CICFlowMeter Guide

Follow these steps:

1. Download the CICFlowMeter.zip file from the provided link.


2. Extract the ZIP file to any convenient location on your PC (e.g., Desktop or Downloads).


3. Navigate to the /bin folder inside the extracted directory; you will see a Windows Batch File named CICFlowMeter.bat. Note down or copy the full path of this folder for easy access.


4. Open the Windows Start Menu, search for Command Prompt (cmd), and right-click to select Run as Administrator.


5. In Command Prompt, use the cd command to navigate to the /bin folder.
   
   For example:
   
   cd "C:\Users\YourName\Desktop\CICFlowMeter\bin"
   
   Use dir to list the contents and confirm you’re in the correct directory.


6. Once inside the /bin folder, type CICFlowMeter.bat and press Enter.


7. The CICFlowMeter application will launch. Click on the Load button to view a list of available network interfaces.


8. You will now see interfaces listed like:
   
   \Device\NPF_{P7946A41-2914-8ZS0-K74Y-4GI931CU516D} (Microsoft) etc.


9. How to identify your Wi-Fi or Ethernet network interface:
   
   
   • Open Command Prompt and type ipconfig /all, then press Enter.
   
   
   • Look for the adapter in use (e.g., "Wireless LAN adapter Wi-Fi" for Wi-Fi or "Ethernet adapter" for a wired connection).
   
   
   • Note the Description or Physical Address (MAC address) of your active network adapter.
   
   
   • In the CICFlowMeter interface list, match the description or MAC address with the corresponding device entry. This ensures you select the correct network interface for capturing traffic.


10. If you already have a .pcap file (captured traffic), go to the Network tab (open by default), click the Offline button, browse to your input file, and select the output folder. Then click Load and export the flows as a .csv file by clicking OK.


11. To capture live traffic: Go to the Network tab (open by default), click the Realtime button, and click Start to begin monitoring packet flows on the selected interface.


12. When you are done capturing traffic, click Stop.


13. A pop-up notification will confirm that the .csv file has been saved at the specified location.


14. You can also use Wireshark to record .pcap files if you prefer or already have recorded traffic. Download Wireshark from: https://www.wireshark.org/download.html.


15. Tip: While Wireshark is great for capturing .pcap files, it’s recommended to use CICFlowMeter directly for real-time traffic if you want to generate .csv files without additional steps.


16. Now open the TrafficTracer web application.


17. Upload the generated .csv file using the provided upload form.


18. Select the network type (e.g., Home/SOHO) that matches the environment of your traffic capture, and click Detect.


19. The detection results—including analysis and visualizations—will be displayed on your screen.


20. Thank you for using TrafficTracer!

Video Tutorial:

Prerequisites:

• Java 1.8: Download Java 1.8
• Install Java and ensure it’s in your PATH (check by running java -version in terminal).

Back to Detection

---

Attribution & License:

The CICFlowMeter tool is developed and maintained by its original authors. Full credit to:

• Arash Habibi Lashkari: Researcher and Developer (Founder)
• Gerard Draper: Researcher and Developer (Co-founder)
• Muhammad Saiful Islam: Researcher and Developer (Co-founder)

License:

© 2016. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (CICFlowMeter), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

For proper citation and a full understanding of CICFlowMeter (formerly ISCXFlowMeter), refer to these published papers:

• Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun, Ali A. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", 3rd International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017.
• Gerard Draper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016), pages 407-414, Rome, Italy.

Official links:

https://github.com/ahlashkari/CICFlowMeter
https://www.unb.ca/cic/research/applications.html