Docker container

[maybe-hello-world]

Please, consider creating an official Docker container for the tool to be used for preprocessing without installation

[maybe-hello-world]

So far, my current working (not very optimized) container is maybehelloworld/cicflowmeter. it was created using the custom build.gradle file and Dockerfile available here: https://gist.github.com/maybe-hello-world/dba3b6825a3dd6f558e8c464e7ad210a

How to use: run the container with the pcap file and output directory mounted and provide the pcap file and where the output directory is mounted inside the container as an argument.

Example:

docker run -v filename.pcap:/tmp/filename.pcap -v output_folder:/tmp/output --rm maybehelloworld/cicflowmeter:latest /tmp/filename.pcap /tmp/output

Resulting file would be named filename.pcap_Flow.csv and located in output_folder.

There's also parallel installed inside the container, so you can process the whole directory by overriding the entrypoint:

docker run -v /tmp/server_pcaps:/tmp/server_pcaps -v /tmp/server_csvs:/tmp/output/ --entrypoint /bin/bash --rm maybehelloworld/cicflowmeter:latest -c "ls /tmp/server_pcaps/*.pcap | parallel java -Djava.library.path=/CICFlowMeter/jnetpcap/linux/jnetpcap-1.4.r1425/ -jar build/libs/CICFlowMeter-4.0.jar {} /tmp/output/"

Of course, I'd prefer an official Dockerfile from authors, but this repository hasn't been updated for a while.

[ahlashkari]

Hi, We are pleased to announce that the first version of the Network and Transportation Layers Flow Analyzer (NTLFlowLyzer) is now available as part of the Understanding Cybersecurity Series (UCS) knowledge mobilization program. This Python open-source project has been designed and developed to address many issues encountered with CICFlowMeter. It extracts over 300 features from TCP-based network traffic, tailored explicitly for Anomaly Profiling (AP). NTLFlowLyzer serves as a key component of the upcoming NetFlowLyzer.

https://github.com/ahlashkari/NTLFlowLyzer

Best, BCCC Team https://www.yorku.ca/research/bccc/