A Flexible Network Data Analysis Framework

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive.

Live Notebook Get Started

Identify hundreds of applications

nfstream deep packet inspection engine is based on nDPI. It allows nfstream to perform reliable encrypted applications identification and metadata extraction.

Learn More

Aggregate your packets into flows

Dealing with a big pcap file and just want to aggregate it as network flows? nfstream make this path easier in few lines. nfstream extracts +90 flow features and can convert it directly to a pandas Dataframe or a CSV file.

Learn More
from nfstream import NFStreamer, NFPlugin

my_online_streamer = NFStreamer(source="eth0")
for flow in my_online_streamer:
    print(flow)  # print it.
    print(flow.to_namedtuple()) # convert to a namedtuple.
    print(flow.to_json()) # convert to json.
    print(flow.keys()) # get flow keys.
    print(flow.values()) # get flow values.

my_dataframe = NFStreamer(source="tor.pcap",
                          statistics=True).to_pandas(ip_anonymization=False)

flows_rows_count = NFStreamer(source="tor.pcap",
                              statistics=True).to_csv(path="output.csv",
                                                      sep="|",
                                                      ip_anonymization=False)

Flexible and extensible

Didn't find a specific flow feature? add a plugin to nfstream in few lines.

Learn More
class ack_count(NFPlugin):
   def on_init(self, pkt):
   """flow creation with the first packet"""
      if pkt.tcpflags.ack == 1:
         return 1
      else:
         return 0
   def on_update(self, pkt, flow):
   """flow update with each packet belonging to the flow"""
      if pkt.tcpflags.ack == 1:
         flow.ack_count += 1

streamer_awesome = NFStreamer(source='devil.pcap',
                              plugins=[ack_count()])

Machine learning oriented

Add your machine learning trained model as an NFPlugin in few lines.

Learn More

Multiplatform support

nfstream is currently supported on MacOS, Linux and FreeBSD. You can install pre-built wheels for each platform using pip or build it from source. Windows support is under development.

View Installation Guide