Command line tool¶

When FlowPrint is installed, it can be used from the command line. The __main__.py file in the flowprint module implements this command line tool. The command line tool provides a quick and easy interface to convert .pcap files into Flow objects and use these objects to create Fingerprint’s. Once generated, the Fingerprint’s can be used for app recognition and unseen app detection. The full command line usage is given in its help page:

usage: flowprint.py [-h]
                  (--detection [FLOAT] | --fingerprint [FILE] | --recognition)
                  [-b BATCH] [-c CORRELATION], [-s SIMILARITY], [-w WINDOW]
                  [-p PCAPS...] [-rp READ...] [-wp WRITE]

Flowprint: Semi-Supervised Mobile-App
Fingerprinting on Encrypted Network Traffic

Arguments:
  -h, --help                 show this help message and exit

FlowPrint mode (select up to one):
  --fingerprint [FILE]       run in raw fingerprint generation mode (default)
                             outputs to terminal or json FILE
  --detection   FLOAT        run in unseen app detection mode with given
                             FLOAT threshold
  --recognition              run in app recognition mode

FlowPrint parameters:
  -b, --batch       FLOAT    batch size in seconds       (default=300)
  -c, --correlation FLOAT    cross-correlation threshold (default=0.1)
  -s, --similarity  FLOAT    similarity threshold        (default=0.9)
  -w, --window      FLOAT    window size in seconds      (default=30)

Flow data input/output (either --pcaps or --read required):
  -p, --pcaps  PATHS...      path to pcap(ng) files to run through FlowPrint
  -r, --read   PATHS...      read preprocessed data from given files
  -o, --write  PATH          write preprocessed data to given file
  -i, --split  FLOAT         fraction of data to select for testing (default= 0)
  -a, --random FLOAT         random state to use for split          (default=42)

Train/test input (for --detection/--recognition):
  -t, --train PATHS...       path to json files containing training fingerprints
  -e, --test  PATHS...       path to json files containing testing fingerprints

Examples¶

Transform .pcap files into flows and store them in a file.

python3 -m flowprint --pcaps <data.pcap> --write <flows.p>

Extract fingerprints from flows, split them into training and testing, and store the fingerprints into a file.

python3 -m flowprint --read <flows.p> --fingerprint <fingerprints.json>

Use FlowPrint to recognize apps or detect previously unknown apps

python3 -m flowprint --train <fingerprints.train.json> --test <fingerprints.test.json> --recognition
python3 -m flowprint --train <fingerprints.train.json> --test <fingerprints.test.json> --detection 0.1