flowprobe

Langue: en

Version: 24 November 2004 (ubuntu - 25/10/10)

Section: 8 (Commandes administrateur)

NAME

flowprobe - libpcap traffic collector and NetFlow packets originator for NeTAMS project.

SYNOPSIS

flowprobe {options}

DESCRIPTION

Flowprobe is a part of NeTAMS (Network Traffic Accounting and Monitoring Software) project, a data source for NeTAMS daemon. It listens an ethernet interface (PCAP library, like tcpdump) and collects accconting data. Every N seconds it exports this data as NetFlow v5 UDP packet to any collector, for example NeTAMS daemon with "data-source netflow" enabled.

OPTIONS

-h
print help screen and exit
-q
quiet output
-d
turn debugging on
-e export_to
IP address to export flows to, A.B.C.D:XXXX, where XXXX is remote port number (default is 20001)
-r rule
libpcap rule to capture packets
-i interface
network interface to listen
-1 active_timeout
active flow timeout (sec.), default is 600
-2 inactive_timeout
inactive flow timeout (sec.), default is 60

SYSTEM REQUIREMENTS

libpcap library and header file pcap.h must present in your system

EXAMPLE

flowprobe -d -e 1.2.3.4:1000 -r ip -i eth0 -1 200 -2 20
Exporting to: 1.2.3.4:1000
Interface: eth0
Rule: ip
Active timeout: 200 seconds
Inact timeout: 20 seconds
Libpcap: ethernet interface

SEE ALSO

http://www.netams.com

AUTHORS

Anton Vinokurov <anton@netams.com>, Yuriy Shkandybin <jura@netams.com>