Packages

  • package root

    This is documentation for Mothra, a collection of Scala and Spark library functions for working with Internet-related data.

    This is documentation for Mothra, a collection of Scala and Spark library functions for working with Internet-related data. Some modules contain APIs of general use to Scala programmers. Some modules make those tools more useful on Spark data-processing systems.

    Please see the documentation for the individual packages for more details on their use.

    Scala Packages

    These packages are useful in Scala code without involving Spark:

    org.cert.netsa.data

    This package, which is collected as the netsa-data library, provides types for working with various kinds of information:

    org.cert.netsa.io.ipfix

    The netsa-io-ipfix library provides tools for reading and writing IETF IPFIX data from various connections and files.

    org.cert.netsa.io.silk

    To read and write CERT NetSA SiLK file formats and configuration files, use the netsa-io-silk library.

    org.cert.netsa.util

    The "junk drawer" of netsa-util so far provides only two features: First, a method for equipping Scala scala.collection.Iterators with exception handling. And second, a way to query the versions of NetSA libraries present in a JVM at runtime.

    Spark Packages

    These packages require the use of Apache Spark:

    org.cert.netsa.mothra.datasources

    Spark datasources for CERT file types. This package contains utility features which add methods to Apache Spark DataFrameReader objects, allowing IPFIX and SiLK flows to be opened using simple spark.read... calls.

    The mothra-datasources library contains both IPFIX and SiLK functionality, while mothra-datasources-ipfix and mothra-datasources-silk contain only what's needed for the named datasource.

    org.cert.netsa.mothra.analysis

    A grab-bag of analysis helper functions and example analyses.

    org.cert.netsa.mothra.functions

    This single Scala object provides Spark SQL functions for working with network data. It is the entirety of the mothra-functions library.

    Definition Classes
    root
  • package org
    Definition Classes
    root
  • package cert
    Definition Classes
    org
  • package netsa
    Definition Classes
    cert
  • package io
    Definition Classes
    netsa
  • package silk

    SiLK file formats, data types, and methods to read them, including support for reading them from Spark.

    SiLK file formats, data types, and methods to read them, including support for reading them from Spark.

    RWRec is the type of SiLK flow records.

    You can use RWRecReader to read SiLK files from Scala, including compressed files if Hadoop native libraries are available. For example:

    import org.cert.netsa.io.silk.RWRecReader
import java.io.FileInputStream

val inputFile = new FileInputStream("path/to/silk/rw/file")

for ( rec <- RWRecReader.ofInputStream(inputFile) ) {
  println(rec.sIP)
}
    Definition Classes
    io
    See also

    org.cert.netsa.mothra.datasources.silk.flow for working with SiLK data in Spark using the Mothra SiLK datasource.

  • package config
    Definition Classes
    silk
  • package io
    Definition Classes
    silk
  • BagDataType
  • BagReader
  • BagResult
  • BagWriter
  • CompressionMethod
  • FileFormat
  • FlowType
  • Header
  • HeaderEntry
  • IPSetReader
  • IPSetWriter
  • PrefixMapProtocolPortPair
  • PrefixMapReader
  • PrefixMapResult
  • RWRec
  • RWRecReader
  • RWRecWriter
  • Sensor
  • SilkConfig
  • SilkDataFormatException
  • SilkVersion
  • TCPState

final case class TCPState(toByte: Byte) extends AnyVal with Product with Serializable

A SiLK TCP state flag vector, encoding various properties of TCP packets in a TCP flow, as encoded in a Byte value.

toByte

The byte value representing this state vector.

Linear Supertypes
Serializable, Product, Equals, AnyVal, Any
Ordering
  1. Grouped
  2. Alphabetic
  3. By Inheritance
Inherited
  1. TCPState
  2. Serializable
  3. Product
  4. Equals
  5. AnyVal
  6. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new TCPState(toByte: Byte)

    toByte

    The byte value representing this state vector.

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    Any
  2. final def ##: Int
    Definition Classes
    Any
  3. def &(o: TCPState): TCPState

    The bitwise AND of two TCP state flag sets.

  4. final def ==(arg0: Any): Boolean
    Definition Classes
    Any
  5. def ^(o: TCPState): TCPState

    The bitwise XOR of two TCP state flag sets.

  6. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  7. def continuation: Boolean

    True if this flow carries on after truncation due to a timeout or other flush of the sensor's cache.

    True if this flow carries on after truncation due to a timeout or other flush of the sensor's cache. There may be a matching flow record with the truncated flag set.

  8. def expandedFlags: Boolean

    True if this record contains expanded flag information (initFlags and restFlags).

  9. def finFollowed: Boolean

    True if additional packets were seen following a packet with the FIN flag set.

  10. def getClass(): Class[_ <: AnyVal]
    Definition Classes
    AnyVal → Any
  11. def isIPv6: Boolean

    True if this flow's IP addresses are IPv6 addresses.

  12. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  13. def productElementNames: Iterator[String]
    Definition Classes
    Product
  14. val toByte: Byte
  15. def toString(): String

    Returns a string representation of this TCPState value using the following characters:

    Returns a string representation of this TCPState value using the following characters:

    • T truncated
    • C continuation
    • F finFollowed
    • S uniformPacketSize
    • x expandedFlags
    • 6 isIPv6
    Definition Classes
    TCPState → Any
  16. def truncated: Boolean

    True if this flow was truncated due to a timeout or other flush of the sensor's cache.

    True if this flow was truncated due to a timeout or other flush of the sensor's cache. There may be a matching flow record with the continuation flag set.

  17. def unary_~: TCPState

    The bitwise NOT of a set of TCP state flags.

  18. def uniformPacketSize: Boolean

    True if all packets in the flow had the same size in bytes.

  19. def |(o: TCPState): TCPState

    The bitwise OR of two TCP state flag sets.

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from AnyVal

Inherited from Any

Flags

Ungrouped