Skip to content

Commit 8b9c6db

Browse files
aouiniziedaouinizied
committed
Release 6.2.0
1 parent e080dfd commit 8b9c6db

File tree

2 files changed

+31
-11
lines changed

2 files changed

+31
-11
lines changed

docs/api.md

Lines changed: 18 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ my_streamer = NFStreamer(source="facebook.pcap",
3838
bpf_filter=None,
3939
promiscuous_mode=True,
4040
snapshot_length=1536,
41-
idle_timeout=15,
41+
idle_timeout=120,
4242
active_timeout=1800,
4343
accounting_mode=0,
4444
udps=None,
@@ -56,7 +56,7 @@ my_streamer = NFStreamer(source="facebook.pcap",
5656
| `bpf_filter` | `[default=None]` | Specify a [BPF filter][bpf] filter for filtering selected traffic. |
5757
| `promiscuous_mode` | `[default=True]` | Enable/Disable promiscuous capture mode. |
5858
| `snapshot_length` | `[default=1536]` | Control packet slicing size (truncation) in bytes. |
59-
| `idle_timeout` | `[default=15]` | Flows that are idle (no packets received) for more than this value in seconds are expired. |
59+
| `idle_timeout` | `[default=120]` | Flows that are idle (no packets received) for more than this value in seconds are expired. |
6060
| `active_timeout` | `[default=1800]` | Flows that are active for more than this value in seconds are expired. |
6161
| `accounting_mode` | `[default=0]` | Specify the accounting mode that will be used to report bytes related features (0: Link layer, 1: IP layer, 2: Transport layer, 3: Payload). |
6262
| `udps` | `[default=None]` | Specify user defined NFPlugins used to extend NFStreamer. |
@@ -78,21 +78,21 @@ for flow in my_streamer:
7878
#### Pandas dataframe conversion
7979

8080
```python
81-
my_dataframe = my_streamer.to_pandas(ip_anonymization=False)
81+
my_dataframe = my_streamer.to_pandas(columns_to_anonymize=[])
8282
my_dataframe.head()
8383
```
8484

85-
| `ip_anonymization` | `[default=False]` | Enable/Disable IP anonymization. IP anonymization is based on a random secret key generation at each start of NFStreamer. The generated key is used to anonymize IP source and IP destination fields using blake2b algorithm. |
85+
| `columns_to_anonymize` | `[default=[]]` | List of columns names to anonymize. Anonymization is based on a random secret key generation at each start of NFStreamer. The generated key is used to anonymize configured values using blake2b algorithm. |
8686

8787
#### CSV file conversion
8888

8989
```python
90-
total_flows_count = my_streamer.to_csv(path=None, ip_anonymization=False, flows_per_file=0)
90+
total_flows_count = my_streamer.to_csv(path=None, columns_to_anonymize=[], flows_per_file=0)
9191
```
9292

9393
| `path` | `[default=None]` | Specify output path of csv resulting file. When Set to None, NFStream uses source as path and add a '.csv' extension to it. |
9494
| `flows_per_file` | `[default=0]` | Specify maximum flows per generated file. Each generated file name will be appended by the chunk index. This limit is disabled when set to 0. |
95-
| `ip_anonymization` | `[default=False]` | Enable/Disable IP anonymization. IP anonymization is based on a random secret key generation at each start of NFStreamer. The generated key is used to anonymize IP source and IP destination fields using blake2b algorithm. |
95+
| `columns_to_anonymize` | `[default=[]]` | List of columns names to anonymize. Anonymization is based on a random secret key generation at each start of NFStreamer. The generated key is used to anonymize configured values using blake2b algorithm. |
9696

9797
## NFlow
9898

@@ -104,10 +104,12 @@ In the following we detail each implemented feature.
104104
| `id` | `int` | Flow identifier |
105105
| `expiration_id` | `int` | Identifier of flow expiration trigger. Can be 0 for idle_timeout, 1 for active_timeout or -1 for custom expiration. |
106106
| `src_ip` | `str` | Source IP address string representation. |
107-
| `src_ip_is_private` | `bool` | Source IP address type (1 if private, else 0). |
107+
| `src_mac` | `str` | Source MAC address string representation. |
108+
| `src_oui` | `str` | Source Organizationally Unique Identifier string representation. |
108109
| `src_port` | `int` | Transport layer source port. |
109110
| `dst_ip` | `str` | Destination IP address string representation. |
110-
| `dst_ip_is_private` | `bool` | Destination IP address type (1 if private, else 0). |
111+
| `dst_mac` | `str` | Destination MAC address string representation. |
112+
| `dst_oui` | `str` | Destination Organizationally Unique Identifier string representation. |
111113
| `dst_port` | `int` | Transport layer destination port. |
112114
| `protocol` | `int` | Transport layer protocol. |
113115
| `ip_version` | `int` | IP version. |
@@ -274,7 +276,11 @@ information are exposed in an NFPacket (Network Flow Packet) which contains the
274276
| `transport_size` | `int` | Transport packet size. |
275277
| `payload_size` | `int` | Packet payload size. |
276278
| `src_ip` | `str` | Source IP address string representation. |
279+
| `src_mac` | `str` | Source MAC address string representation. |
280+
| `src_oui` | `str` | Source Organizationally Unique Identifier string representation. |
277281
| `dst_ip` | `str` | Destination IP address string representation. |
282+
| `dst_mac` | `str` | Destination MAC address string representation. |
283+
| `dst_oui` | `str` | Destination Organizationally Unique Identifier string representation. |
278284
| `src_port` | `int` | Transport layer source port. |
279285
| `dst_port` | `int` | Transport layer destination port. |
280286
| `protocol` | `int` | Transport layer protocol. |
@@ -370,6 +376,8 @@ for flow in streamer: # Work also with to_pandas, to_csv
370376
print(flow.udps.splt_direction)
371377
```
372378

379+
Other examples could be found and imported in NFStream [plugins][plg] submodule.
380+
373381
#### Machine Learning Model: Train and Deploy
374382

375383
In the the following, we demonstrate a simplistic machine learning approach training and deployment.
@@ -410,4 +418,5 @@ for flow in ml_streamer:
410418

411419
[bpf]: https://biot.com/capstats/bpf.html
412420
[ja3]: https://github.com/salesforce/ja3
413-
[hassh]: https://github.com/salesforce/hassh
421+
[hassh]: https://github.com/salesforce/hassh
422+
[plg]: https://github.com/nfstream/nfstream/tree/master/nfstream/plugins

docs/releases.md

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,25 @@ This page contains NFStream release history
1616
- GitHub page: <https://github.com/aouinizied/nfstream>{:target="_blank"}
1717

1818

19-
## Latest Official Release - v6.1.3
19+
## Latest Official Release - v6.2.0
20+
21+
Release date: 2020-10-21 {% include new-release.html %}
22+
23+
* Improve multi cpus scaling.
24+
* Add src_mac, src_oui, dst_mac, dst_oui flow features.
25+
* Add MDNS and DHCP plugins.
26+
* Add configurable anonymization.
27+
* Add Python3.9 support.
28+
* Fix overflow in performance report.
29+
30+
## v6.1.3
2031

2132
Release date: 2020-09-21 {% include new-release.html %}
2233

2334
* Add user_agent extraction on QUIC.
2435

2536

26-
## Latest Official Release - v6.1.2
37+
## v6.1.2
2738

2839
Release date: 2020-09-17
2940

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy