{"id":13786654,"url":"https://github.com/chrispassas/silk","last_synced_at":"2026-03-01T18:35:28.930Z","repository":{"id":34886319,"uuid":"162229699","full_name":"chrispassas/silk","owner":"chrispassas","description":"Silk File Reader","archived":false,"fork":false,"pushed_at":"2022-03-09T02:29:44.000Z","size":52874,"stargazers_count":14,"open_issues_count":0,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-17T22:36:27.941Z","etag":null,"topics":["flows","netflow","silk"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chrispassas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-18T04:23:35.000Z","updated_at":"2024-10-01T07:22:07.000Z","dependencies_parsed_at":"2022-08-03T08:00:38.219Z","dependency_job_id":null,"html_url":"https://github.com/chrispassas/silk","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/chrispassas/silk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrispassas%2Fsilk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrispassas%2Fsilk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrispassas%2Fsilk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrispassas%2Fsilk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chrispassas","download_url":"https://codeload.github.com/chrispassas/silk/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chrispassas%2Fsilk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29978924,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T16:35:47.903Z","status":"ssl_error","status_checked_at":"2026-03-01T16:35:44.899Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flows","netflow","silk"],"created_at":"2024-08-03T19:01:27.231Z","updated_at":"2026-03-01T18:35:28.921Z","avatar_url":"https://github.com/chrispassas.png","language":"Go","funding_links":[],"categories":["工具库","Utilities","公用事业公司","工具库`可以提升效率的通用代码库和工具`","Utility"],"sub_categories":["查询语","Utility/Miscellaneous","实用程序/Miscellaneous","HTTP Clients","Fail injection"],"readme":"[![GoDoc](https://godoc.org/github.com/chrispassas/silk?status.svg)](https://godoc.org/github.com/chrispassas/silk)\n[![Go Report Card](https://goreportcard.com/badge/github.com/chrispassas/silk)](https://goreportcard.com/report/github.com/chrispassas/silk)\n\n\n# silk flows\nhttps://tools.netsa.cert.org/silk/docs.html\n\n## Description\nThis package makes it easy to read common silk files without using C Go.\n\n## Go Doc\nhttps://godoc.org/github.com/chrispassas/silk\n\n## What is silk\nSource https://tools.netsa.cert.org/silk/faq.html#what-silk \n\u003eSiLK is a suite of network traffic collection and analysis tools developed and maintained by the CERT Network Situational \u003eAwareness Team (CERT NetSA) at Carnegie Mellon University to facilitate security analysis of large networks. The SiLK tool \u003esuite supports the efficient collection, storage, and analysis of network flow data, enabling network security analysts to \u003erapidly query large historical traffic data sets.\n\n## Supported File Formats\n| Record Size   | Record Version           | Compression   | Supported          |\n| ------------- | -------------            | ------------- | -------------      |\n| 88            | RWIPV6ROUTING VERSION 1  | None (0)      | :white_check_mark: |\n| 88            | RWIPV6ROUTING VERSION 1  | Zlib (1)      | :white_check_mark: |\n| 88            | RWIPV6ROUTING VERSION 1  | Lzo (2)       | :white_check_mark: |\n| 88            | RWIPV6ROUTING VERSION 1  | Snappy (3)    | :white_check_mark: |\n| 68            | RWIPV6 VERSION 1         | None (0)      | :white_check_mark: |\n| 68            | RWIPV6 VERSION 1         | Zlib (1)      | :white_check_mark: |\n| 68            | RWIPV6 VERSION 1         | Lzo (2)       | :white_check_mark: |\n| 68            | RWIPV6 VERSION 1         | Snappy (3)    | :white_check_mark: |\n| 56            | RWIPV6 VERSION 2         | None (0)      | :white_check_mark: |\n| 56            | RWIPV6 VERSION 2         | Zlib (1)      | :white_check_mark: |\n| 56            | RWIPV6 VERSION 2         | Lzo (2)       | :white_check_mark: |\n| 56            | RWIPV6 VERSION 2         | Snappy (3)    | :white_check_mark: |\n| 52            | RWGENERIC VERSION 5      | None (0)      | :white_check_mark: |\n| 52            | RWGENERIC VERSION 5      | Zlib (1)      | :white_check_mark: |\n| 52            | RWGENERIC VERSION 5      | Lzo (2)       | :white_check_mark: |\n| 52            | RWGENERIC VERSION 5      | Snappy (3)    | :white_check_mark: |\n\n## Example\n\n### Parse Whole File\n```go\npackage main\n\nimport (\n    \"fmt\"\n    \"log\"\n    \"github.com/chrispassas/silk\"\n)\n\nfunc main() {\n\n    var testFile = \"testdata/FT_RWIPV6-v2-c0-L.dat\"\n    var err error\n    var sf silk.File\n\n    if sf, err = silk.OpenFile(testFile); err != nil {\n        log.Fatalf(\"OpenFile() error:%s\", err)\n    }\n\n    log.Printf(\"Compression:%d\", sf.Header.Compression)\n    log.Printf(\"FileFlags:%d\", sf.Header.FileFlags)\n    log.Printf(\"FileVersion:%d\", sf.Header.FileVersion)\n    log.Printf(\"HeaderLength:%d\", sf.Header.HeaderLength)\n    log.Printf(\"MagicNumber:%x\", sf.Header.MagicNumber)\n    log.Printf(\"RecordFormat:%d\", sf.Header.RecordFormat)\n    log.Printf(\"RecordSize:%d\", sf.Header.RecordSize)\n    log.Printf(\"RecordVersion:%d\", sf.Header.RecordVersion)\n    log.Printf(\"SilkVersion:%d\", sf.Header.SilkVersion)\n\n    log.Printf(\"File record count:%d\\n\", len(sf.Flows))\n\n    fmt.Printf(\"start_time_ms,src_ip,dst_ip,src_port,dst_port\\n\")\n    for _, flow := range sf.Flows {\n        fmt.Printf(\"%d,%s,%s,%d,%d\\n\",\n            flow.StartTimeMS,\n            flow.SrcIP.String(),\n            flow.DstIP.String(),\n            flow.SrcPort,\n            flow.DstPort,\n        )\n        //Etc... for other silk.Flow values\n    }\n}\n```\n\n### Channel Based Parsing\n```go\npackage main\n\nimport (\n    \"fmt\"\n    \"log\"\n    \"os\"\n    \"github.com/chrispassas/silk\"\n)\n\nfunc main() {\n    var testFile = \"testdata/FT_RWIPV6-v2-c0-L.dat\"\n    var err error\n    \n    flows := make([]silk.Flow, 0, 245340)\n    receiver := silk.NewChannelFlowReceiver(0)\n\n    reader, err := os.Open(testFile)\n    if err != nil {\n        log.Fatal(err)\n    }\n    defer reader.Close()\n\n    go func() {\n        if err = silk.Parse(reader, receiver); err != nil {\n            log.Fatal(err)\n        }\n    }()\n\n    for flow := range receiver.Read() {\n        /*\n            Pulling all data into an in memory array. That really isn't the point of the channel based\n            parser. You would want to stream it somewhere else to keep memory usage low. This is for example\n            purposes only.\n        */\n        flows = append(flows, flow)\n    }\n\n    log.Printf(\"Compression:%d\", receiver.Header.Compression)\n    log.Printf(\"FileFlags:%d\", receiver.Header.FileFlags)\n    log.Printf(\"FileVersion:%d\", receiver.Header.FileVersion)\n    log.Printf(\"HeaderLength:%d\", receiver.Header.HeaderLength)\n    log.Printf(\"MagicNumber:%x\", receiver.Header.MagicNumber)\n    log.Printf(\"RecordFormat:%d\", receiver.Header.RecordFormat)\n    log.Printf(\"RecordSize:%d\", receiver.Header.RecordSize)\n    log.Printf(\"RecordVersion:%d\", receiver.Header.RecordVersion)\n    log.Printf(\"SilkVersion:%d\", receiver.Header.SilkVersion)\n\n    log.Printf(\"File record count:%d\\n\", len(flows))\n\n    fmt.Printf(\"start_time_ms,src_ip,dst_ip,src_port,dst_port\\n\")\n    for _, flow := range flows {\n        fmt.Printf(\"%d,%s,%s,%d,%d\\n\",\n            flow.StartTimeMS,\n            flow.SrcIP.String(),\n            flow.DstIP.String(),\n            flow.SrcPort,\n            flow.DstPort,\n        )\n        //Etc... for other silk.Flow values\n    }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrispassas%2Fsilk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchrispassas%2Fsilk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchrispassas%2Fsilk/lists"}