>fprobe doesn't work properly because it has the input and output interface >IDs as both 0.
fprobe-ulog fixes this. From the http://fprobe.sourceforge.net/ front page: fprobe-ulog - libipulog-based fork of fprobe. It obtains packets through linux netfilter code (iptables ULOG target). The main advantages of this version are native input/output interface SNMP-index support and significant performance benefit. Of course, this version work on linux only. We have used it here for a few years and have been quite happy with it. E