fprobe v0.1

 This is a small NetFlow probe which will listen on a interface using libpcap, 
aggregate the traffic and export NetFlow V5 datagram to a remote collector 
for processing.
This is a work in progress and might not work on your machine or with your
NetFlow collector. 

Sources are distributed in source format under the GNU GPL licence. A copy of licence is included with the package.


Requirements
--------------------------------
   - libpcap 
   - pthreads


Building
--------------------------------

  Just type 'make' in source directory and the binary file 'fprobe' will
be created.


Usage
--------------------------------

 ./fprobe -t IP:PORT [ -i interface ] [ -s scan ] [ expression ]
  -t IP:PORT    NetFlow collector address
  -i interface  interface to listen for traffic (default eth0)
  -s scan       interval in seconds between two flow tables scans (Default: 10)
  -c file       file with MAC definitions
  -p            don't put the interface in promisc mode
  -b            go in background (daemon mode)
  -l file       log file name
  expression    a bpf expresion to filter traffic (See libpcap/tcpdump)


  For example:
  ./fprobe -i eth2 -t 127.0.0.1:8182

  This will sniff the traffic on interface 'eth2' and will send the NetFlow 
data to localhost (127.0.0.1) on UDP port 8182.

  Internal flow table is parsed every 'scan' seconds for expired flows which
are sent to remote collector.


Configuration file
--------------------------------

fprobe can set the snmp interface id in flow record acording to the
source/destination mac address who sent the packet. Using the
flag "-c" you can load a list of interface IDs and their MAC address.
See the sample file attached for format.


Hardcoded options
--------------------------------

A few values like:
  - delay between udp packets sent
  - source/destination as number
  - timeout active/inactive
  - number of flows to pre-allocate (flow_storage.h)

are hard coded. Future releases will add options to modify these values.

Updates
--------------------------------

 Latest version can be downloaded from http://psi.home.ro/flow/


Feedback
--------------------------------

 Any problems/comments you have, please send them to tim@rdsnet.ro.
