This project implements a network traffic flow generator and analyzer, similar in concept to CICFlowMeter, written in Python. It processes network traffic (either live capture or from PCAP files) to extract features for analysis, commonly used in cybersecurity applications like intrusion detection.
usage: flowmeter.py [-h] [--pcap-path PCAP_PATH] [--out-path OUT_PATH] [--skip-generate]
[--interface INTERFACE] [--sniff-timeout SNIFF_TIMEOUT] [--sniff-count SNIFF_COUNT]
Running the main script (flowmeter.py) requires administrator or root privileges to capture network traffic directly from an interface.
This project requires Python >=3.10 and the packages listed in requirements.txt.
You can install the required packages using pip and the requirements.txt file:
pip install -r requirements.txtBefore running any scripts,clone and navigate to the project directory in your terminal:
git clone https://github.com/AnkitV15/Python-CICFlowmeter.git
cd Python-CICFlowmeterThe main script flowmeter.py can be run from the command line with various options:
usage: flowmeter.py [-h] [--pcap-path PCAP_PATH] [--out-path OUT_PATH] [--skip-generate]
[--interface INTERFACE] [--sniff-timeout SNIFF_TIMEOUT] [--sniff-count SNIFF_COUNT]
Arguments:
-
-h, --help: Show help message and exit. -
--pcap-path PCAP_PATH: Specify the path to a directory containing PCAP files to process. If not specified, it defaults todata/in/. -
--out-path OUT_PATH: Specify the directory where generated CSV output files will be saved. Defaults todata/out/. -
--skip-generate: Skip the flow generation and analysis step. Useful if you only want to use other functionalities (if any are added). -
--interface INTERFACE: Specify the network interface to sniff traffic from (e.g.,eth0,Wi-Fi). Required for live sniffing. -
--sniff-timeout SNIFF_TIMEOUT: Timeout in seconds for live sniffing. -
--sniff-count SNIFF_COUNT: Number of packets to sniff during live capture.
To process PCAP files, including those generated by generate_pcaps.py and saved in the default location, you can simply run the script.
If your PCAP files are in the default data/in/ folder, run:
sudo python flowmeter.py(Remember sudo or equivalent for administrator privileges)
This command will automatically find and process all .pcap files within the data/in/ directory. The generated CSV output files will be saved in the data/out/ directory by default.
If your PCAP files are in a different directory, use the --pcap-path argument:
sudo python flowmeter.py --pcap-path /path/to/your/pcaps
The generated CSV output files will be saved in the data/out/ directory by default, or in the directory specified by --out-path.
To capture and analyze live network traffic from a specific interface, use the --interface argument:
sudo python flowmeter.py --interface INTERFACE
sude python flowmeter.py --interface "\Device\NPF_{XXXXXXXX-XXXX-XXX-XXXXXXX-XXXXX}" //e.g(Replace INTERFACE with your actual interface name)
To list available interfaces on your current PC, you can run the list_interfaces.py script:
python list_interfaces.py
This script will print the names and identifiers of the interfaces detected by Scapy, helping you choose the correct interface name for the --interface argument.
To generate sample simulated PCAP files using generate_pcaps.py, simply run the script:
python generate_pcaps.py
This will generate several .pcap files in the default data/in/ directory.
To specify a different output directory for the generated PCAP files, use the --output-dir argument:
python generate_pcaps.py --output-dir /path/to/your/desired/output
The script will create the specified directory if it doesn't exist.
To stop the flowmeter.py script while it's running (especially during live sniffing), press Ctrl + C.