Question 1

how to install NFStream on Windows

Accepted Answer

Install Npcap drivers first, either separately or via Wireshark, then use pip install nfstream. The README notes that if Wireshark is installed, Npcap may already be present, simplifying setup.

Question 2

NFStream vs Scapy for network analysis

Accepted Answer

NFStream is optimized for high-performance flow aggregation and encrypted traffic identification, making it better for ML and reproducible research, while Scapy excels at low-level packet manipulation and prototyping but lacks built-in flow analysis features.

Question 3

how to add custom features with NFStream plugins

Accepted Answer

Create a Python class extending NFPlugin, implementing methods like on_init and on_update to compute metrics based on packet data. The README provides an example plugin for counting packets of a specific size.

Question 4

can NFStream identify all encrypted apps

Accepted Answer

No, it relies on nDPI's protocol library, which covers common encrypted applications like TLS and SSH but may miss newer or proprietary ones. Check nDPI's documentation for the latest supported protocols.

Question 5

is NFStream good for real-time monitoring

Accepted Answer

Yes, with features like AF_PACKET_V3 support and multiprocessing, it handles live network interfaces efficiently, though performance depends on hardware and network load.

Question 6

what licenses does NFStream use

Accepted Answer

NFStream is LGPLv3, but it depends on nDPI (LGPL) and on Windows requires Npcap (proprietary with a free version), so commercial users must ensure compliance with all dependencies.

NFStream

What is NFStream?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions