This is tool for offline and online processing of network packets and creating network flows.
Reading packets could be done in two modes
- offline from PCAP file
- online sniffing of LAN
We can annotate data using True labels or predicted labels
- Ture Labels: proving attack history log files, it can detect which flows are malicious
- Predicated Labels: We could also try to analyze network flows with pretrained model and predict its anomality.
positional arguments: action:sniff|convert Choose online sniffing of a LAN or offline converting PCAP file
options:
-h, --help show this help message and exit
--source
- sniffing from Wi-Fi lan without annotation and writing flows to file:
sniff --source Wi-Fi --interval 0.5 --target_file output/sniffed.csv
- offline generating of network flows from PCAP file with True label annotation and writing flows to file::
Convert
--source input/traffic.pcap
--interval 0.5
--attacks input/attacker_machine_summary.csv
--target_file output/sniffed.csv
- offline generating of network flows from PCAP file with True label annotation and prediction and writing flows to file:
Convert
--source input/traffic.pcap
--interval 0.5
--attacks input/attacker_machine_summary.csv
--predictor input/predict_model.joblib
--target_file output/sniffed.csv
or
Convert --source input/traffic.pcap --interval 0.5 --attacks input/attacker_machine_summary.csv --target_file output/sniffed.csv
- offline generating of network flows from PCAP file with True label annotation and prediction and sending them to both target file and MQTT server with credential:
Convert
--source input/traffic.pcap
--interval 0.5
--attacks input/attacker_machine_summary.csv
--predictor input/predict_model.joblib
--target_file output/sniffed.csv
--target_connection sample_connection.txt