flowRecorder - a network traffic flow feature measurement tool
APACHE-2.0 License
Use flowRecorder to turn packets into flow records. The tool can work in two modes:
The program can take a number of arguments:
-d, --direction <u,b> sets whether the packets will be organised into flows in uni- or bidirection
-i, --interface interface_name sets the networking interface card from which the packets will be sniffed
-f, --file file_name sets the name of the PCAP file
-o, --out file_name sets the name of the CSV file into which the results will be saved
Examples:
::
python ~/flowRecorder/flowRecorder/flowRecorder.py -d u -f p.pcap -o results.csv
::
sudo python ~/flowRecorder/flowRecorder/flowRecorder.py -d b -i en0 -o results.csv
flowRecorder depends on the following libraries:
These can be installed with (Python 2.x):
::
sudo apt-get update sudo apt-get install libpcap-dev
sudo apt install python-pip python-pytest python-yaml
pip install dpkt pcapy numpy
These can be installed with (Python 3.x):
::
sudo apt-get update sudo apt-get install libpcap-dev
sudo apt install python3-pip python-pytest3 python-yaml
pip3 install dpkt pcapy numpy
Run python 2.x self tests with:
::
cd ~/flowRecorder/tests/; py.test
Run python 3.x self tests with:
::
cd ~/flowRecorder/tests/; py.test-3
The program is not optimized for processing large PCAP files. For example, processsing 500K packets takes approximately 40 minutes. The processing time mainly depends on the selected directionality and the computing resources.
The tool is under testing. Please report any issues/bugs to the developers.