fprobe.debian.oasis

What is fprobe?

This is a libpcap-based tool that collect network traffic data and emits it as NetFlow flows towards the specified collector.

What is different from the official Debian package?

Unfortunately there are two Netflow probes with the name fprobe and the inferior one made its way into the Debian repository first. During that time I found this version (Written by Slava Astashonok), packaged it and made a few changes of my own which were later incorporated into Slava's code.

Since then, his package also appeared in the Debian repository as fprobe-ng and were later renamed to fprobe, but I kept using my version.

Note, my version has no init script. I run fprobe with the following parameters:

% fprobe -ieth1 \ -f "ip && !(dst host ${h} && dst port ${p})" \ -r2 -q1000 -n5 ${h}:${p}/${a}/m

where ${h} is the ip address of the NetFlow collector, ${p} is the port on which the collector will be listening for flows, and ${a} is the address of the probe.

The packet filter is needed to ensure that the traffic between the probe and the collector is not taken into account.

download