NFStream: Flexible Network Data Analysis Framework

NFStream is a Python framework providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive.

Live Notebook Get Started

Encrypted layer-7 visibility

NFStream deep packet inspection is based on nDPI. It allows NFStream to perform reliable encrypted applications identification and metadata fingerprinting (e.g. TLS, SSH, DHCP, HTTP).

Learn More

Network Flow aggregation and statistical features extraction

Dealing with a big pcap file (or live network interface) and just want to aggregate it as network flows? NFStream make this path easier in few lines. NFStream extracts statistical flow features and can convert it directly to a Pandas dataframe or CSV file.

Learn More
from nfstream import NFStreamer

online_streamer = NFStreamer(source="eth0")
for flow in online_streamer:
    print(flow)  # print it.

offline_streamer = NFStreamer(source="tor.pcap",
                              statistical_analysis=True,
                              splt_analysis=10)

df = offline_streamer.to_pandas(ip_anonymization=False)
total_flows = offline_streamer.to_csv(flows_per_file=10000,
                                      ip_anonymization=True)

Flexibility

NFStream is easily extensible using NFPlugin. It allows to create a new feature within a few lines of Python.

Learn More
from nfstream import NFPlugin, NFStreamer

class FirstPacketIsSyn(NFPlugin):
    def on_init(self, packet, flow):
        flow.udps.first_pkt_is_syn = packet.syn

streamer = NFStreamer(source='facebook.pcap',
                      udps=FirstPacketIsSyn())

for flow in extended_streamer:
    print(flow.udps.first_pkt_is_syn)

Machine learning oriented

NFStream aims to make Machine Learning Approaches for network traffic management reproducible and deployable. By using NFStream as a common framework, researchers ensure that models are trained using the same feature computation logic and thus, a fair comparison is possible. Moreover, trained models can be deployed and evaluated on live network using NFPlugins.

Learn More

Multiplatform support

NFStream is currently supported on major Linux distributions, MacOS and ARM (64bits) based platforms. You can install pre-built wheels for each platform using pip or build it from source.

View Installation Guide