AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
Compile:
$ git clone git://bitbucket.com/camp0/aiengine
$ ./autogen.sh
$ ./configure
$ make
Usage:
username@computer:~/code/c++/aiengine/src$ ./aiengine -h
iaengine 0.1
Mandatory arguments:
-I [ --interface ] arg Sets the network interface.
-P [ --pcapfile ] arg Sets the pcap file.
Link Layer optional arguments:
-q [ --tag ] arg Selects the tag type of the ethernet layer (vlan,mpls).
TCP optional arguments:
-t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool.
UDP optional arguments:
-u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool.
Signature optional arguments:
-R [ --enable-signatures ] Enables the Signature engine.
-r [ --regex ] arg (=.*) Sets the regex for evaluate agains the flows.
-c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature
on the flows.
Frequencies optional arguments:
-F [ --enable-frequencies ] Enables the Frequency engine.
-g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por
t and dst-port.
-f [ --flow-type ] arg (=tcp) Uses tcp or udp flows.
-L [ --enable-learner ] Enables the Learner engine.
-k [ --key-learner ] arg (=80) Sets the key for the Learner engine.
Optional arguments:
-k [ --stack ] arg (=lan) Sets the network stack (lan,mobile).
-d [ --dumpflows ] Dump the flows to stdout.
-s [ --statistics ] arg (=0) Show statistics of the network stack.
-p [ --pstatistics ] Show statistics of the process.
-h [ --help ] Show help.
-v [ --version ] Show version string.