linux iptables' ULOG & IPQ packet sources to capture the packets.
IPCAD can export collected information using rsh or NetFlow.
Here are some key features of "IPCAD":
· Uses BPF, libpcap divert, tee or Linux ULOG & IPQ for traffic snooping
· RSH, NetFlow and console output in Cisco-like fashion
· RSH access lists
· Address aggregation support for RSH and NetFlow.
· UDP/TCP/SCTP ports handling
· Dynamic interfaces (PPP, VPN) support
· At least Berkeley packet filter or libpcap library.
What's New in This Release:
· PPPoE support, courtesy to Aaron Millisor.
· ULOG collector: ability to differentiate by hook id (nlgroup). Suggested by Sergey Skachkov.
· Fixed flex command line compilation problems.