diff --git a/README.md b/README.md index d50071e..7b960be 100644 --- a/README.md +++ b/README.md @@ -129,7 +129,7 @@ my_streamer = NFStreamer(source="facebook.pcap", # or network interface bpf_filter=None, promiscuous_mode=True, snapshot_length=1536, - idle_timeout=15, + idle_timeout=120, active_timeout=1800, accounting_mode=0, udps=None, @@ -149,10 +149,12 @@ for flow in my_streamer: NFlow(id=0, expiration_id=0, src_ip='192.168.43.18', - src_ip_is_private=1, + src_mac='30:52:cb:6c:9c:1b', + src_oui='30:52:cb', src_port=52066, dst_ip='66.220.156.68', - dst_ip_is_private=0, + dst_mac='98:0c:82:d3:3c:7c', + dst_oui='98:0c:82', dst_port=443, protocol=6, ip_version=4, @@ -203,10 +205,12 @@ for flow in my_streamer: NFlow(id=0, expiration_id=0, src_ip='192.168.43.18', - src_ip_is_private=1, + src_mac='30:52:cb:6c:9c:1b', + src_oui='30:52:cb', src_port=52066, dst_ip='66.220.156.68', - dst_ip_is_private=0, + dst_mac='98:0c:82:d3:3c:7c', + dst_oui='98:0c:82', dst_port=443, protocol=6, ip_version=4, @@ -298,10 +302,12 @@ for flow in my_streamer: NFlow(id=0, expiration_id=0, src_ip='192.168.43.18', - src_ip_is_private=1, + src_mac='30:52:cb:6c:9c:1b', + src_oui='30:52:cb', src_port=52066, dst_ip='66.220.156.68', - dst_ip_is_private=0, + dst_mac='98:0c:82:d3:3c:7c', + dst_oui='98:0c:82', dst_port=443, protocol=6, ip_version=4, @@ -334,7 +340,7 @@ NFStream natively supports Pandas as export interface. ```python # See documentation for more details. # https://www.nfstream.org/docs/api#pandas-dataframe-conversion -my_dataframe = NFStreamer(source='facebook.pcap').to_pandas(ip_anonymization=False) +my_dataframe = NFStreamer(source='facebook.pcap').to_pandas(columns_to_anonymize=[]) my_dataframe.head(5) ``` @@ -347,7 +353,7 @@ NFStream natively supports CSV file format as export interface. # https://www.nfstream.org/docs/api#csv-file-conversion flows_count = NFStreamer(source='facebook.pcap').to_csv(path=None, flows_per_file=0, - ip_anonymization=False) + olumns_to_anonymize=[]) ``` ### Extending NFStream diff --git a/nfstream/streamer.py b/nfstream/streamer.py index 7489385..c00aa28 100644 --- a/nfstream/streamer.py +++ b/nfstream/streamer.py @@ -40,8 +40,8 @@ class NFStreamer(object): bpf_filter=None, promiscuous_mode=True, snapshot_length=1536, - idle_timeout=60, - active_timeout=300, + idle_timeout=120, # https://www.kernel.org/doc/Documentation/networking/nf_conntrack-sysctl.txt + active_timeout=1800, accounting_mode=0, udps=None, n_dissections=20, diff --git a/tests.py b/tests.py index 6e63d35..7c9f11f 100644 --- a/tests.py +++ b/tests.py @@ -279,8 +279,12 @@ class TestMethods(unittest.TestCase): self.assertEqual(flow.id, 0) self.assertEqual(flow.expiration_id, 0) self.assertEqual(flow.src_ip, '172.31.3.224') + self.assertEqual(flow.src_mac, '80:c6:ca:00:9e:9f') + self.assertEqual(flow.src_oui, '80:c6:ca') self.assertEqual(flow.src_port, 42835) self.assertEqual(flow.dst_ip, '216.58.212.100') + self.assertEqual(flow.dst_mac, '00:0e:8e:4d:b4:a8') + self.assertEqual(flow.dst_oui, '00:0e:8e') self.assertEqual(flow.dst_port, 443) self.assertEqual(flow.protocol, 6) self.assertEqual(flow.ip_version, 4) @@ -472,6 +476,7 @@ class TestMethods(unittest.TestCase): n_meters=int(os.getenv('MAX_NFMETERS', 0)), udps=MDNS() ).to_pandas().sort_values(by=['src_ip']).reset_index(drop=True) + print(mdns_df["udps.mdns_ptr"][0]) self.assertEqual(mdns_df["udps.mdns_ptr"][0], "['skynet.local', " "'skynet [00:1a:ef:17:c3:05]._workstation._tcp.local', " "'recombinator_mpd._mpd._tcp.local', '_mpd._tcp.local', "