explaingit

hfsecret/flowguardx

19JavaAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

TLDR

FlowGuardX analyzes recorded network traffic files to detect threats like port scans, floods, and malware check-ins, then shows results in a local web dashboard with export options.

Mindmap

mindmap
  root((FlowGuardX))
    Input
      PCAP files
      CLI commands
      PowerShell scripts
    Analysis
      Flow statistics
      Packet timing
      Frequency domain
    Detection
      Port scan alerts
      Flood detection
      Heartbeat patterns
      Asymmetric transfers
    Output
      Web dashboard
      Alert list
      JSON CSV HTML export
    Foundation
      CICFlowMeter Java
      Python platform layer
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Investigate a suspicious PCAP capture to see if any devices are beaconing out to remote servers on a schedule.

USE CASE 2

Scan recorded network traffic for signs of port scanning or flood attacks without writing any detection code.

USE CASE 3

Export flagged network flows as CSV or JSON to feed into a spreadsheet or another security tool.

USE CASE 4

Run automated network traffic checks from the command line or PowerShell as part of a security workflow.

Tech stack

JavaPythonCICFlowMeterPowerShellPCAP

Getting it running

Difficulty · moderate Time to first run · 30min

Requires Java for the CICFlowMeter core and Python for the platform layer. Run against a PCAP file, web dashboard available at localhost:8088. PowerShell scripts available for CLI-only use.

Uses the original open-source license from the CICFlowMeter project, which is free to use and modify.

In plain English

FlowGuardX is a network security analysis tool built on top of CICFlowMeter, an open-source tool originally developed for academic network traffic research. Where CICFlowMeter focused on extracting statistics from PCAP files (recordings of raw network traffic) into CSV spreadsheets, FlowGuardX extends that foundation with threat detection and a web interface for reviewing results. The tool reads PCAP files, reconstructs the network conversations inside them, and computes dozens of measurements per conversation: timing patterns, packet sizes, how much data flows in each direction, and how bursty or periodic the traffic looks. On top of those measurements it adds frequency-domain analysis, which means it converts the traffic patterns into a form that can reveal hidden periodicities, like malware that checks in with a remote server at regular intervals. With those measurements in hand, a rule-based detection layer flags suspicious patterns: port scanning, flooding attacks, traffic that looks like an automated heartbeat, and transfers where one side sends far more than the other. Each alert comes with an explanation string describing which measurements triggered it, so a human reviewer can understand what was found without digging into raw numbers. The results are accessible through a local web interface running at port 8088. The dashboard shows statistics, a flow table, frequency charts, and an alert list. You can also export findings as JSON, CSV, or HTML for further analysis elsewhere. The command-line interface and PowerShell helper scripts let you run an analysis without touching the browser at all. The original Java version of CICFlowMeter is preserved in the repository alongside the new Python-based platform layer, and the project retains the original open-source license from the CICFlowMeter authors.

Copy-paste prompts

Prompt 1
I have a PCAP file from my network. Using FlowGuardX, how do I load it and get a list of suspicious flows with explanations of why each was flagged?
Prompt 2
Using FlowGuardX, write me a PowerShell script that runs an analysis on a folder of PCAP files and exports the alerts as a JSON file.
Prompt 3
Explain the frequency-domain analysis FlowGuardX uses to detect malware beaconing. What patterns does it look for and how would I interpret the results in the dashboard?
Prompt 4
I want to add a new detection rule to FlowGuardX that flags any flow where more than 10,000 packets are sent in under 5 seconds. Where in the codebase do I add this rule and what format should the alert explanation string follow?
Prompt 5
Using FlowGuardX running on port 8088, walk me through what each section of the web dashboard shows and how to tell if an alert is a real threat or a false positive.
Open on GitHub → Explain another repo

← hfsecret on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.