fprobe doesn't work properly because it has the input and output interface
IDs as both 0.
fprobe-ulog fixes this. From the http://fprobe.sourceforge.net/ front page:
fprobe-ulog - libipulog-based fork of fprobe. It obtains packets
through linux netfilter code (iptables ULOG target). The main
advantages of this version are native input/output interface
SNMP-index support and significant performance benefit. Of course,
this version work on linux only.
We have used it here for a few years and have been quite happy with it.
E