Stable version after iterative improvements in 2022Q1
____ _ __
/ __ \(_)____________ _____/ /_____ _____
/ / / / / ___/ ___/ _ \/ ___/ __/ __ \/ ___/
/ /_/ / (__ |__ ) __/ /__/ /_/ /_/ / /
/_____/_/____/____/\___/\___/\__/\____/_/
usage: main.py [-h] -f FILES [FILES ...] [--summary] [--output OUTPUT] [--config CONFIG] [--nprocesses N]
[--target TARGET] [--ddosdb] [--misp] [--noverify] [--debug] [--show-target]
options:
-h, --help show this help message and exit
-f FILES [FILES ...], --file FILES [FILES ...]
Path to Flow / PCAP file(s)
--summary Optional: print fingerprint without source addresses
--output OUTPUT Path to directory in which to save the fingerprint (default ./fingerprints)
--config CONFIG Path to DDoS-DB and/or MISP config file (default /etc/config.ini)
--nprocesses N Number of processes used to concurrently read PCAPs (default is the number of CPU cores)
--target TARGET Optional: target IP address or subnet of this attack
--ddosdb Optional: directly upload fingerprint to DDoS-DB
--misp Optional: directly upload fingerprint to MISP
--noverify Optional: Don't verify TLS certificates
--debug Optional: show debug messages
--show-target Optional: Do NOT anonymize the target IP address / network in the fingerprint
Example: python src/main.py -f /data/part1.nfdump /data/part2.nfdump --summary --config ./localhost.ini --ddosdb --noverify