nfstream: a flexible network data analysis framework¶
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
- Performance: nfstream is designed to be fast (x10 faster with pypy3 support) with a small CPU and memory footprint.
- Layer-7 visibility: nfstream deep packet inspection engine is based on nDPI library. It allows nfstream to perform reliable encrypted applications identification and metadata extraction (e.g. TLS, SSH, DNS, HTTP).
- Flexibility: add a flow feature in 2 lines as an NFPlugin.
- Machine Learning oriented: add your trained model as an NFPlugin.
- Installing nfstream
- Get started with nfstream
- Extending nfstream