nProbe Modes

nProbe can be used in three modes, namely:

  • Probe
  • Collector (flow collection only, no Probe)
  • Proxy: Receive flows via NetFlow and emit them (optionally combining with captured traffic) to a remote collector.

Probe mode

nprobe -i eth0 -n collector_ip:2055
nProbe in Probe Mode

nProbe in Probe Mode

Collector mode

nprobe -3 2055
nProbe in Collector Mode

nProbe in Collector Mode

Proxy mode

nprobe -3 2055 -n collector_ip:2055 -V 9
nProbe in Proxy Mode

nProbe in Proxy Mode

In proxy mode you can convert from/to IPFIX/NetFlow v5/v9 in order to smoothly upgrade to newer netflow protocol versions while capitalizing on previous protocol versions. So you can for instance convert flows coming from your v5 router into IPFIX and vice-versa. Note that with some combinations (e.g. from v9 to v5) you might loose some flow information.