Skip to main content

A flexible and powerful network data analysis library

Project description

build coverage quality doc download release python platform license

nfstream is a flexible and lightweight network data analysis library.

nfstream main features

  • Performance: nfstream was designed to be fast with a small CPU and memory footprint.

  • Layer-7 visibility: nfstream dissection is based on nDPI (~300 applications including Tor, Messenger, WhatsApp, etc.).

  • Flexibility: add a flow metric in 2 lines of code using nfstream plugins method.

  • Machine Learning oriented: add your trained model as an NFStreamClassifier.

Use

  • Dealing with a big pcap file and just want to aggregate it as network flows? nfstream make this path easier in few lines:

from nfstream.streamer import Streamer
my_capture_streamer = Streamer(source="instagram.pcap") # or capture from a network interface
for flow in my_capture_streamer:  # or for flow in my_live_streamer
    print(flow)  # print, append to pandas Dataframe or whatever you want :)!
{"ip_src": "192.168.43.18",
 "src_port": 52066,
 "ip_dst": "66.220.156.68",
 "dst_port": 443,
 "ip_protocol": 6,
 "vlan_id": 0,
 "src_to_dst_pkts": 9,
 "dst_to_src_pkts": 10,
 "src_to_dst_bytes": 1345,
 "dst_to_src_bytes": 4400,
 "syn_count": [1, 1],
 "cwr_count": [0, 0],
 "ece_count": [0, 0],
 "urg_count": [0, 0],
 "ack_count": [8, 10],
 "psh_count": [4, 5],
 "rst_count": [0, 0],
 "fin_count": [0, 0],
 "start_time": 1472393122365.661,
 "end_time": 1472393123665.163,
 "export_reason": 2,
 "metrics": {"application_name": "TLS.Facebook",
             "category_name": "SocialNetwork",
             "http_dns_server_name": "",
             "tls_client_server_name": "facebook.com",
             "tls_server_server_name": "*.facebook.com",
             "tls_server_organization": "Facebook, Inc.",
             "tls_version": "TLSv1.2",
             "tls_not_before": "2014-08-28 00:00:00+00:00",
             "tls_not_after": "2016-12-30 12:00:00+00:00"
             }
 }
  • Didn’t find a specific flow feature? add a plugin to the Streamer in few lines:

def my_awesome_plugin(packet_information, flow, direction):
 if packet_information.length > 666:
     return flow.metrics['count_pkts_gt_666'] + 1

streamer_awesome = Streamer(source='devil.pcap', user_metrics={'count_pkts_gt_666': my_awesome_plugin})
for export in streamer_awesome:
   print(export.metrics['count_pkts_gt_666']) # now you will see your created metric in generated flows
  • More example and details are provided on the official Documentation.

Getting Started

Prerequisites

apt-get install libpcap-dev

Installation

using pip

Binary installers for the latest released version are available:

pip3 install nfstream

from source

If you want to build nfstream on your local machine:

apt-get install autogen
git clone https://github.com/aouinizied/nfstream.git
# move to nfstream directory and run
python3 setup.py install

Contributing

Please read Contributing for details on our code of conduct, and the process for submitting pull requests to us.

Authors

Zied Aouini (aouinizied) created nfstream and these fine people have contributed.

License

This project is licensed under the GPLv3 License - see the License file for details

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

nfstream-1.2.1-cp38-cp38-manylinux1_x86_64.whl (694.0 kB view details)

Uploaded CPython 3.8

nfstream-1.2.1-cp37-cp37m-manylinux1_x86_64.whl (694.0 kB view details)

Uploaded CPython 3.7m

nfstream-1.2.1-cp37-cp37m-macosx_10_14_x86_64.whl (221.6 kB view details)

Uploaded CPython 3.7m macOS 10.14+ x86-64

nfstream-1.2.1-cp37-cp37m-macosx_10_13_x86_64.whl (223.6 kB view details)

Uploaded CPython 3.7m macOS 10.13+ x86-64

nfstream-1.2.1-cp36-cp36m-manylinux1_x86_64.whl (694.0 kB view details)

Uploaded CPython 3.6m

nfstream-1.2.1-cp36-cp36m-macosx_10_13_x86_64.whl (222.1 kB view details)

Uploaded CPython 3.6m macOS 10.13+ x86-64

File details

Details for the file nfstream-1.2.1-cp38-cp38-manylinux1_x86_64.whl.

File metadata

  • Download URL: nfstream-1.2.1-cp38-cp38-manylinux1_x86_64.whl
  • Upload date:
  • Size: 694.0 kB
  • Tags: CPython 3.8
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.8.0

File hashes

Hashes for nfstream-1.2.1-cp38-cp38-manylinux1_x86_64.whl
Algorithm Hash digest
SHA256 8608d70a2620d8ee879c6e3a4b6ef17d481f6aed77babd4bac645159deb25087
MD5 d8d8e20c9f62eeba9ea77a9dfc0cd313
BLAKE2b-256 1da63e20b7ef07eb2c263c052b2cc694b9b1192d53731c18a4769924dfbaa6f3

See more details on using hashes here.

File details

Details for the file nfstream-1.2.1-cp37-cp37m-manylinux1_x86_64.whl.

File metadata

  • Download URL: nfstream-1.2.1-cp37-cp37m-manylinux1_x86_64.whl
  • Upload date:
  • Size: 694.0 kB
  • Tags: CPython 3.7m
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.1

File hashes

Hashes for nfstream-1.2.1-cp37-cp37m-manylinux1_x86_64.whl
Algorithm Hash digest
SHA256 4969e0b13f38040699e10fed4557590218442e78005a3b1893b99c18f9613277
MD5 5d4c4f726469d9d5fa740ff3ff8fbc90
BLAKE2b-256 14659554cf20d6549f4a78df834b5d752444c59f61000b9d147d4eb70ff9be12

See more details on using hashes here.

File details

Details for the file nfstream-1.2.1-cp37-cp37m-macosx_10_14_x86_64.whl.

File metadata

  • Download URL: nfstream-1.2.1-cp37-cp37m-macosx_10_14_x86_64.whl
  • Upload date:
  • Size: 221.6 kB
  • Tags: CPython 3.7m, macOS 10.14+ x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.4

File hashes

Hashes for nfstream-1.2.1-cp37-cp37m-macosx_10_14_x86_64.whl
Algorithm Hash digest
SHA256 295897871959822d9f6b720e6712d1e90b1fde0ae43e69ce89e762f6a3c8c3d4
MD5 4eb195b9c811e42f2e7d1e686a9da4ca
BLAKE2b-256 db5b7d38211bbccbe965a2b33065140d4d7870c20e70070cb11bb093e858e7c7

See more details on using hashes here.

File details

Details for the file nfstream-1.2.1-cp37-cp37m-macosx_10_13_x86_64.whl.

File metadata

  • Download URL: nfstream-1.2.1-cp37-cp37m-macosx_10_13_x86_64.whl
  • Upload date:
  • Size: 223.6 kB
  • Tags: CPython 3.7m, macOS 10.13+ x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.4.3 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.0

File hashes

Hashes for nfstream-1.2.1-cp37-cp37m-macosx_10_13_x86_64.whl
Algorithm Hash digest
SHA256 20d9b0c039b98fc68bf45b455c4ef9d1b0800c64ec2b37b5eb54eb9952251db1
MD5 1ae1a34181ae731904b7d4539b4e8776
BLAKE2b-256 6b6299f3d9240b33ce38f5b3ec835b45bdc7c24d8c96509b5b801323b3ba588a

See more details on using hashes here.

File details

Details for the file nfstream-1.2.1-cp36-cp36m-manylinux1_x86_64.whl.

File metadata

  • Download URL: nfstream-1.2.1-cp36-cp36m-manylinux1_x86_64.whl
  • Upload date:
  • Size: 694.0 kB
  • Tags: CPython 3.6m
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.6.7

File hashes

Hashes for nfstream-1.2.1-cp36-cp36m-manylinux1_x86_64.whl
Algorithm Hash digest
SHA256 a2e6bdf8ed1434e961be8bfb9a4e685d0cddc23f89ea0784d93611d7c0ed1003
MD5 da55ed6f2069848fd34dbaca38e16d6e
BLAKE2b-256 785c0159ac340f464863c29a09d703a0acaf795815519f8b35e77d943840b4ae

See more details on using hashes here.

File details

Details for the file nfstream-1.2.1-cp36-cp36m-macosx_10_13_x86_64.whl.

File metadata

  • Download URL: nfstream-1.2.1-cp36-cp36m-macosx_10_13_x86_64.whl
  • Upload date:
  • Size: 222.1 kB
  • Tags: CPython 3.6m, macOS 10.13+ x86-64
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/39.2.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.6.5

File hashes

Hashes for nfstream-1.2.1-cp36-cp36m-macosx_10_13_x86_64.whl
Algorithm Hash digest
SHA256 2f01e5c7549f8c7f67e9cebad1b7b885e40999795b1dd85118009d92f7f639e5
MD5 a7581b42f9be741483f9b62fcbe4c177
BLAKE2b-256 b3f1701ebb8f6943eef5c20dd5c9b2777daa7c8d4e1a7244952c7abbee30fff2

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page