Skip to main content

CICFlowMeter Python Implementation

Project description

Python CICFlowMeter

This project is not maintained actively by me. If you found something wrong (bugs, incorrect results) feel free to create issues or pull requests.


⚡️ Version 0.4.0: Major Refactor (June 2025)

  • The tool now uses a custom FlowSession and the prn callback of Scapy's AsyncSniffer for all flow processing, instead of relying on Scapy's DefaultSession/session system.
  • All flow logic, feature extraction, and output are now fully managed by the project code, not by Scapy internals.
  • The process method always returns None, preventing unwanted packet printing by Scapy.
  • Logging is robust: only shows debug output if -v is set.
  • All flows are always flushed at the end, even for small pcaps.
  • This project is a CICFlowMeter-like tool (see UNB CICFlowMeter), not Cisco NetFlow. It extracts custom flow features as in the original Java CICFlowMeter.
  • The refactor does not change the set of features/fields extracted, only how packets are routed to your logic.

Installation

git clone https://github.com/hieulw/cicflowmeter
cd cicflowmeter
uv sync
source .venv/bin/activate

Usage

usage: cicflowmeter [-h] (-i INPUT_INTERFACE | -f INPUT_FILE) (-c | -u) [--fields FIELDS] [-v] output

positional arguments:
  output                output file name (in csv mode) or url (in url mode)

options:
  -h, --help            show this help message and exit
  -i INPUT_INTERFACE, --interface INPUT_INTERFACE
                        capture online data from INPUT_INTERFACE
  -f INPUT_FILE, --file INPUT_FILE
                        capture offline data from INPUT_FILE
  -c, --csv             output flows as csv
  -u, --url             output flows as request to url
  --fields FIELDS       comma separated fields to include in output (default: all)
  -v, --verbose         more verbose

Convert pcap file to flow csv:

cicflowmeter -f example.pcap -c flows.csv

Sniff packets real-time from interface to flow request: (need root permission)

cicflowmeter -i eth0 -u http://localhost:8080/predict

References:

  1. https://www.unb.ca/cic/research/applications.html#CICFlowMeter
  2. https://github.com/ahlashkari/CICFlowMeter

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cicflowmeter-0.4.2.tar.gz (29.7 kB view details)

Uploaded Source

Built Distribution

cicflowmeter-0.4.2-py3-none-any.whl (18.0 kB view details)

Uploaded Python 3

File details

Details for the file cicflowmeter-0.4.2.tar.gz.

File metadata

  • Download URL: cicflowmeter-0.4.2.tar.gz
  • Upload date:
  • Size: 29.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.7.8

File hashes

Hashes for cicflowmeter-0.4.2.tar.gz
Algorithm Hash digest
SHA256 6844e58aa967ffef961539762333e7e5732daba40d2eb1a7e93c7a13bf1c1896
MD5 72317e74bc1fc39171289fc66e6dcc30
BLAKE2b-256 b46959f1982df1b222d4f37275bfffcea91036f257288dc29052949bec604a63

See more details on using hashes here.

File details

Details for the file cicflowmeter-0.4.2-py3-none-any.whl.

File metadata

File hashes

Hashes for cicflowmeter-0.4.2-py3-none-any.whl
Algorithm Hash digest
SHA256 fadeca353248f305e9ce3d92bc2df61a6287f491af6fd7c774be9f6ad231acdb
MD5 4c768066b563a9ad08d860652089bac5
BLAKE2b-256 7d7373ca7620d03bcf1775fdc434cff224b4443b642cf2924b4d0be10758cea9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page