series

Generates packets and octets time series from flow records.

usage: python3 -m flow_models.series [-h] [-i {csv_flow,pipe,nfcapd,binary}]
                                     [-o {csv_series}] [-O OUTPUT]
                                     [--skip-in SKIP_IN] [--count-in COUNT_IN]
                                     [--skip-out SKIP_OUT]
                                     [--count-out COUNT_OUT]
                                     [--filter-expr FILTER_EXPR]
                                     in_files [in_files ...]

Positional Arguments

in_files

input files or directories

Named Arguments

-i, --in-format

Possible choices: csv_flow, pipe, nfcapd, binary

format of input files

Default: 'nfcapd'

-o, --out-format

Possible choices: csv_series

format of output

Default: 'csv_series'

-O, --output

directory for output

Default: '.'

--skip-in

number of flows to skip at the beginning of input

Default: 0

--count-in

limit for number of flows to read from input

--skip-out

number of flows to skip after filtering

Default: 0

--count-out

limit for number of flows to output after filtering

--filter-expr

expression of filter

This tool can be used to calculate packets and octets time series from flow records.

To filter flow records, the filter expressions should be specified. Filter expression should use the Python syntax. Bitwise (&, |, ~) operators should be used instead logical ones (and, or, not). The following fields are available:

af, prot, inif, outif, sa0, sa1, sa2, sa3, da0, da1, da2, da3, sp, dp, first, first_ms, last, last_ms, packets, octets, aggs

Skipping of flow records can be done with skip_in, count_in, skip_out, count_out parameters. They specify how many flow records should be skipped (skip_in) and then read (count_in) from input and to be skipped (skip_out) and written (count_out) after filtering.

Example: (skips the first 100 records and calculates series for the next 1000)

flow_models.series -i binary -O series –skip-in 100 –count-in 1000 sorted