A flexible and powerful network data analysis library
Project description
nfstream is a flexible and lightweight network data analysis library.
nfstream main features
Performance: nfstream was designed to be fast with a small CPU and memory footprint.
Layer-7 visibility: nfstream dissection is based on nDPI (~300 applications including Tor, Messenger, WhatsApp, etc.).
Flexibility: add a flow metric in 2 lines of code using nfstream plugins method.
Machine Learning oriented: add your trained model as an NFStreamClassifier.
Use
Dealing with a big pcap file and just want to aggregate it as network flows? nfstream make this path easier in few lines:
from nfstream.streamer import Streamer
my_capture_streamer = Streamer(source="instagram.pcap") # or capture from a network interface
for flow in my_capture_streamer: # or for flow in my_live_streamer
print(flow) # print, append to pandas Dataframe or whatever you want :)!
{"ip_src": "192.168.43.18",
"src_port": 52066,
"ip_dst": "66.220.156.68",
"dst_port": 443,
"ip_protocol": 6,
"vlan_id": 0,
"src_to_dst_pkts": 9,
"dst_to_src_pkts": 10,
"src_to_dst_bytes": 1345,
"dst_to_src_bytes": 4400,
"syn_count": [1, 1],
"cwr_count": [0, 0],
"ece_count": [0, 0],
"urg_count": [0, 0],
"ack_count": [8, 10],
"psh_count": [4, 5],
"rst_count": [0, 0],
"fin_count": [0, 0],
"start_time": 1472393122365.661,
"end_time": 1472393123665.163,
"export_reason": 2,
"metrics": {"application_name": "TLS.Facebook",
"category_name": "SocialNetwork",
"http_dns_server_name": "",
"tls_client_server_name": "facebook.com",
"tls_server_server_name": "*.facebook.com",
"tls_server_organization": "Facebook, Inc.",
"tls_version": "TLSv1.2",
"tls_not_before": "2014-08-28 00:00:00+00:00",
"tls_not_after": "2016-12-30 12:00:00+00:00"
}
}
Didn’t find a specific flow feature? add a plugin to the Streamer in few lines:
def my_awesome_plugin(packet_information, flow, direction):
if packet_information.length > 666:
return flow.metrics['count_pkts_gt_666'] + 1
streamer_awesome = Streamer(source='devil.pcap', user_metrics={'count_pkts_gt_666': my_awesome_plugin})
for export in streamer_awesome:
print(export.metrics['count_pkts_gt_666']) # now you will see your created metric in generated flows
More example and details are provided on the official Documentation.
Getting Started
Prerequisites
apt-get install libpcap-dev
Installation
using pip
Binary installers for the latest released version are available:
pip3 install nfstream
from source
If you want to build nfstream on your local machine:
apt-get install autogen
git clone https://github.com/aouinizied/nfstream.git
# move to nfstream directory and run
python3 setup.py install
Contributing
Please read Contributing for details on our code of conduct, and the process for submitting pull requests to us.
License
This project is licensed under the GPLv3 License - see the License file for details
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
File details
Details for the file nfstream-1.2.1-cp38-cp38-manylinux1_x86_64.whl
.
File metadata
- Download URL: nfstream-1.2.1-cp38-cp38-manylinux1_x86_64.whl
- Upload date:
- Size: 694.0 kB
- Tags: CPython 3.8
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.8.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8608d70a2620d8ee879c6e3a4b6ef17d481f6aed77babd4bac645159deb25087 |
|
MD5 | d8d8e20c9f62eeba9ea77a9dfc0cd313 |
|
BLAKE2b-256 | 1da63e20b7ef07eb2c263c052b2cc694b9b1192d53731c18a4769924dfbaa6f3 |
File details
Details for the file nfstream-1.2.1-cp37-cp37m-manylinux1_x86_64.whl
.
File metadata
- Download URL: nfstream-1.2.1-cp37-cp37m-manylinux1_x86_64.whl
- Upload date:
- Size: 694.0 kB
- Tags: CPython 3.7m
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4969e0b13f38040699e10fed4557590218442e78005a3b1893b99c18f9613277 |
|
MD5 | 5d4c4f726469d9d5fa740ff3ff8fbc90 |
|
BLAKE2b-256 | 14659554cf20d6549f4a78df834b5d752444c59f61000b9d147d4eb70ff9be12 |
File details
Details for the file nfstream-1.2.1-cp37-cp37m-macosx_10_14_x86_64.whl
.
File metadata
- Download URL: nfstream-1.2.1-cp37-cp37m-macosx_10_14_x86_64.whl
- Upload date:
- Size: 221.6 kB
- Tags: CPython 3.7m, macOS 10.14+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.4
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 295897871959822d9f6b720e6712d1e90b1fde0ae43e69ce89e762f6a3c8c3d4 |
|
MD5 | 4eb195b9c811e42f2e7d1e686a9da4ca |
|
BLAKE2b-256 | db5b7d38211bbccbe965a2b33065140d4d7870c20e70070cb11bb093e858e7c7 |
File details
Details for the file nfstream-1.2.1-cp37-cp37m-macosx_10_13_x86_64.whl
.
File metadata
- Download URL: nfstream-1.2.1-cp37-cp37m-macosx_10_13_x86_64.whl
- Upload date:
- Size: 223.6 kB
- Tags: CPython 3.7m, macOS 10.13+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/40.4.3 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.7.0
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 20d9b0c039b98fc68bf45b455c4ef9d1b0800c64ec2b37b5eb54eb9952251db1 |
|
MD5 | 1ae1a34181ae731904b7d4539b4e8776 |
|
BLAKE2b-256 | 6b6299f3d9240b33ce38f5b3ec835b45bdc7c24d8c96509b5b801323b3ba588a |
File details
Details for the file nfstream-1.2.1-cp36-cp36m-manylinux1_x86_64.whl
.
File metadata
- Download URL: nfstream-1.2.1-cp36-cp36m-manylinux1_x86_64.whl
- Upload date:
- Size: 694.0 kB
- Tags: CPython 3.6m
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.6.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.6.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | a2e6bdf8ed1434e961be8bfb9a4e685d0cddc23f89ea0784d93611d7c0ed1003 |
|
MD5 | da55ed6f2069848fd34dbaca38e16d6e |
|
BLAKE2b-256 | 785c0159ac340f464863c29a09d703a0acaf795815519f8b35e77d943840b4ae |
File details
Details for the file nfstream-1.2.1-cp36-cp36m-macosx_10_13_x86_64.whl
.
File metadata
- Download URL: nfstream-1.2.1-cp36-cp36m-macosx_10_13_x86_64.whl
- Upload date:
- Size: 222.1 kB
- Tags: CPython 3.6m, macOS 10.13+ x86-64
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/2.0.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/39.2.0 requests-toolbelt/0.9.1 tqdm/4.38.0 CPython/3.6.5
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2f01e5c7549f8c7f67e9cebad1b7b885e40999795b1dd85118009d92f7f639e5 |
|
MD5 | a7581b42f9be741483f9b62fcbe4c177 |
|
BLAKE2b-256 | b3f1701ebb8f6943eef5c20dd5c9b2777daa7c8d4e1a7244952c7abbee30fff2 |