* Tool
Argus

* Link
https://openargus.org/
https://qosient.com/argus/manuals.shtml

* Description
Argus is a data network transaction auditing tool that categorizes and tracks network packets that match the libpcap filter expression into a protocol-specific network flow transaction model. Argus reports on the transactions that it discovers, as periodic network flow data, that is suitable for historical and near real-time processing for forensics, trending and alarm/alerting.
Within the VARIoT project, Argus extracts 120+ flow based features from pcap network traffic captures.

* Usage
First, convert the pcap file into an argus file.

user@host:~$ argus -r input.pcap -w output.argus

-r input.pcap => input pcap file
-w output.argus => output argus file

Second, extract the desired features based on .rarc configuration file.

user@host:~$ ra -r output.argus > output.csv

-r output.argus => argus file to process
> output.csv => pipe to output csv file

* Output
- output.argus : argus file
- output.csv : extracted features

* Extra configuration files
.rarc file

