and here is The None we receive when there is no packets
we use this cycles to clean cache and stuff
or other high speed appliance
you will have such behavior
it's active polling
Clearly
See this article
It explain clearly why we use active polling
you can add usleep(1)
if you want
but that will results in more drops
@Lyonid_gitlab You must upgrade to version 6.1.1 where we implemented this feature for live capture.
- performance_report=N will print every N seconds performance metrics (https://github.com/nfstream/nfstream/blob/master/assets/PERFORMANCE_REPORT.md).
- To limit drops, you must set n_meters to 0 (default value). Note that processes will consume CPU only when packets are there (No busy-wait anymore, so fixed your previous issue).
- NFStream now supports AF_PACKETv3 + FANOUT on Linux machines.
- Before considering more powerful hardware, make sure to test with Pypy3 instead of CPython as it is faster.
It's Say Like This :
Process Process-2:
Traceback (most recent call last):
File "/usr/lib/python3.6/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python3.6/multiprocessing/process.py", line 93, in run
self._target(self._args, *self._kwargs)
File "/usr/local/lib/python3.6/dist-packages/nfstream/meter.py", line 185, in meter_workflow
set_affinity(root_idx+1)
File "/usr/local/lib/python3.6/dist-packages/nfstream/utils.py", line 103, in set_affinity
psutil.Process().cpu_affinity(list(temp[mask]))
IndexError: list index out of range
I Have Tried Pcap From NFStream and got same error
hello i'm investigating the use of nfstream for some analysis of multicast data. I will need to be able to extract the sequence number out of each multicast packet (i know how to decode sequence number, given a byte buffer), but could someone point me in the direction of how i might write the "plugin" for this? I think it will be a plugin to the NDPI side of things. thank you very much! :-)
oops, rtfm gjvc https://hub.gke2.mybinder.org/user/aouinizied-nfstream-tutorials-gxx0u37t/notebooks/demo_notebook.ipynb has a small example
feel free to open a PR with your plugin (once done) if you think it is possible to share it with the community.
the bytes buffer starting from IP header is available on the NFPAcket that NFStream will pass to your Plugin
you can prototype in a fast way as a Plugin for NFstream, once you are sure everything is working as you want
you can pass it to nDPI side
and it will be automatically integrated in NFStream
second option is interesting if you care about performances
but as you will run it with PyPy and your Plugin is pure Python, I think it's too early to think about that
Hi! Do you have any idea why this is happening?
All other attributes work fine. But from documentation flow object should have src_mac attribute
Good day everyone. I would like to know more about networking and I just found about NFstream. I know how to use it from the pip installation but I also want to know how to do it from the source. I already cloned the repo and installed all the required dependencies. I would like to run one of the examples inside the repository but I don't know how to do it and ill help me a lot if someone could point me in the right direction or give me an example of how to do it. I'm using Ubuntu 20.04. Thank you and have a good day.
@SantiagoGuiral have a look at the instructions provided in the documentation "Building NFStream from sources" https://www.nfstream.org/docs/
Since NFlow client_fingerprint and server_fingerprint are, for TLS, JA3/S hashes, I suppose you are extracting JA3/S strings before hashing them
If that's the case, exposing the un-hashed string would be a nice feature, since it would give a lot of info about the traffic in one simple field