Fprobe is a compact NetFlow probe that monitors network traffic on a specified interface.
The software currently supports only Ethernet interfaces, but more media types such as tunnel, PPP, etc. are expected to be added in the next versions, making it even more user-friendly. The software comes with several command-line options to customize its usage.
The -t option allows users to specify the NetFlow collector address, while the -i option specifies the interface to listen to traffic for (default eth0). The -s option allows users to set the interval in seconds between two flow tables scans (Default: 10). Users can add a file with MAC definitions, turn off promisc mode, put the software in the background, and designate a logging file name.
Moreover, users can add a BPF expression to filter traffic, which enhances the functionality of the software. For example, running "./fprobe -i eth2 -t 127.0.0.1:8182" will sniff the traffic on interface 'eth2' and send the NetFlow data to localhost (127.0.0.1) on UDP port 8182. The internal flow table is parsed every 'scan' seconds for expired flows, which are sent to the remote collector.
This updated version of the software comes with several improvements such as enhanced IP fragment handling, the ability to set SNMP interface ID based on source/destination MAC addresses, fixed uptime in exported flows, a new hash function for internal storage, and delay between UDP datagrams emitted. Overall, Fprobe is an excellent software for network administrators looking for a reliable and efficient NetFlow probe.
Version 0.4: N/A