Flow¶
The Flow class is FlowPrint’s representation of each individual Flow in the network traffic. A Flow object represents a TCP/UDP flow and all corresponding features that are used by FlowPrint to generate fingerprints. We use the FlowGenerator class for generating Flow objects from all packets extracted by Reader.
-
class
flows.
Flow
[source]¶ Flow object extracted from pcap file that can be used for fingerprinting
-
src
¶ Source IP
Type: string
-
sport
¶ Source port
Type: int
-
dst
¶ Destination IP
Type: string
-
dport
¶ Destination port
Type: int
-
source
¶ (Source IP, source port) tuple
Type: tuple
-
destination
¶ (Destination IP, destination port) tuple
Type: tuple
-
time_start
¶ Timestamp of first packet in flow
Type: int
-
time_end
¶ Timestamp of last packet in flow
Type: int
-
certificate
¶ Certificate of flow, if any
Type: Object
-
lengths
¶ List of packet length for each packet in flow
Type: list
-
timestamps
¶ List of timestamps corresponding to each packet in flow
Type: list
-
Add packets¶
Once created, a Flow is still empty and needs to be populated by packets.
We can add packets to a flow using the flows.Flow.add()
method.