fprobe 0.4

fprobe is a small NetFlow probe which will listen on a network interface.
  1 Screenshot
fprobe is a small NetFlow probe which will listen on a network interface. It isusing libpcap, aggregate the traffic and export NetFlow V5 datagram to a remote collector for processing. A flow is identified by ip protocol, source ip, source port, destination ip, destination port.
Right now only ethernet interfaces are supported. Support for more media types (tunnel, ppp etc) will be added in nex versions.

/fprobe -t IP:PORT [ -i interface ] [ -s scan ] [ expression ]
-t IP:PORT NetFlow collector address
-i interface interface to listen for traffic (default eth0)
-s scan interval in seconds between two flow tables scans (Default: 10)
-c file file with MAC definitions
-p don't put the interface in promisc mode
-b go in background (daemon mode)
-l file log file name
expression a bpf expresion to filter traffic (See libpcap/tcpdump)

For example:
./fprobe -i eth2 -t

This will sniff the traffic on interface 'eth2' and will send the NetFlow data to localhost ( on UDP port 8182.

Internal flow table is parsed every 'scan' seconds for expired flows which are sent to remote collector.
What's New in This Release:

can handle IP fragments
can set the snmp interface ID based on source/destination MAC address
fixed uptime in exported flows
new hash function for internal storage
delay between udp datagrams emited

last updated on:
July 5th, 2006, 13:45 GMT
license type:
GPL (GNU General Public License) 
developed by:
Bogdan Surdu
ROOT \ System \ Networking
Download Button

In a hurry? Add it to your Download Basket!

user rating



Rate it!

Add your review!