Command line tool¶

When FlowPrint is installed, it can be used from the command line. The __main__.py file in the flowprint module implements this command line tool. The command line tool provides a quick and easy interface to convert .pcap files into Flow objects and use these objects to create Fingerprint’s. Once generated, the Fingerprint’s can be used for app recognition and unseen app detection. The full command line usage is given in its help page:

usage: flowprint.py [-h] [--fingerprint [FINGERPRINT] | --detection DETECTION | --recognition] [-b BATCH]
                    [-c CORRELATION] [-s SIMILARITY] [-w WINDOW] [-p PCAPS [PCAPS ...]]
                    [-r READ [READ ...]] [-o WRITE] [-l SPLIT] [-a RANDOM] [-t TRAIN [TRAIN ...]]
                    [-e TEST [TEST ...]]

Flowprint: Semi-Supervised Mobile-App
Fingerprinting on Encrypted Network Traffic

optional arguments:
-h, --help                         show this help message and exit
--fingerprint   [FINGERPRINT]      mode fingerprint generation [output to FILE] (optional)
--detection     DETECTION          mode unseen app detection with THRESHOLD
--recognition                      mode app recognition

FlowPrint parameters:
-b, --batch     BATCH              batch  size in seconds                       (default = 300)
-c, --correlation CORRELATION      cross-correlation threshold                  (default = 0.1)
-s, --similarity SIMILARITY        similarity        threshold                  (default = 0.9)
-w, --window    WINDOW             window size in seconds                       (default =  30)

Flow data input/output:
-p, --pcaps     PCAPS [PCAPS ...]  pcap(ng) files to run through FlowPrint
-r, --read      READ [READ ...]    read  preprocessed data from given files
-o, --write     WRITE              write preprocessed data to   given file
-l, --split     SPLIT              fraction of data to select for testing
-a, --random    RANDOM             random state to use for split                (default =  42)

Train/test input:
-t, --train     TRAIN [TRAIN ...]  path to json training fingerprints
-e, --test      TEST [TEST ...]    path to json testing  fingerprints

Examples¶

Transform .pcap files into flows and store them in a file.

python3 -m flowprint --pcaps <data.pcap> --write <flows.p>

Extract fingerprints from flows, split them into training and testing, and store the fingerprints into a file.

python3 -m flowprint --read <flows.p> --fingerprint <fingerprints.json>

Use FlowPrint to recognize apps or detect previously unknown apps

python3 -m flowprint --train <fingerprints.train.json> --test <fingerprints.test.json> --recognition
python3 -m flowprint --train <fingerprints.train.json> --test <fingerprints.test.json> --detection 0.1