DataFormat

SRIFlow Data Format

SRIFlow produces an output stream consisting of three CSV record formats. Flow Records are produced per UDP|TCP network flow. Flow records are produced at flow initialization, flow completion (FIN, Reset, or Timeout), and at update intervals specified by command argument. Stat Records capture network wide statistics that are computed and printed at intervals specified by command line argument. DNS Transaction records summarize DNS queries and results observed by SRIFlow. Here is a summary of the CSV fields.

Here is an example network flow

% wget https://www.fms.treas.gov/frsummary/frsummary2012.pdf

Here are the resulting SRIFlow records this this flow will produce:

DNS,130.107.X.Y,8.8.8.8,1390781910,0,UDP,A,fms.treas.gov,OK,166.123.208.148,fms.treas.gov,US,Washinton,38.8979,-77.0417

FLOW,130.107.A.B,53581,166.123.208.148,443,1390781910,1390781910,0,TCP,INIT,2,0,0,0,2,1,0,0,0,1,0,0,2,0,1,0,0v1,,,myHost.domain.com,fms.treas.gov,US,Menlo Park,US,Washington,37.459,-122.178,38.8979,-77.0417

FLOW,130.107.A.B,53581,166.123.208.148,443,1390781910,1390781912,2,TCP,FIN,139,3,228,686,142,1,270,1354,365624,271,2,686,140,365624,270,0,0v1,=(808c01030100)c=…/=(0300800000)f=00,=(1603010ef0020000)F…, myHost.domain.com,fms.treas.gov,US,Menlo Park,US,Washington,37.459,-122.178,38.8979,-77.0417