gnat_sensor

Synopsis

Description

The gnat_sensor is a a sophisticated network flow capture and analysis sensor based on a modified version of YAF (Yet Another Flowmeter). The sensor captures network packets, extracts relevant features, and generates flow records in IPFIX format. It works seamlessly with the GNAT framework, providing a powerful source of data for network flow analysis and anomaly detection.

Required Options

In order to support the machine learning capabilities of GNAT, following options are required:

`--entropy`

The --entropy determines a Shannon Entropy value for the payload and exports the values for both the forward and reverse payloads. This identifier is used to tag the imported data with the source of the observation.

`--ndpi`

The --ndpi examines the packet payload using nDPI to determine application protocol and sub-protocol

`--max-payload`

The --max-payload=4096 enables deep packet inspection.

`--flow-stats`

The --flow-stats calculates and exports statistics flow attributes such as small packet count, large packet count, nonempty packet count, average interarrival times, total data octets, and max packet size.

Examples

$ yaf --in <interface> --live=pcap --entropy --ndpi --max-payload=4096 --flow-stats

License Compliance

YAF is licensed under the GNU General Public License (GPL) Version 2 or later. This means that YAF is free software, and anyone can redistribute it and/or modify it under the terms of the GPL.

Since modifications to YAF must also be licensed under the GPL, and any derivative works must be made available under the same license, the GNAT modified version of YAF source code is publicly available on GitHub.

Synopsis​

Description​

Required Options​

--entropy​

--ndpi​

--max-payload​

--flow-stats​

Examples​

See Also​

License Compliance​