FlowGuardX is a security-oriented extension of
ahlashkari/CICFlowMeter. The original CICFlowMeter source tree is preserved in
this repository. The new platform layer upgrades the workflow from offline
PCAP-to-CSV feature extraction to enhanced flow analysis with packet sequences,
burst behavior, frequency-domain descriptors, explainable threat scoring and a web
visualization UI.
- Portable classic-PCAP parser for Ethernet/IPv4/TCP/UDP traffic.
- CIC-style bidirectional flow aggregation. The first packet defines forward and backward direction, matching CICFlowMeter's core flow semantics.
- CIC-compatible statistical CSV fields plus enhanced sequence, burst and frequency-domain features.
- Frequency-domain analysis: energy, entropy, dominant frequency, low/high-frequency ratio and periodicity score.
- Rule-based detection for scanning, flooding, periodic heartbeat-like traffic and asymmetric transfer.
- Explainable alerts with evidence strings.
- Local HTTP API and browser UI for upload, dashboard, flow table, frequency charts, alert review and artifact export.
Run the sample analysis:
.\scripts\analyze_sample.ps1Start the API and web UI:
.\scripts\run_server.ps1Open:
http://127.0.0.1:8088
Analyze your own PCAP from the command line:
$env:PYTHONPATH = ".\backend"
python -m flowguardx.cli analyze .\examples\sample.pcap --output .\var\analysisbackend/flowguardx/ portable analyzer, feature plugins, detector, API
frontend/ dashboard, flow table, frequency and alert views
scripts/ PowerShell run helpers
examples/ sample PCAP generator
docs/ design, API, feature list and benchmark plan
src/ original CICFlowMeter Java source
jnetpcap/ original native dependency bundle
POST /api/pcap/uploadGET /api/statisticsGET /api/flowsGET /api/alertsGET /api/report/export?format=json|csv|html
See docs/api.md for details.
The original Java/Swing tool still requires local jnetpcap setup.
mvn install:install-file -Dfile=jnetpcap\win\jnetpcap-1.4.r1425\jnetpcap.jar -DgroupId=org.jnetpcap -DartifactId=jnetpcap -Dversion=1.4.1 -Dpackaging=jar
gradlew executeOn Linux, install the matching jar from jnetpcap/linux/jnetpcap-1.4.r1425 and
ensure the native library path is available.
This project is based on CICFlowMeter by Ahlashkari et al. The original license
is retained as LICENSE.txt; additional attribution is in NOTICE.