Can I use Real time mode with cli?

[Vccxx]

I am working on a project that need to run CICFlowMeter in realtime mode on a Centos machine without GUI. But it seems that the cli mode of CICFlowMeter doesn't support realtime mode (the cfm.sh) Do I need to modify the source code to achieve my goal ? ps : I don't think tcpdump + CICFlowMeter is a good idea because the realtime flow may become incomplete when using rotate_seconds (-z paramater) to save and process pcaps.

[Vccxx]

If I use command like this : ./cfm test_pcap_dir output_dir and the test_pcap_dir contains two pcap files, each one contains part of the packet belongs to one tcp flow. Will CICFlowMeter realize this situation and calculate the output correctly (with only one line output in the output csv)?

[dufq]

I have the same the demands，did you solve the problem ?

[padraigmc]

Also looking to achieve the same, is there any update on this?

[stjordanis]

Also looking to achieve the same, is there any update on this? https://gitlab.com/hieulw/cicflowmeter sniff packets real-time from interface to flow csv: (need root permission) cicflowmeter -i eth0 -c flows.csv Also, check this https://github.com/iPAS/TCPDUMP_and_CICFlowMeter

[stjordanis]

I am working on a project that need to run CICFlowMeter in realtime mode on a Centos machine without GUI. But it seems that the cli mode of CICFlowMeter doesn't support realtime mode (the cfm.sh) Do I need to modify the source code to achieve my goal ? ps : I don't think tcpdump + CICFlowMeter is a good idea because the realtime flow may become incomplete when using rotate_seconds (-z paramater) to save and process pcaps.

@ahlashkari Could you please add a way to use cfm with arguments like cfm -i eth0 -c flows.csv to run in real time from the command line, without the java gui?