Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • May 06 11:24
    AbdelkaderMH opened #125
  • May 04 18:54
    frkn4129 opened #124
  • Apr 28 17:57
    aouinizied assigned #122
  • Apr 28 13:40
    aouinizied commented #118
  • Apr 28 13:38
    aouinizied closed #118
  • Apr 28 13:29
    foongminwong commented #118
  • Apr 28 11:46
    aouinizied labeled #123
  • Apr 28 11:46
    aouinizied assigned #123
  • Apr 28 11:46
    aouinizied opened #123
  • Apr 27 21:28
    aouinizied labeled #122
  • Apr 27 20:26
    balint-bicski opened #122
  • Apr 26 14:27
    aouinizied labeled #118
  • Apr 26 14:27
    aouinizied commented #118
  • Apr 26 14:25
    aouinizied labeled #120
  • Apr 26 14:25
    aouinizied commented #120
  • Apr 26 14:22
    aouinizied commented #121
  • Apr 26 14:20
    aouinizied labeled #121
  • Apr 26 14:20
    aouinizied assigned #121
  • Apr 22 09:06
    Schwaggot opened #121
  • Apr 20 16:59
    cgb opened #120
Zied Aouini
@aouinizied
@Lyonid_gitlab
Zied Aouini
@aouinizied
@Lyonid_gitlab You must upgrade to version 6.1.1 where we implemented this feature for live capture.
  • performance_report=N will print every N seconds performance metrics (https://github.com/nfstream/nfstream/blob/master/assets/PERFORMANCE_REPORT.md).
  • To limit drops, you must set n_meters to 0 (default value). Note that processes will consume CPU only when packets are there (No busy-wait anymore, so fixed your previous issue).
  • NFStream now supports AF_PACKETv3 + FANOUT on Linux machines.
  • Before considering more powerful hardware, make sure to test with Pypy3 instead of CPython as it is faster.
Simone Errico
@Lyonid_gitlab
@aouinizied Thanks.
Neul Do
@doitez2
Hello Sir, Can I Run nfstream code in colab.research.google.com for extraction pcap?, i have lil bit problem for importing my pcap and dataset
Zied Aouini
@aouinizied
@doitez2 Yes nfstream can be installed on Colab without issues. Which problem you have for pcap import?
Neul Do
@doitez2

It's Say Like This :
Process Process-2:
Traceback (most recent call last):
File "/usr/lib/python3.6/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python3.6/multiprocessing/process.py", line 93, in run
self._target(self._args, *self._kwargs)
File "/usr/local/lib/python3.6/dist-packages/nfstream/meter.py", line 185, in meter_workflow
set_affinity(root_idx+1)
File "/usr/local/lib/python3.6/dist-packages/nfstream/utils.py", line 103, in set_affinity
psutil.Process().cpu_affinity(list(temp[mask]))
IndexError: list index out of range

I Have Tried Pcap From NFStream and got same error

Zied Aouini
@aouinizied
@doitez2 Please upgrade to nfstream last version (6.2.0). It should fix the issue you are reporting.
George Cox
@gjvc
hello i'm investigating the use of nfstream for some analysis of multicast data. I will need to be able to extract the sequence number out of each multicast packet (i know how to decode sequence number, given a byte buffer), but could someone point me in the direction of how i might write the "plugin" for this? I think it will be a plugin to the NDPI side of things. thank you very much! :-)
Zied Aouini
@aouinizied
@gjvc Yes there is also some plugins already implemented by the community: MDNS, DHCP, ..
feel free to open a PR with your plugin (once done) if you think it is possible to share it with the community.
the bytes buffer starting from IP header is available on the NFPAcket that NFStream will pass to your Plugin
Zied Aouini
@aouinizied
and Yes possible too in nDPI side, so both options are valid
you can prototype in a fast way as a Plugin for NFstream, once you are sure everything is working as you want
you can pass it to nDPI side
and it will be automatically integrated in NFStream
second option is interesting if you care about performances
but as you will run it with PyPy and your Plugin is pure Python, I think it's too early to think about that
George Cox
@gjvc
@aouinizied ahhhh lovely. I will use the what's in the plugin directory as a starting point. thank you very much!
Lyonid
@Lyonid
image.png
Hi! Do you have any idea why this is happening?
All other attributes work fine. But from documentation flow object should have src_mac attribute
Lyonid
@Lyonid
Upgrading nfstream package fixed this. Sorry for disturbance
Santiago Guiral
@SantiagoGuiral
Good day everyone. I would like to know more about networking and I just found about NFstream. I know how to use it from the pip installation but I also want to know how to do it from the source. I already cloned the repo and installed all the required dependencies. I would like to run one of the examples inside the repository but I don't know how to do it and ill help me a lot if someone could point me in the right direction or give me an example of how to do it. I'm using Ubuntu 20.04. Thank you and have a good day.
Zied Aouini
@aouinizied
@SantiagoGuiral have a look at the instructions provided in the documentation "Building NFStream from sources" https://www.nfstream.org/docs/
Lyonid
@Lyonid
Hi. I have sort of a feature request, but more of an open discussion than a request
Since NFlow client_fingerprint and server_fingerprint are, for TLS, JA3/S hashes, I suppose you are extracting JA3/S strings before hashing them
If that's the case, exposing the un-hashed string would be a nice feature, since it would give a lot of info about the traffic in one simple field
Arun
@arunppsg
Hey, I would like to contribute to nfstream. Any suggestions on where I could start?
Zied Aouini
@aouinizied
@arunppsg Any contribution (feature, bugfix, benchmark, documentation, support) is always welcome. You can try NFStream in various scenarios and if you have an idea or a feature that you want to add, just open an issue, let's discuss it, and after we can go with a PR. I will also open several issues and tag them with the help needed flag. Do not hesitate to ask questions if you need help on setting up your NFStream dev env and thanks again for proposing your help.
Arun
@arunppsg
Thanks @aouinizied . Will go through it and add in suggestions & changes, if any.
Arasch U Lagies
@Arri
Hi, I was wondering why in engine_cc.c line 1365 the if statement is repeating if ((flow->src_port != packet->src_port) || (flow->src_port != packet->src_port)) { ?
Arasch U Lagies
@Arri
Minor thing: on the page "https://www.nfstream.org/docs/api" you are using sometimes stdev (e.g. src2dst_stdev_ps), but in the code it is src2dst_stddev_ps...
Zied Aouini
@aouinizied
@Arri Thanks for reporting. For line 1365, it was a mistake (not affecting tests), nice catch BTW. I fixed it. Fixed also the stddev in the doc.
Arasch U Lagies
@Arri
Hi @Zied, thanks. I was going some more through the engine code (need to consolidate the results with the IDS2018 dataset that was generated with the CICFlowMeter). In enigine_cc.c there is an init function for src2dst (line 1660) and one for bidirectional (line 1595) where e.g. src2dst_packets and bidirectional_packets get initialized to 1, but I can't find an initialization function for dst2src. Can you point me to where dst2src_packets gets initialized? Thank you
Zied Aouini
@aouinizied
@Arri We memset to 0 when we init a flow, consequently, dst2src _packets is already zeroed. Do not forget that flow creation/init will always be src_to_dst, this how we determine a source.
Arasch U Lagies
@Arri
@Zied, thanks for the quick feedback.
Arasch U Lagies
@Arri
Hi, I am running NFStream on a Raspberry Pi 4 and am trying to get stats from a PCAP file. That gives me following error:Traceback (most recent call last):
File "testNFStream.py", line 76, in <module>
test.parsePCAP()
File "testNFStream.py", line 53, in parsePCAP
splt_analysis=10 )
File "../nfstream/nfstream/streamer.py", line 70, in init
self.n_meters = n_meters
File "../nfstream/nfstream/streamer.py", line 234, in n_meters
if c_cpus >= c_cores:
TypeError: '>=' not supported between instances of 'int' and 'NoneType'
I added two prints in streamer.py. below line 228 which show:c_cpus=4 ----- c_cores=None
platform.system() = Linux, self._mode=0
my psutil version is 5.5.2 --- seems (giampaolo/psutil#1078) on the RPi cpu_count(logical=False) is always None
I'm wondering how best to circumvent that ...
Arasch U Lagies
@Arri
Adding below line 228 (in streamer.py): if not c_cores:
c_cores=0
seems to fix it.
Zied Aouini
@aouinizied
@Arri Thanks, will fix it in next release
maybe if we detect it's an RPI we fix it to 4
hardcoded I mean
Sercan Okur
@sercanokur
Hi everybody, I need to help about extracting five tuple of original packages for encapsulated traffic via NfStream. Now, Nfstream is extracting encapsulated header details. I need to information of original packet layers. Any body help to me about this ?
Ebodherve
@Ebodherve
Hi everyone, I am a novice in the use of nfstream, I would like to know if we can use nfstream under windows without installing an external software
Jins George
@geojins
Hi @aouinizied , I am trying to figure out how to access the nDPI flow risk score. After quick search , i have not seen an api/attribute in nfstream to get this.. Can you suggest if its possible to access risk score by writing a plugin?