Difference between revisions of "IDS: cicflowmeter.py"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 5: | Line 5: | ||
git clone https://gitlab.com/hieulw/cicflowmeter | git clone https://gitlab.com/hieulw/cicflowmeter | ||
cd cicflowmeter | cd cicflowmeter | ||
+ | |||
+ | |||
+ | '''hack''' | ||
+ | |||
+ | flow_session.py at line 86 : | ||
+ | Change flow.add_packet(packet.flags) with flow.add_packet(packet, direction) | ||
+ | |||
python setup.py install | python setup.py install | ||
+ | |||
or | or |
Revision as of 10:52, 21 April 2022
Installation
apt install python-is-python3 cd /usr/local/src/ git clone https://gitlab.com/hieulw/cicflowmeter cd cicflowmeter
hack
flow_session.py at line 86 : Change flow.add_packet(packet.flags) with flow.add_packet(packet, direction)
python setup.py install
or
pip install cicflowmeter
Usage
usage: cicflowmeter [-h] (-i INPUT_INTERFACE | -f INPUT_FILE) [-c] [-u URL_MODEL] output
positional arguments:
output output file name (in flow mode) or directory (in sequence mode)
optional arguments:
-h, --help show this help message and exit -i INPUT_INTERFACE capture online data from INPUT_INTERFACE -f INPUT_FILE capture offline data from INPUT_FILE -c, --csv, --flow output flows as csv
Sniff packets real-time from interface to flow csv: (need root permission)
cicflowmeter -i enp0s3 -c flows.csv
Convert pcap file to flow csv:
tcpdump -i enp0s3 -s 65535 -w hasil-capture.pcap cicflowmeter -f hasil-capture.pcap -c flows.csv