fprobe 0.4

fprobe is a small NetFlow probe which will listen on a network interface.

  Add it to your Download Basket!

 Add it to your Watch List!

0/5

Rate it!
send us
an update
LICENSE TYPE:
GPL (GNU General Public License) 
USER RATING:
UNRATED
  0.0/5
DEVELOPED BY:
Bogdan Surdu
HOMEPAGE:
psi.home.ro
CATEGORY:
ROOT \ System \ Networking
1 fprobe Screenshot:
fprobe
fprobe is a small NetFlow probe which will listen on a network interface. It isusing libpcap, aggregate the traffic and export NetFlow V5 datagram to a remote collector for processing. A flow is identified by ip protocol, source ip, source port, destination ip, destination port.
Right now only ethernet interfaces are supported. Support for more media types (tunnel, ppp etc) will be added in nex versions.

/fprobe -t IP:PORT [ -i interface ] [ -s scan ] [ expression ]
-t IP:PORT NetFlow collector address
-i interface interface to listen for traffic (default eth0)
-s scan interval in seconds between two flow tables scans (Default: 10)
-c file file with MAC definitions
-p don't put the interface in promisc mode
-b go in background (daemon mode)
-l file log file name
expression a bpf expresion to filter traffic (See libpcap/tcpdump)

For example:
./fprobe -i eth2 -t 127.0.0.1:8182

This will sniff the traffic on interface 'eth2' and will send the NetFlow data to localhost (127.0.0.1) on UDP port 8182.

Internal flow table is parsed every 'scan' seconds for expired flows which are sent to remote collector.
What's New in This Release:

can handle IP fragments
can set the snmp interface ID based on source/destination MAC address
fixed uptime in exported flows
new hash function for internal storage
delay between udp datagrams emited

Last updated on July 5th, 2006

#listen on interface #sniff interface #ethernet sniffer #ethernet #sniffer #debug #interface

Add your review!

SUBMIT