Plugins overview
plugins
Contents
Global plugins
| protoStats | Overall statistics about protocols |
Basic plugins
| basicFlow | Overall flow information |
| basicStats | Basic statistics |
| connStat | Connection statistics |
| macRecorder | MAC addresses and manufacturers |
| portClassifier | Classification based on port numbers |
Layer 2 plugins
| arpDecode | ARP: Address Resolution Protocol |
| cdpDecode | CDP: Cisco Discovery Protocol |
| lldpDecode | LLDP Link Layer Discovery Protocol |
| stpDecode | STP: Spanning Tree Protocol |
| vtpDecode | VTP: VLAN Trunking Protocol |
Layer 3/4 plugins
| icmpDecode | ICMP: Internet Control Message Protocol |
| igmpDecode | IGMP: Internet Group Management Protocol |
| ospfDecode | OSPF: Open Shortest Path First |
| sctpDecode | SCTP: Stream Control Transmission Protocol |
| tcpFlags | IP and TCP flags |
| tcpStates | TCP connection tracker |
| vrrpDecode | VRRP: Virtual Router Redundancy Protocol |
Layer 7 plugins
| bgpDecode | BGP: Border Gateway Protocol |
| dhcpDecode | DHCP: Dynamic Host Configuration Protocol |
| dnsDecode | DNS: Domain Name System |
| ftpDecode | FTP: File Transfer Protocol |
| gtpDecode | GTP: GPRS Tunneling Protocol |
| httpSniffer | HTTP: HyperText Transfer Protocol |
| ircDecode | IRC: Internet Relay Chat |
| ldapDecode | LDAP: Lightweight Directory Access Protocol |
| mndpDecode | MNDP: MikroTik Neighbor Discovery Protocol |
| modbus | Modbus |
| mqttDecode | MQTT: MQ Telemetry Transport Protocol |
| ntlmsspDecode | NTLMSSP: NT LAN Manager (NTLM) Security Support Provider |
| ntpDecode | NTP: Network Time Protocol |
| popDecode | POP: Post Office Protocol |
| radiusDecode | RADIUS: Remote Authentication Dial-In User Service |
| smbDecode | SMB: Server Message Block |
| smtpDecode | SMTP: Simple Mail Transfer Protocol |
| snmpDecode | SNMP: Simple Network Management Protocol |
| sshDecode | SSH: Secure Shell |
| sslDecode | SSL/TLS, OpenVPN |
| stunDecode | STUN, TURN, ICE and NAT-PMP |
| syslogDecode | Syslog |
| telnetDecode | Telnet |
| tftpDecode | TFTP: Trivial File Transfer Protocol |
Applications plugins
| pwX | Password extractor |
| regex_pcre | PCRE: Perl Compatible Regular Expressions |
| torDetector | Tor: The Onion Router |
| voipDetector | VoIP: Voice over IP |
Math plugins
| descriptiveStats | Descriptive statistics |
| entropy | Entropy |
| nFrstPkts | Statistics over the first N packets |
| pktSIATHisto | Histograms of packet size and inter-arrival times |
| wavelet | Wavelet |
Classifier plugins
| fnameLabel | Classification based on filename |
| geoip | Classification based on IP address location |
| nDPI | Classification based on content analysis |
| p0f | OS classification based on content analysis (SSL/TLS) |
| tp0f | OS classification based on layer 3/4 (IP/TCP) analysis |
Output (sink) plugins
| binSink | Binary output into a flow file |
| clickhouseSink | Output into a ClickHouse database |
| findexer | Produce a binary index mapping flow index and packets |
| jsonSink | Produce a JSON file |
| kafkaSink | Output into an Apache Kafka event streaming platform |
| mongoSink | Output into a MongoDB database |
| mysqlSink | Output into a MariaDB/MySQL database |
| netflowSink | NetFlow output format for existing Cisco tools |
| payloadDumper | Dump the payload of TCP/UDP flows to files (similar to tcpflow) |
| pcapd | Store packets from specific flows in pcap files |
| psqlSink | Output into a PostgreSQL database |
| socketSink | Binary output into a TCP/UDP socket |
| sqliteSink | Output into a SQLite database |
| txtSink | Text output into a flow file |