{"id":29356993,"url":"https://github.com/cesnet/nemea","last_synced_at":"2025-07-21T05:03:36.510Z","repository":{"id":47672199,"uuid":"41602249","full_name":"CESNET/Nemea","owner":"CESNET","description":"System for network traffic analysis and anomaly detection.","archived":false,"fork":false,"pushed_at":"2024-10-26T18:41:01.000Z","size":23647,"stargazers_count":86,"open_issues_count":3,"forks_count":22,"subscribers_count":26,"default_branch":"master","last_synced_at":"2024-10-26T20:41:30.683Z","etag":null,"topics":["liberouter","nemea"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CESNET.png","metadata":{"files":{"readme":"README-on_biflow.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-08-29T17:53:50.000Z","updated_at":"2024-10-18T16:06:45.000Z","dependencies_parsed_at":"2023-01-19T02:45:47.814Z","dependency_job_id":"d0bfbd49-0d8c-4b13-b7d1-d2db666ae8f8","html_url":"https://github.com/CESNET/Nemea","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/CESNET/Nemea","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CESNET%2FNemea","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CESNET%2FNemea/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CESNET%2FNemea/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CESNET%2FNemea/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CESNET","download_url":"https://codeload.github.com/CESNET/Nemea/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CESNET%2FNemea/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266242072,"owners_count":23898102,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["liberouter","nemea"],"created_at":"2025-07-09T05:41:20.355Z","updated_at":"2025-07-21T05:03:36.503Z","avatar_url":"https://github.com/CESNET.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"This documents briefly explains \"biflow\" representation and how it is used in\n[ipfixprobe](https://github.com/CESNET/ipfixprobe) and how it should be used in\nNEMEA. Biflow is an abbreviation of bidirectional flow (record) which\nrepresents both directions of one connection between two devices in form of one\n\"message\"/flow record.\n\nInterpretation of UniRec record (how to work with UniRec template and UniRec\nmessage):\n\n1. If the UniRec template contains both fields: `BYTES_REV` and `PACKETS_REV`,\n   it is considered as biflow template. Otherwise, it is not (i.e., it is\n   probably unidirectional flow record). Note: ipfixprobe ALWAYS export both\n   fields for biflow.\n2. If the UniRec template is not biflow (due to missing fields in 1.), the\n   UniRec messages should be paired/aggregated \"manually\" to get biflow.\n3. If a biflow message contains `PACKETS_REV == 0`, it is still a biflow\n   record, however, it contains only one direction of the communication. This\n   means one of the cases:\n    1. the communication was really unidirectional (e.g., broadcast messages, UDP streams),\n    2. the communication was bidirectional, but the flow exporter observed only\n       one direction of it,\n    3. the communication was bidirectional, but the flow exporter was not able\n       to pair/aggregated both directions.\n\n3.2 can happen in case of assymetric routing, where packets of different\ndirections might be routed via different links.\n3.3 can happen in case of splitting flow records due to timeouts or limited\nflow cache.\n\nIn any case, it is highly recommended to do pairing/aggregation of UniRec\nmessage before processing.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcesnet%2Fnemea","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcesnet%2Fnemea","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcesnet%2Fnemea/lists"}