{"id":19660726,"url":"https://github.com/gunrock/netflow","last_synced_at":"2026-03-10T05:02:36.504Z","repository":{"id":74528731,"uuid":"82249223","full_name":"gunrock/netflow","owner":"gunrock","description":"Cybersecurity: Graph Processing using Gunrock.","archived":false,"fork":false,"pushed_at":"2017-06-29T22:08:35.000Z","size":5,"stargazers_count":11,"open_issues_count":0,"forks_count":2,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-28T20:46:17.930Z","etag":null,"topics":["cyber-security","graph-processing","gunrock","netflow","packets","parser","router","traffic-statistics"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gunrock.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-02-17T02:39:24.000Z","updated_at":"2024-01-17T16:00:00.000Z","dependencies_parsed_at":"2023-02-23T22:30:14.383Z","dependency_job_id":null,"html_url":"https://github.com/gunrock/netflow","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/gunrock/netflow","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunrock%2Fnetflow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunrock%2Fnetflow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunrock%2Fnetflow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunrock%2Fnetflow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gunrock","download_url":"https://codeload.github.com/gunrock/netflow/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gunrock%2Fnetflow/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30325598,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T01:36:58.598Z","status":"online","status_checked_at":"2026-03-10T02:00:06.579Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber-security","graph-processing","gunrock","netflow","packets","parser","router","traffic-statistics"],"created_at":"2024-11-11T16:05:14.121Z","updated_at":"2026-03-10T05:02:36.492Z","avatar_url":"https://github.com/gunrock.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Netflow\nCybersecurity: Graph Processing using Gunrock.\n\n## What is Netflow?\nNetFlow is a traffic profile monitoring technology that describes the method for a router to export statistics about the routed socket pairs. When a network administrator enables the NetFlow export on a router interface, traffic statistics of packets received on that interface will be counted as \"flow\" and stored into a dynamic flow cache.\n\n## What is flow?\nFlow is defined as a unidirectional sequence of packets (which means there will be two flows for each connection session, one from the server to client, one from the client to server) between two endpoints. A flow can be identified by seven key fields: source IP address, destination IP address, source port number, destination port number, protocol type, type of services, and the router input interface. Any time after receiving a packet, a router will look for these seven fields and then make a decision: if the packet belongs to an existent flow, traffic statistics of the corresponding flow will be increased, otherwise a new flow entry will be created.\n\n```\n Date flow start          Duration Proto   Src IP Addr:Port      Dst IP Addr:Port     Packets    Bytes Flows\n 2010-09-01 00:00:00.459     0.000 UDP     127.0.0.1:24920   -\u003e  192.168.0.1:22126        1       46     1\n 2010-09-01 00:00:00.363     0.000 UDP     192.168.0.1:22126 -\u003e  127.0.0.1:24920          1       80     1\n```\n \n## Analysis Methods\n* Top N and Baseline\n* Top N session\n* Top N data\n* Pattern Matching\n  * Port matching\n  * IP address matching\n  \n## Sources\n* [Inter Projekt - NetFlow](https://pliki.ip-sa.pl/wiki/Wiki.jsp?page=NetFlow)\n* [Detecting Worms and Abnormal Activities with NetFlow](https://www.symantec.com/connect/articles/detecting-worms-and-abnormal-activities-netflow-part-1)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgunrock%2Fnetflow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgunrock%2Fnetflow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgunrock%2Fnetflow/lists"}