ethtool -G ens161 rx 4096 tx 4096\nip link set ens161 txqueuelen 100000\nsysctl -w net.core.rmem_max=$((1024*1024*16))<\/code><\/pre>\n\n\n\nsysctl<\/p>\n\n\n\n
fs.aio-max-nr = 524288\nfs.file-max = 611160\nkernel.msgmax = 131072\nkernel.msgmnb = 131072\nkernel.panic = 15\nkernel.pid_max = 65536\nkernel.printk = 4 4 1 7\nkernel.sysrq = 0\nnet.core.default_qdisc = fq\nnet.core.netdev_max_backlog = 262144\nnet.core.optmem_max = 16777216\nnet.core.somaxconn = 65535\nnet.core.wmem_max = 16777216\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.all.log_martians = 1\nnet.ipv4.conf.all.rp_filter = 1\nnet.ipv4.conf.all.secure_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\nnet.ipv4.conf.default.accept_redirects = 0\nnet.ipv4.conf.default.accept_source_route = 0\nnet.ipv4.conf.default.rp_filter = 1\nnet.ipv4.conf.default.secure_redirects = 0\nnet.ipv4.conf.default.send_redirects = 0\nnet.ipv4.ip_forward = 0\nnet.ipv4.ip_local_port_range = 1024 65535\nnet.ipv4.tcp_congestion_control = bbr\nnet.ipv4.tcp_fin_timeout = 10\nnet.ipv4.tcp_keepalive_intvl = 10\nnet.ipv4.tcp_keepalive_probes = 5\nnet.ipv4.tcp_keepalive_time = 60\nnet.ipv4.tcp_low_latency = 1\nnet.ipv4.tcp_max_orphans = 10000\nnet.ipv4.tcp_max_syn_backlog = 65000\nnet.ipv4.tcp_max_tw_buckets = 1440000\nnet.ipv4.tcp_moderate_rcvbuf = 1\nnet.ipv4.tcp_no_metrics_save = 1\nnet.ipv4.tcp_notsent_lowat = 16384\nnet.ipv4.tcp_rfc1337 = 1\nnet.ipv4.tcp_rmem = 4096 87380 16777216\nnet.ipv4.tcp_sack = 0\nnet.ipv4.tcp_slow_start_after_idle = 0\nnet.ipv4.tcp_synack_retries = 2\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.tcp_syn_retries = 2\nnet.ipv4.tcp_timestamps = 0\nnet.ipv4.tcp_tw_reuse = 1\nnet.ipv4.tcp_window_scaling = 0\nnet.ipv4.tcp_wmem = 4096 65536 16777216\nnet.ipv6.conf.all.disable_ipv6 = 1\nnet.ipv6.conf.default.disable_ipv6 = 1\nnet.ipv6.conf.lo.disable_ipv6 = 1\nvm.dirty_background_ratio = 2\nvm.dirty_ratio = 60\nvm.max_map_count = 262144\nvm.overcommit_memory = 1\nvm.swappiness = 1<\/code><\/pre>\n\n\n\nNFSTREAM:<\/p>\n\n\n\n
from nfstream import NFStreamer\nmy_capture_streamer = NFStreamer(source=args.nic, statistical_analysis=True, splt_analysis=1 )\n\nfor flow in my_capture_streamer:\n NFEntry={\n \"epoch_first_seen\":flow.bidirectional_first_seen_ms,\n \"epoch_last_seen\":flow.bidirectional_last_seen_ms,\n \"timedate_first_seen\":datetime_to_int(epoch_to_time(flow.bidirectional_first_seen_ms)),\n \"timedate_last_seen\":datetime_to_int(epoch_to_time(flow.bidirectional_last_seen_ms)),\n \"time_duration\":flow.bidirectional_duration_ms\/1000,\n \"version\":flow.ip_version,\n \"protocol\":flow.protocol,\n \"src_ip\":flow.src_ip,\n \"src_port\":flow.src_port,\n \"dst_ip\":flow.dst_ip,\n \"dst_port\":flow.dst_port,\n \"dst_mac\":flow.dst_mac,\n \"vlan_id\":flow.vlan_id,\n \"src_mac\":flow.src_mac,\n \"whois_destination_name\": whois_cache.get(flow.dst_ip)[0],\n \"whois_destination_cidr\": whois_cache.get(flow.dst_ip)[1],\n #\"process_name\":''.join(find_process),\n #\"process_pid\":find_pid[0],\n #\"process_name\":''.join(retrieve_process_info(int(find_pid[0]))[0]),\n #\"process_exe\":''.join(retrieve_process_info(int(find_pid[0]))[1]),\n #\"process_cmd_line\":' '.join(retrieve_process_info(int(find_pid[0]))[2])[0:255],\n #\"process_parent_pid\":retrieve_process_info(int(find_pid[0]))[3],\n #\"process_parent_name\":''.join(retrieve_process_info(int(find_pid[0]))[4]),\n #\"process_create_time\":retrieve_process_info(int(find_pid[0]))[5],\n \"total_packets\":flow.bidirectional_packets,\n \"total_bytes\":flow.bidirectional_bytes,\n \"src2dst_packets\":flow.src2dst_packets,\n !\/#@5 \"src2dst_bytes\":flow.src2dst_bytes,\n \"dst2src_packets\":flow.dst2src_packets,\n \"dst2src_bytes\":flow.dst2src_bytes,\n \"application_name\":flow.application_name,\n \"category_name\":flow.application_category_name,\n \"auth0_signal_badip\":auth0_signal(flow.dst_ip)\n }\n\n \n print(NFEntry)\n<\/code><\/pre>\n\n\n\nRef: https:\/\/github.com\/nfstream\/nfstream<\/p>\n\n\n\n
API DOC: https:\/\/www.nfstream.org\/docs\/api<\/p>\n\n\n\n![\"https:\/\/www.nfstream.org\/resources\/architecture_nfstream.png\"\/](\"https:\/\/www.nfstream.org\/resources\/architecture_nfstream.png\")
<\/figure>\n \t