CICFlowMeter Python Implementation
Project description
Python CICFlowMeter
This project is not maintained actively by me. If you found something wrong (bugs, incorrect results) feel free to create issues or pull requests.
⚡️ Version 0.4.0: Major Refactor (June 2025)
- The tool now uses a custom
FlowSessionand theprncallback of Scapy'sAsyncSnifferfor all flow processing, instead of relying on Scapy'sDefaultSession/session system. - All flow logic, feature extraction, and output are now fully managed by the project code, not by Scapy internals.
- The
processmethod always returnsNone, preventing unwanted packet printing by Scapy. - Logging is robust: only shows debug output if
-vis set. - All flows are always flushed at the end, even for small pcaps.
- This project is a CICFlowMeter-like tool (see UNB CICFlowMeter), not Cisco NetFlow. It extracts custom flow features as in the original Java CICFlowMeter.
- The refactor does not change the set of features/fields extracted, only how packets are routed to your logic.
Installation
git clone https://github.com/hieulw/cicflowmeter
cd cicflowmeter
uv sync
source .venv/bin/activate
Usage
usage: cicflowmeter [-h] (-i INPUT_INTERFACE | -f INPUT_FILE | -d INPUT_DIRECTORY) (-c | -u) [--fields FIELDS] [--merge] [-v] output
positional arguments:
output output file name (in csv mode), url (in url mode), or output directory (in directory mode)
options:
-h, --help show this help message and exit
-i INPUT_INTERFACE, --interface INPUT_INTERFACE
capture online data from INPUT_INTERFACE
-f INPUT_FILE, --file INPUT_FILE
capture offline data from INPUT_FILE
-d INPUT_DIRECTORY, --directory INPUT_DIRECTORY
capture offline data from all pcap files in INPUT_DIRECTORY
-c, --csv output flows as csv
-u, --url output flows as request to url
--fields FIELDS comma separated fields to include in output (default: all)
--merge merge all pcap files into a single CSV (only works with -d/--directory mode)
-v, --verbose more verbose
Convert pcap file to flow csv:
cicflowmeter -f example.pcap -c flows.csv
Convert all PCAP files in a directory (separate CSVs)
cicflowmeter -d ./pcap_folder/ -c ./csv_output/
Convert all PCAP files in a directory (merged into single CSV)
cicflowmeter -d ./pcap_folder/ -c ./csv_output/ --merge
Sniff packets real-time from interface to flow request: (need root permission)
cicflowmeter -i eth0 -u http://localhost:8080/predict
References:
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cicflowmeter-0.5.0.tar.gz.
File metadata
- Download URL: cicflowmeter-0.5.0.tar.gz
- Upload date:
- Size: 31.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
501d8b78ca6b95a1d1300bf5f9424bbfa1f359d188e0af960920586b4a0d4f0e
|
|
| MD5 |
c2406bfedeb271046a2a40afda806841
|
|
| BLAKE2b-256 |
da2061f2285a6bae616a2412c2fc1eb5b95296e10ceaa69fcd78011dfa82f612
|
File details
Details for the file cicflowmeter-0.5.0-py3-none-any.whl.
File metadata
- Download URL: cicflowmeter-0.5.0-py3-none-any.whl
- Upload date:
- Size: 19.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.9.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5aabcbb05651261b2c34171aa041015f55673cddda01dc8a6f7508976795c361
|
|
| MD5 |
0e6bc60f45ab4254ed9b0b537d8e94df
|
|
| BLAKE2b-256 |
38445c3b39d14836398334513647c975ed797b6a393cfd719895210c61070fc3
|
