FlowGuardX

FlowGuardX is a network security analysis tool built on top of CICFlowMeter, an open-source tool originally developed for academic network traffic research. Where CICFlowMeter focused on extracting statistics from PCAP files (recordings of raw network traffic) into CSV spreadsheets, FlowGuardX extends that foundation with threat detection and a web interface for reviewing results.

The tool reads PCAP files, reconstructs the network conversations inside them, and computes dozens of measurements per conversation: timing patterns, packet sizes, how much data flows in each direction, and how bursty or periodic the traffic looks. On top of those measurements it adds frequency-domain analysis, which means it converts the traffic patterns into a form that can reveal hidden periodicities, like malware that checks in with a remote server at regular intervals.

With those measurements in hand, a rule-based detection layer flags suspicious patterns: port scanning, flooding attacks, traffic that looks like an automated heartbeat, and transfers where one side sends far more than the other. Each alert comes with an explanation string describing which measurements triggered it, so a human reviewer can understand what was found without digging into raw numbers.

The results are accessible through a local web interface running at port 8088. The dashboard shows statistics, a flow table, frequency charts, and an alert list. You can also export findings as JSON, CSV, or HTML for further analysis elsewhere. The command-line interface and PowerShell helper scripts let you run an analysis without touching the browser at all.

The original Java version of CICFlowMeter is preserved in the repository alongside the new Python-based platform layer, and the project retains the original open-source license from the CICFlowMeter authors.