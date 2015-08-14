

Using AIEngine To use AIEngine (reduce version) just execute the binary aiengine or use the python/ruby/java/lua binding.

luis@luis-xps:~/c++/aiengine/src$ ./aiengine -h aiengine 1.8.0 Mandatory arguments: -I [ --input ] arg Sets the network interface ,pcap file or directory with pcap files. Link Layer optional arguments: -q [ --tag ] arg Selects the tag type of the ethernet layer (vlan,mpls). TCP optional arguments: -t [ --tcp-flows ] arg (=32768) Sets the number of TCP flows on the pool. UDP optional arguments: -u [ --udp-flows ] arg (=16384) Sets the number of UDP flows on the pool. Regex optional arguments: -R [ --enable-signatures ] Enables the Signature engine. -r [ --regex ] arg (=.*) Sets the regex for evaluate agains the flows. -c [ --flow-class ] arg (=all) Uses tcp, udp or all for matches the signature on the flows. -m [ --matched-flows ] Shows the flows that matchs with the regex. -M [ --matched-packet ] Shows the packet payload that matchs with the regex. -C [ --continue ] Continue evaluating the regex with the next packets of the Flow. -j [ --reject-flows ] Rejects the flows that matchs with the regex. -w [ --evidence ] Generates a pcap file with the matching regex for forensic analysis. Frequencies optional arguments: -F [ --enable-frequencies ] Enables the Frequency engine. -g [ --group-by ] arg (=dst-port) Groups frequencies by src-ip,dst-ip,src-por t and dst-port. -f [ --flow-type ] arg (=tcp) Uses tcp or udp flows. -L [ --enable-learner ] Enables the Learner engine. -k [ --key-learner ] arg (=80) Sets the key for the Learner engine. -b [ --buffer-size ] arg (=64) Sets the size of the internal buffer for generate the regex. -Q [ --byte-quality ] arg (=80) Sets the minimum quality for the bytes of the generated regex. -y [ --enable-yara ] Generates a yara signature. Optional arguments: -n [ --stack ] arg (=lan) Sets the network stack (lan,mobile,lan6,virtual, oflow). -d [ --dumpflows ] Dump the flows to stdout. -s [ --statistics ] arg (=0) Show statistics of the network stack (5 levels). -T [ --timeout ] arg (=180) Sets the flows timeout. -P [ --protocol ] arg Show statistics of a specific protocol of the network stack. -e [ --release ] Release the caches. -l [ --release-cache ] arg Release a specific cache. -p [ --pstatistics ] Show statistics of the process. -o [ --summary ] Show protocol summmary statistics (bytes,packets,% bytes,cache miss,memory). -h [ --help ] Show help. -v [ --version ] Show version string.