@Lyonid_gitlab You must upgrade to version 6.1.1 where we implemented this feature for live capture.
- performance_report=N will print every N seconds performance metrics (https://github.com/nfstream/nfstream/blob/master/assets/PERFORMANCE_REPORT.md).
- To limit drops, you must set n_meters to 0 (default value). Note that processes will consume CPU only when packets are there (No busy-wait anymore, so fixed your previous issue).
- NFStream now supports AF_PACKETv3 + FANOUT on Linux machines.
- Before considering more powerful hardware, make sure to test with Pypy3 instead of CPython as it is faster.
It's Say Like This :
Process Process-2:
Traceback (most recent call last):
File "/usr/lib/python3.6/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python3.6/multiprocessing/process.py", line 93, in run
self._target(self._args, *self._kwargs)
File "/usr/local/lib/python3.6/dist-packages/nfstream/meter.py", line 185, in meter_workflow
set_affinity(root_idx+1)
File "/usr/local/lib/python3.6/dist-packages/nfstream/utils.py", line 103, in set_affinity
psutil.Process().cpu_affinity(list(temp[mask]))
IndexError: list index out of range
I Have Tried Pcap From NFStream and got same error
hello i'm investigating the use of nfstream for some analysis of multicast data. I will need to be able to extract the sequence number out of each multicast packet (i know how to decode sequence number, given a byte buffer), but could someone point me in the direction of how i might write the "plugin" for this? I think it will be a plugin to the NDPI side of things. thank you very much! :-)
oops, rtfm gjvc https://hub.gke2.mybinder.org/user/aouinizied-nfstream-tutorials-gxx0u37t/notebooks/demo_notebook.ipynb has a small example
feel free to open a PR with your plugin (once done) if you think it is possible to share it with the community.
the bytes buffer starting from IP header is available on the NFPAcket that NFStream will pass to your Plugin
you can prototype in a fast way as a Plugin for NFstream, once you are sure everything is working as you want
you can pass it to nDPI side
and it will be automatically integrated in NFStream
second option is interesting if you care about performances
but as you will run it with PyPy and your Plugin is pure Python, I think it's too early to think about that
Hi! Do you have any idea why this is happening?
All other attributes work fine. But from documentation flow object should have src_mac attribute
Good day everyone. I would like to know more about networking and I just found about NFstream. I know how to use it from the pip installation but I also want to know how to do it from the source. I already cloned the repo and installed all the required dependencies. I would like to run one of the examples inside the repository but I don't know how to do it and ill help me a lot if someone could point me in the right direction or give me an example of how to do it. I'm using Ubuntu 20.04. Thank you and have a good day.
@SantiagoGuiral have a look at the instructions provided in the documentation "Building NFStream from sources" https://www.nfstream.org/docs/
Since NFlow client_fingerprint and server_fingerprint are, for TLS, JA3/S hashes, I suppose you are extracting JA3/S strings before hashing them
If that's the case, exposing the un-hashed string would be a nice feature, since it would give a lot of info about the traffic in one simple field
@arunppsg Any contribution (feature, bugfix, benchmark, documentation, support) is always welcome. You can try NFStream in various scenarios and if you have an idea or a feature that you want to add, just open an issue, let's discuss it, and after we can go with a PR. I will also open several issues and tag them with the help needed flag. Do not hesitate to ask questions if you need help on setting up your NFStream dev env and thanks again for proposing your help.
Minor thing: on the page "https://www.nfstream.org/docs/api" you are using sometimes stdev (e.g. src2dst_stdev_ps), but in the code it is src2dst_stddev_ps...
Hi @Zied, thanks. I was going some more through the engine code (need to consolidate the results with the IDS2018 dataset that was generated with the CICFlowMeter). In enigine_cc.c there is an init function for src2dst (line 1660) and one for bidirectional (line 1595) where e.g. src2dst_packets and bidirectional_packets get initialized to 1, but I can't find an initialization function for dst2src. Can you point me to where dst2src_packets gets initialized? Thank you
Hi, I am running NFStream on a Raspberry Pi 4 and am trying to get stats from a PCAP file. That gives me following error:Traceback (most recent call last):
File "testNFStream.py", line 76, in <module>
test.parsePCAP()
File "testNFStream.py", line 53, in parsePCAP
splt_analysis=10 )
File "../nfstream/nfstream/streamer.py", line 70, in init
self.n_meters = n_meters
File "../nfstream/nfstream/streamer.py", line 234, in n_meters
if c_cpus >= c_cores:
TypeError: '>=' not supported between instances of 'int' and 'NoneType'
File "testNFStream.py", line 76, in <module>
test.parsePCAP()
File "testNFStream.py", line 53, in parsePCAP
splt_analysis=10 )
File "../nfstream/nfstream/streamer.py", line 70, in init
self.n_meters = n_meters
File "../nfstream/nfstream/streamer.py", line 234, in n_meters
if c_cpus >= c_cores:
TypeError: '>=' not supported between instances of 'int' and 'NoneType'
I added two prints in streamer.py. below line 228 which show:c_cpus=4 ----- c_cores=None
platform.system() = Linux, self._mode=0
platform.system() = Linux, self._mode=0
my psutil version is 5.5.2 --- seems (giampaolo/psutil#1078) on the RPi cpu_count(logical=False) is always None
I'm wondering how best to circumvent that ...
seems to fix it.
maybe if we detect it's an RPI we fix it to 4
hardcoded I mean
