CICFlowMeter not generating the outputs

[knowledgePest]

Hi, This is my initial attempt at running CICFlowMeter on pcaps. I tried executing the jar, as well as from Eclipse, and in both cases I face the following issue: When I select the input pcap file, the output directory, the logger pane shows a message "CICFlowMeter has received 1 pcap file" and then nothing happens.

Am I doing something wrong?

Please advise

[ilfreedom]

Hi, For this issue, we need more information in order to figure out what happened. like the snapshot of cicflowmeter gui, the log files in the logs folder and also which version you used. Thank you

Have you ever try other pcap files. You can select a folder which contains pcap files

[knowledgePest]

Hi, Thanks for the response. The contents of logfiles is as follows: (1) debug logfile: "2018-10-01 11:09:41 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input E:\UNB-Datasets\ISCX-Bot-2014\ISCX_Botnet-Training.pcap 2018-10-01 11:09:44 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output E:\UNB-Datasets\ISCX-Bot-2014 "

(2) info.log:

Attached the screenshot. 

[ilfreedom]

Hi: I found the selected path in the debug file and screenshot don't match.

again, have you ever try other pcap files?
Do you install winpcap(https://www.winpcap.org/install/default.htm) in your Windows

[knowledgePest]

Hi, I've tried it for pcaps from (1) CICIDS2017 dataset, and (2) Botnet Dataset In both cases, the effect / problem was the same. I apologize for the wrong screenshot file. The paths are okay, there's no problem in that.

And yes, I had winpcap.

I am going to check with smaller pcaps and get back to you. Besides that, is there anything else I could check?

[ilfreedom]

Hi, That's fine. you can download the binary release from http://www.unb.ca/cic/research/applications.html#CICFlowMeter and try the pcap files to see if it works

[knowledgePest]

Hi, I have the same problem when I run from the jar file.

I tried with a simple small pcap. I get the same problem.

In the logfile named debug: "2018-10-01 15:01:16 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input C:\workspace\smallFlows.pcap 2018-10-01 15:01:18 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output C:\workspace"

[ilfreedom]

Could you please send the "smallFlows.pcap" to me(yzhang29@unb.ca)? I want to try this file on my machine to see what happen.

[knowledgePest]

Hi, I was trying to run it again, via eclipse. And now in the log files I see this:

2018-10-02 11:51:56 DEBUG swing.common.SwingUtils C:\AJWorkspace\ids\eclipse-workspace\CICFlowMeter-master\jnetpcap (Access is denied) 2018-10-02 11:51:56 DEBUG swing.common.SwingUtils C:\AJWorkspace\ids\eclipse-workspace\CICFlowMeter-master\logs (Access is denied) 2018-10-02 11:51:56 DEBUG swing.common.SwingUtils C:\AJWorkspace\ids\eclipse-workspace\CICFlowMeter-master\src (Access is denied) 2018-10-02 11:51:56 DEBUG swing.common.SwingUtils C:\AJWorkspace\ids\eclipse-workspace\CICFlowMeter-master\target (Access is denied) 2018-10-02 11:52:09 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input C:\workspace\smallFlows.pcap 2018-10-02 11:52:12 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output C:\workspace

[ilfreedom]

Hi, I believe the issue is you haven't set jnetpcap native lib path on the eclipse, like below:

I highly recommend you to use binary release from http://www.unb.ca/cic/research/applications.html#CICFlowMeter or use Gradle to build and run the ciciflowmeter

[ghost]

Hello sir, I'm graduated student in South Korea. I just wonder do you know any python library for calculating the fiat, biat, etc.. ??

[ilfreedom]

You can try this pypcapfile for decoding captures

[Soonmok]

I got the same error with this issue, and I solved it by installing jnetpcap in local

used 'sudo apt-get install jnetpcap'

[icvitic]

Hi,

I am trying to use cicflowmeter tool for extracting traffic features from .pcap file. Unfortunately something is seriously wrong so I am hoping that you can help me. I am using binaries downloaded from this link https://www.unb.ca/cic/research/applications.html#CICFlowMeter and trying to use GUI and cmd options. When I try to use GUI I get this https://ibb.co/nB3jdtj and debug file say following: 2019-04-23 21:03:00 DEBUG swing.common.SwingUtils C:\Users\icvitic\Desktop\Test (Access is denied) 2019-04-23 21:03:40 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input D:\Doktorski rad-podaci\SHIoT uređaji\blink_camera\24\blink_camera_10000_1_1_2019.pcap 2019-04-23 21:03:55 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output D:\Doktorski rad-podaci\SHIoT uređaji\blink_camera

When I try to use cmd I get the folowing error

https://ibb.co/BG4nwKt

I must admit, I am not an expert in java programming so I truly believe that you can help me with my problem.

Thank you in advance.

[rhr407]

Resolved this issue for Linux following the steps on https://www.geeksforgeeks.org/packet-capturing-using-jnetpcap-in-java/

For Linux: (x64)

1. Install libpcap-dev using:

$ sudo apt-get install libpcap-dev

2. Go to the jnetpcap folder inside CICFlowMeter/jnetpcap/linux/jnetpcap-1.4.r1425

3. Copy libjnetpcap.so and libjnetpcap-pcap100.so in /usr/lib/ (as sudo).

Cheers!

Hi, Thanks for the response. The contents of logfiles is as follows: (1) debug logfile: "2018-10-01 11:09:41 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input E:\UNB-Datasets\ISCX-Bot-2014\ISCX_Botnet-Training.pcap 2018-10-01 11:09:44 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output E:\UNB-Datasets\ISCX-Bot-2014 "

(2) info.log: Attached the screenshot.

[faiznjust]

Hi Sir, I run the GUI it is working fine, but i am confused about the output CSV files of the GUI, it shows the flow with 82 features, but at the end "no labels", could you please clear it to me? what is exactly the output CSV file? either it is the features of the particular pcap file? if it is, then where we should give the labels?
Thanks.

[rhr407]

@faiznjust : You will have to check the the unb website for a particualr dataset. For example go to https://www.unb.ca/cic/datasets/ids-2017.html for CICIDS2017 dataset and look for the particular IP addresses labelled for different benign or malicious scenarios. Then you have to mark the particular row index in label column of csv your own using python or the language you are using for applying machine learning.

[faiznjust]

Could you please send the "smallFlows.pcap" to me(yzhang29@unb.ca)? I want to try this file on my machine to see what happen.

Sir, your email address is not accessible. It send backs failure email.

[Riitt]

anyone have done in Tensorflow for Network Traffic Detection

Data File: https://cse-cic-ids2018.s3.ca-central-1.amazonaws.com/Processed+Traffic+Data+for+ML+Algorithms/Friday-02-03-2018_TrafficForML_CICFlowMeter.csv

[tirth24]

@rhr407 Hello, I am trying to download the cic flow meter from GitHub but there is no GUI available. Please share the file which I can directly run on the Windows operating system as I do not have a coding background to run on eclipse. I do have winscp in my system. Thanks for your time and help.

[rhr407]

@tirth24 : I would suggest you to install ubuntu on virtualbox and follow the steps given above.

[Siddharth1698]

Resolved this issue for Linux following the steps on https://www.geeksforgeeks.org/packet-capturing-using-jnetpcap-in-java/

For Linux: (x64)

1. Install libpcap-dev using:

$ sudo apt-get install libpcap-dev

1. Go to the jnetpcap folder inside CICFlowMeter/jnetpcap/linux/jnetpcap-1.4.r1425

2. Copy libjnetpcap.so and libjnetpcap-pcap100.so in /usr/lib/ (as sudo).

Cheers!

Hi, Thanks for the response. The contents of logfiles is as follows: (1) debug logfile: "2018-10-01 11:09:41 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select input E:\UNB-Datasets\ISCX-Bot-2014\ISCX_Botnet-Training.pcap 2018-10-01 11:09:44 DEBUG cic.cs.unb.ca.flow.ui.FlowOfflinePane offline select output E:\UNB-Datasets\ISCX-Bot-2014 " (2) info.log: Attached the screenshot.

Thanks. This works like a charm :smile_cat:

[yirenpinxin]

I also have a similar problem. There is no CSV file generated. The log shows that opening the file failed. It looks like I don't have administrator rights, but I run as an administrator. The relevant environment is windows 10, IntelliJ and JDK1.8. Does anyone know why

[omarelnakib]

hello , i get this error on eclipse after i choose the pcap file and click the button to start, I'm working on CICIDS2017 dataset. Could you please help me

error message: cic.cs.unb.ca.jnetpcap.PacketReader Error while opening file for capture: bad dump file format

[ozgurcglr]

hello, i get this error "Could not find property 'CreateStartScripts' on root project 'CICFlowMeter'." when i run gradle execute in IDEA terminal.

Can anybody help?

[LQun9601]

hello, i get this error "Could not find property 'CreateStartScripts' on root project 'CICFlowMeter'." when i run gradle execute in IDEA terminal.

Can anybody help? hi, i also get the same error, have you solved it?

[novynngsh]

can anyone help me? i just run cicflowmeter and my cmd show error text like this "cic.cs.unb.ca.jnetpcap.PacketReader Error while opening file for capture: bad dump file format"

thanks a lot before

[foongminwong]

Resolved this issue for Linux following the steps on https://www.geeksforgeeks.org/packet-capturing-using-jnetpcap-in-java/

For Linux: (x64)

1. Install libpcap-dev using:

$ sudo apt-get install libpcap-dev

2. Go to the jnetpcap folder inside CICFlowMeter/jnetpcap/linux/jnetpcap-1.4.r1425
3. Copy libjnetpcap.so and libjnetpcap-pcap100.so in /usr/lib/ (as sudo).

Cheers!

It works and thank you for providing the steps! For CentOS, you can do yum install libpcap-devel for installation and follow the 2nd & 3rd steps

[Sabari-E]

Hi, I believe the issue is you haven't set jnetpcap native lib path on the eclipse, like below:

I highly recommend you to use binary release from http://www.unb.ca/cic/research/applications.html#CICFlowMeter or use Gradle to build and run the ciciflowmeter

What is the main file here? Anyone pls

[harman1989]

Hello, im using CiCFlowmeter on sdn, the interface is not showing in Realtime and for offline after selecting pcap file nothing is showning except the "1 pcap file is received"