Submit a ticketCall us

Don’t fall victim to a ransomware attack
Backups are helpful, but sometimes that’s not enough to protect your business against ransomware. At our live webcast we will discuss how to protect against ransomware attacks with SolarWinds® Patch Manager and how to leverage log data to detect ransomware. Register now for our live webcast.

Home > Success Center > Netflow Traffic Analyzer (NTA) > Using Fprobe to send flows from a Linux box to NTA

Using Fprobe to send flows from a Linux box to NTA

Overview

Fprobe is a Linux solution similar to nProbe for Windows. Fprobe is a libpcap-based tool that collects network traffic data and emits it as NetFlow flows towards the specified collector. This allows you to span or mirror a port from your network device that is not flow-capable and use Fprobe to create flows for analysis in NTA.

 

Details on nProbe for Windows users here: 
http://thwack.solarwinds.com/community/solarwinds-community/product-blog/blog/2009/11/10/orion-nta-and-nprobe-analyzing-bandwidth-hogs-without-flow-capable-network-equipment 

 

Environment

NTA with Linux

Details

This article assumes you have Fprobe installed on a Linux box and are attempting to send flows to NTA. Fprobe can be downloaded from most repositories or here: http://fprobe.sourceforge.net/ 

 

You need to run two processes, one for in and one for out. These are designed for high load:

/usr/local/fprobe/sbin/fprobe -x1:2 -ieth1 -B4096 -r2 -q10000 -t10000:10000000 -a 1.1.1.1 2.2.2.2:2055
/usr/local/fprobe/sbin/fprobe -x2:1 -ieth1 -B4096 -r2 -q10000 -t10000:10000000 -a 1.1.1.1 2.2.2.2:2055

 

Explanation:
1.1.1.1 = Source IP
2.2.2.2 = NetFlow collector IP (This should be the NTA IP)
2055 = Collector port
X1:2 = InPackets
X2:1 = OutPackets

 

Last modified
07:18, 22 Dec 2015

Tags

Classifications

Public