Submit a ticketCall us

WebinarUpcoming Webinar: Know What’s Changed – with NEW Server Configuration Monitor

Change management in IT is critical. But, even with a good change management process, changes are too often not correctly tracked, if at all. The configuration of your servers and applications is a key factor in their performance, availability, and security. Many incidents can be tracked back to an authorized (and sometimes unauthorized) configuration change, whether to a system file, configuration file, or Windows® Registry entry. Join SolarWinds VP of product management Brandon Shopp to discover how the new SolarWinds® Server Configuration Monitor is designed to help you.

Register now.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - Knowledgebase Articles > Using Fprobe to send flows from a Linux box to NTA

Using Fprobe to send flows from a Linux box to NTA


Fprobe is a Linux solution similar to nProbe for Windows. Fprobe is a libpcap-based tool that collects network traffic data and emits it as NetFlow flows towards the specified collector. This allows you to span or mirror a port from your network device that is not flow-capable and use Fprobe to create flows for analysis in NTA.


Details on nProbe for Windows users here: 



NTA with Linux


This article assumes you have Fprobe installed on a Linux box and are attempting to send flows to NTA. Fprobe can be downloaded from most repositories or here: 


You need to run two processes, one for in and one for out. These are designed for high load:

/usr/local/fprobe/sbin/fprobe -x1:2 -ieth1 -B4096 -r2 -q10000 -t10000:10000000 -a
/usr/local/fprobe/sbin/fprobe -x2:1 -ieth1 -B4096 -r2 -q10000 -t10000:10000000 -a


Explanation: = Source IP = NetFlow collector IP (This should be the NTA IP)
2055 = Collector port
X1:2 = InPackets
X2:1 = OutPackets


Last modified