diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-11-22 17:28:38 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2025-02-25 12:24:21 +0100 |
| commit | cacf1f25705d810477ff74b6c0555d25a667ab2a (patch) | |
| tree | d6bec420e1f1809b545c772e856011431ea13c1d | |
| parent | bb870cb98fd6885b2e1d1c6ae0af5b1c32663d8a (diff) | |
Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53
* make finally use of the thread distribution seed
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
| -rw-r--r-- | nDPId.c | 183 | ||||
| -rw-r--r-- | test/results/default/badpackets.pcap.out | 12 | ||||
| -rw-r--r-- | test/results/default/fins.pcap.out | 27 | ||||
| -rw-r--r-- | test/results/default/fuzz-2006-06-26-2594.pcap.out | 2 | ||||
| -rw-r--r-- | test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out | 6 | ||||
| -rw-r--r-- | test/results/default/gre.pcapng.out | 18 | ||||
| -rw-r--r-- | test/results/default/ip_fragmented_garbage.pcap.out | 32 | ||||
| -rw-r--r-- | test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out | 30 | ||||
| -rw-r--r-- | test/results/default/reasm_segv_anon.pcapng.out | 36 | ||||
| -rw-r--r-- | test/results/default/rsh-syslog-false-positive.pcap.out | 4 | ||||
| -rw-r--r-- | test/results/flow-analyse/default/gre.pcapng.out | 4 | ||||
| -rw-r--r-- | test/results/flow-info/default/gre.pcapng.out | 6 | ||||
| -rw-r--r-- | test/results/influxd/default/gre.pcapng.out | 10 | ||||
| -rw-r--r-- | test/results/stats/default/gre.pcapng.out | 14 |
14 files changed, 306 insertions, 78 deletions
@@ -386,13 +386,14 @@ enum error_event IP6_PACKET_TOO_SHORT, // 10 IP6_SIZE_SMALLER_THAN_HEADER, IP6_L4_PAYLOAD_DETECTION_FAILED, + TUNNEL_DECODE_FAILED, TCP_PACKET_TOO_SHORT, UDP_PACKET_TOO_SHORT, CAPTURE_SIZE_SMALLER_THAN_PACKET_SIZE, MAX_FLOW_TO_TRACK, - FLOW_MEMORY_ALLOCATION_FAILED, + FLOW_MEMORY_ALLOCATION_FAILED, // 18 - ERROR_EVENT_COUNT // 17 + ERROR_EVENT_COUNT }; enum daemon_event @@ -437,6 +438,7 @@ static char const * const error_event_name_table[ERROR_EVENT_COUNT] = { [IP6_PACKET_TOO_SHORT] = "IP6 packet too short", [IP6_SIZE_SMALLER_THAN_HEADER] = "Packet smaller than IP6 header", [IP6_L4_PAYLOAD_DETECTION_FAILED] = "nDPI IPv6/L4 payload detection failed", + [TUNNEL_DECODE_FAILED] = "Tunnel decoding failed", [TCP_PACKET_TOO_SHORT] = "TCP packet smaller than expected", [UDP_PACKET_TOO_SHORT] = "UDP packet smaller than expected", [CAPTURE_SIZE_SMALLER_THAN_PACKET_SIZE] = "Captured packet size is smaller than expected packet size", @@ -2289,7 +2291,9 @@ static void jsonize_daemon(struct nDPId_reader_thread * const reader_thread, enu #endif ndpi_serialize_string_string(&workflow->ndpi_serializer, "ndpi_version", ndpi_revision()); ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "ndpi_api_version", ndpi_get_api_version()); - ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "size_per_flow", (uint64_t)(sizeof(struct nDPId_flow) + sizeof(struct nDPId_detection_data))); + ndpi_serialize_string_uint64(&workflow->ndpi_serializer, + "size_per_flow", + (uint64_t)(sizeof(struct nDPId_flow) + sizeof(struct nDPId_detection_data))); switch (event) { @@ -3927,6 +3931,119 @@ static int distribute_single_packet(struct nDPId_reader_thread * const reader_th reader_thread->array_index); } +/* See libnDPI: `ndpi_is_valid_gre_tunnel()` in example/reader_util.c */ +static uint32_t is_valid_gre_tunnel(struct pcap_pkthdr const * const header, + uint8_t const * const packet, + uint8_t const * const l4_ptr) +{ + + if (header->caplen < (l4_ptr - packet) + sizeof(struct ndpi_gre_basehdr)) + { + return 0; /* Too short for GRE header*/ + } + uint32_t offset = (l4_ptr - packet); + struct ndpi_gre_basehdr * grehdr = (struct ndpi_gre_basehdr *)&packet[offset]; + offset += sizeof(struct ndpi_gre_basehdr); + + /* + * The GRE flags are encoded in the first two octets. Bit 0 is the + * most significant bit, bit 15 is the least significant bit. Bits + * 13 through 15 are reserved for the Version field. Bits 9 through + * 12 are reserved for future use and MUST be transmitted as zero. + */ + if (NDPI_GRE_IS_FLAGS(grehdr->flags)) + { + return 0; + } + if (NDPI_GRE_IS_REC(grehdr->flags)) + { + return 0; + } + + /* GRE rfc 2890 that update 1701 */ + if (NDPI_GRE_IS_VERSION_0(grehdr->flags)) + { + if (NDPI_GRE_IS_CSUM(grehdr->flags)) + { + if (header->caplen < offset + 4) + { + return 0; + } + /* checksum field and offset field */ + offset += 4; + } + if (NDPI_GRE_IS_KEY(grehdr->flags)) + { + if (header->caplen < offset + 4) + { + return 0; + } + offset += 4; + } + if (NDPI_GRE_IS_SEQ(grehdr->flags)) + { + if (header->caplen < offset + 4) + { + return 0; + } + offset += 4; + } + } + else if (NDPI_GRE_IS_VERSION_1(grehdr->flags)) + { + /* rfc-2637 section 4.1 enhanced gre */ + if (NDPI_GRE_IS_CSUM(grehdr->flags)) + { + return 0; + } + if (NDPI_GRE_IS_ROUTING(grehdr->flags)) + { + return 0; + } + if (!NDPI_GRE_IS_KEY(grehdr->flags)) + { + return 0; + } + if (NDPI_GRE_IS_STRICT(grehdr->flags)) + { + return 0; + } + if (grehdr->protocol != NDPI_GRE_PROTO_PPP) + { + return 0; + } + /* key field */ + if (header->caplen < offset + 4) + { + return 0; + } + offset += 4; + if (NDPI_GRE_IS_SEQ(grehdr->flags)) + { + if (header->caplen < offset + 4) + { + return 0; + } + offset += 4; + } + if (NDPI_GRE_IS_ACK(grehdr->flags)) + { + if (header->caplen < offset + 4) + { + return 0; + } + offset += 4; + } + } + else + { + /* support only ver 0, 1 */ + return 0; + } + + return offset; +} + static void ndpi_process_packet(uint8_t * const args, struct pcap_pkthdr const * const header, uint8_t const * const packet) @@ -3988,6 +4105,7 @@ static void ndpi_process_packet(uint8_t * const args, return; } +process_layer3_again: if (type == ETH_P_IP) { ip = (struct ndpi_iphdr *)&packet[ip_offset]; @@ -4063,7 +4181,7 @@ static void ndpi_process_packet(uint8_t * const args, flow_basic.src.v4.ip = ip->saddr; flow_basic.dst.v4.ip = ip->daddr; uint32_t min_addr = (flow_basic.src.v4.ip > flow_basic.dst.v4.ip ? flow_basic.dst.v4.ip : flow_basic.src.v4.ip); - thread_index = min_addr + ip->protocol; + thread_index += min_addr + ip->protocol; } else if (ip6 != NULL) { @@ -4113,7 +4231,7 @@ static void ndpi_process_packet(uint8_t * const args, min_addr[0] = flow_basic.src.v6.ip[0]; min_addr[1] = flow_basic.src.v6.ip[1]; } - thread_index = min_addr[0] + min_addr[1] + ip6->ip6_hdr.ip6_un1_nxt; + thread_index += min_addr[0] + min_addr[1] + ip6->ip6_hdr.ip6_un1_nxt; } else { @@ -4125,6 +4243,61 @@ static void ndpi_process_packet(uint8_t * const args, return; } + /* process intermediate protocols i.e. layer4 tunnel protocols */ + if (flow_basic.l4_protocol == IPPROTO_GRE) + { + uint32_t offset = is_valid_gre_tunnel(header, packet, l4_ptr); + + if (offset == 0) + { + if (is_error_event_threshold(reader_thread->workflow) == 0) + { + jsonize_error_eventf(reader_thread, TUNNEL_DECODE_FAILED, "%s%u", "protocol", flow_basic.l4_protocol); + jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); + } + return; + } + else + { + struct ndpi_gre_basehdr const * const grehdr = (struct ndpi_gre_basehdr const *)l4_ptr; + + if (grehdr->protocol == ntohs(ETH_P_IP) || grehdr->protocol == ntohs(ETH_P_IPV6)) + { + ip_offset = offset; + goto process_layer3_again; + } + else if (grehdr->protocol == NDPI_GRE_PROTO_PPP) + { + /* Point to Point Protocol */ + if (header->caplen < offset + sizeof(struct ndpi_chdlc)) + { + if (is_error_event_threshold(reader_thread->workflow) == 0) + { + jsonize_error_eventf(reader_thread, + TUNNEL_DECODE_FAILED, + "%s%u %s%u %s%zu", + "protocol", + flow_basic.l4_protocol, + "size", + header->caplen, + "expected", + offset + sizeof(struct ndpi_chdlc)); + jsonize_packet_event(reader_thread, header, packet, 0, 0, 0, 0, NULL, PACKET_EVENT_PAYLOAD); + } + return; + } + + struct ndpi_chdlc const * const chdlc = (struct ndpi_chdlc const *)&packet[offset]; + ip_offset = offset + sizeof(*chdlc); + goto process_layer3_again; + } + else + { + // TODO: Check Layer1 / Layer2 again? + } + } + } + /* process layer4 e.g. TCP / UDP */ if (flow_basic.l4_protocol == IPPROTO_TCP) { diff --git a/test/results/default/badpackets.pcap.out b/test/results/default/badpackets.pcap.out index c59f78158..18edd8e1c 100644 --- a/test/results/default/badpackets.pcap.out +++ b/test/results/default/badpackets.pcap.out @@ -6,7 +6,7 @@ 00703{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc9nogAOcRxKmDTlH+zLpQ5QA1PsIG13F6XwyFkwABAAAADAABC3BobDFzcHJ0MTA4BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAbgAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAbgCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451039146849,"packet_id":3,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":161,"global_ts_usec":1495451039146849} 00560{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":195,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc+0kgAD4R+SzH+X0BzLpQ5QA17UEGadbGg\/+EAAABAAcAAAABAmFjAmluAAAwAAHADAAwAAEAAAOEAIgBAAMHAwEAAaeWg1I7aL35m5DCbWdqIX1+dVtvwe4HaQJz7QrnwC+P8\/7Gi54fYbmoWgZ9BgFy+rRM5fLeLdyqgaAlGaU+qP7EB\/v\/pv\/GHQKcotJZ+biekG9TccSc6BYmV0hXKBRudE\/xZj\/qEl0HEAn3LKZa"} -00342{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451051753069,"packet_id":4,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_usec":1495451051753069} +00342{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451051753069,"packet_id":4,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_usec":1495451051753069} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="} 00315{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451051753069,"packet_id":4,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":12,"global_ts_usec":1495451051753069} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="} @@ -22,11 +22,11 @@ 01900{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":1194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1194,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAIgADIR1DWhNyACzLpQ5QA1\/wMKUGaWU+KEEAABAAIABAANA3d3dw9saWdodG5pbmdzYWZldHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAFBTQGedUPGXlY8bN43JvkPLP\/vLkCv4PmFD+Yp\/wKTn0+3B8hqXsIbo6jgqCi3hM+7l3yndT6nZEOODHtVyiul17+C7883eqnN76iy6lo9R1eEKHDTvsvSdJsQx2dFH5NYDWOOjTdL3jybIGoJFlbIi+hHfzKdzFb0fO0kDYAdFs0mGEVvk\/ydoCnsE67n5RXLgALUI8enDF8d5JUZ3gz4Jmmium7SfonREBNj5MfQvR1R1JvVYPQQEWggJtIusb+MaDn2Gu7eaN7\/yF8WIh6HnwxWN7Z+YBGUTnTr0qXbOrrAMUycgB\/+tQ+zRqQIpZcUyO0tGVISl48WAUZAKbu8BcAAIAAQABUYAACAVucy1td8BcwFwAAgABAAFRgAAIBW5zLW53wFzAXAACAAEAAVGAAAcEbnMtZcBcwFwALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBmgABAAEAAVGAAASMWiHtwZoAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FyAAEAAQABUYAABIysEe3BcgAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYYAAQABAAFRgAAEoTcgAsGGABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBmgAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GaAC4AAQABUYAB"} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113809047,"packet_id":10,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":366,"global_ts_usec":1495451113809047} 00834{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAQgADIR1DOhNyACzLpQ5QA1Z54M\/oF1LsqEEAABAAYABAANA3d3dw9hdmlhdGlvbndlYXRoZXIDZ292AAABAAHADAAFAAEAAAB4ABwPYXZpYXRpb253ZWF0aGVyBG5jZXAEbm9hYcAgwAwALgABAAAAeAEnAAUFAwAAAHhZK4siWSJQoibZD2F2aWF0aW9ud2VhdGhlcgNnb3YANj2uOA0qhMT+eoVBqvrrykuNqwkPVt8jdEhzF2Xc5aVSTWD5VljYyQWYC5vB2Pco+JCgeS7v+6P3ExqHKmNR0+\/rk7b14BLW1\/5AmNi\/7vapdiTq7yn43bnad9VKhNoyKYZcBBZ1b9tNkBEnELdSDbcDAQG053jlJWYvGHyMMJCHtDL+CPBtpJodRAacY+oZWSnBeiVMlLUCIdwUfsdnq5J46wTjS8+g3ZKLn4UR1XowHnaGOySsUz9hWM4CwtpTsVExgrAuWZ3ZCQmSQcr07tJKgCI7moO7D0IOvF0jbYwvdg=="} -00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113881614,"packet_id":11,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_usec":1495451113881614} +00343{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113881614,"packet_id":11,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_usec":1495451113881614} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113881614,"packet_id":11,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":25,"global_ts_usec":1495451113881614} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="} -00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113931523,"packet_id":12,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_usec":1495451113931523} +00343{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113931523,"packet_id":12,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_usec":1495451113931523} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451113931523,"packet_id":12,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_usec":1495451113931523} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="} @@ -72,7 +72,7 @@ 01026{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":538,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcm2UgADwRZEWcmp8szLpQ5QA1q4QHwM\/ij\/aEAAABAAkAAAABBWNpc2NvAAAwAAHADAAwAAEAABwgAIgBAAMIAwEAAdRGl1LNWnzy7pAEJi3Qfp0TyGaJmTkZh6eXbbqBdkY9a1AoaD29yVHLBBpWMSQjH95pwspn6IcXgzevKG6XFhwPNM+E0S7Ju2k\/7H2VuFBNC29dnwoJg4icT5epf3G8zmCaNYnLVZLs5atUCkBlhgvwscnvv\/TSmgpTXYQuqFu\/wAwAMAABAAAcIACIAQADCAMBAAGb2PYROIXk7P7qLTWvxVk3g1BsHjHVl72rmOzt5smqLLn23qp74hnC88zJUUWv21Kqy8BhoPdBWvuS3K8EynHYxDv8VO+YXAgqPkxai26z4TwjzZmHJVKWTKIiQzsakq\/w839oY5NLQsHtKpX4hQW\/\/wsieSUyQBsu2l28RS8I1cAMADAAAQAAHCABCAEBAwgDAQABygOnV9ghCwCrh3eIvDoG++8o80Fto28a\/p6JEdC+lLUNcG3Y9tAyIDCo8XUGee3bePYL4ZzXyCqJp7IksLLiu1iB6COA3ZuzD54vWOW2TJDtbTnlLS\/u7yD3YgI8LRcGSwoN2sUUDjhQxtd1fWfVIvI03XN5eQAXgcBIZZGdNKBR\/XOzYiDors4mheJ4ps\/1KYBH9kdGGiRmovRgfQ=="} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451362335777,"packet_id":37,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":757,"global_ts_usec":1495451362335777} 01365{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":791,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":791,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc0esgADMR6diEowQKzLpQ5QA1Y8kIvV9wUR6EEAABAAMABAANBnRpbWUtYgh0aW1lZnJlcQdibGRyZG9jA2dvdgAAAQABwAwAAQABAAAHCAAEhKMEZsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCFcsQdibGRyZG9jA2dvdgCz4vohuOo\/ZN1uNZLF+UDD3qHzJ2C3tMHOSiioVq033RO+ipzXapwQ4E4BS5zpIr923AlaL\/9WhCQy\/1Y1em3YZ3AdccyxO0gssoEPbElS149\/ac9HrbYG6d20TbbVB+VxK1L4MHmWOCcJMgpGO42vZ1KmHAZxDSlAli+HvMzpRsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCGY5AdibGRyZG9jA2dvdgBW5VUxo2FURuhTFYytwadnYHGDoScx7bGNWmJUvbniq24ec9+NK5A\/tqH7Lb1b3crN9Prt\/g\/MsebeMzTxodqie2+H6hdDZbplhskKnOEu5xRS1cUQfYmye\/wwniirGeCr1GVyInNfmb1RMzIVhXHumDFYR5pqMpRB66Ew29Kp48EGAAIAAQAABwgACwNnZWEEbmlzdMEOwQYAAgABAAAHCAAGA2JlYcGjwQYALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GVyxB2JsZHJkb2MDZ292AIkzKBspRRKHjgld2iUJ6W8EI2\/ErlCgV4JOh1mMYrKJbPVKhaRdiPCnaxtYShzkiY056+AEL\/F04B\/Iv+WE6BOSfqWIKu831nLLehhatNc+0QoMG8piwdYZemWzDmmM\/mnqv45r3JwAgEQFHE9f4xPdbzXzBXCIN46nN8sxYcwUwdoALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GZjkB2JsZHJkb2MDZ292AESJxFFnLylJJ50F\/EEyc6PhRchiACYL\/AlcnWeas5mQ0gG8Z\/ObR2D2qfguVUaT0TQMgn0akP1qC+VS8lFO0ft06e+8c5Y27dzgbK173tMxr5wtnClaCLjSQH8="} -00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451391978406,"packet_id":38,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_usec":1495451391978406} +00343{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451391978406,"packet_id":38,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_usec":1495451391978406} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451391978406,"packet_id":38,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":24,"global_ts_usec":1495451391978406} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="} @@ -114,11 +114,11 @@ 00782{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBcgADIR1CChNyACzLpQ5QA1FUYM12ePIm2EEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451619545973,"packet_id":57,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_usec":1495451619545973} 00970{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+sgADgR3T6MWiHtzLpQ5QA1+sANYy2s8YiEEAABAA8ABAANA3d3dwNuaGMEbm9hYQNnb3YAAAEAAcAMAAUAAQAAASwADwhlZGdlLW53cwN3b2PAFMAMAC4AAQAAASwBIAAFBQQAAAEsWSuLeVkiUPkyEANuaGMEbm9hYQNnb3YAmdicnE8euFUxTHUXfeUJmy6UvdRd01G3Waurvp4SxZ2PJZgNPzjjITBMLV6ecU4\/JueThrSlKZCbDqf7PO1nwK30oVaMXimjEp\/WM+cq2lYinJ+rRAUpOFrU1\/PMoKmi\/NA9YhzR1i84ntUn6pU7gPRsC1l0stlJvmpn5vPK2SEpb2eW0Gowmg8iUnJq32XYuUvIED4TSMnVkgyeOVQyRuntLmYEqOLIN1Y4bfKDTdnt4ooZOC4nZltsnzRyIjkMnu6GUtEuSBRaXw7\/LMILqzp94rUYZ+A0FpoK\/AokSahDQC+1b+t0iMHL6XYsjM4sNHxXO6pg\/DJfgn7ZWUE0hMAuAAUAAQAAASwADAdlZGdlLXAxAWzAX8AuAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAkE66gKhT1JcM2kgWKvIXOPPjjmHF901em1sV2mJv"} -00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620149557,"packet_id":58,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_usec":1495451620149557} +00343{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620149557,"packet_id":58,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_usec":1495451620149557} 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="} 00317{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620149557,"packet_id":58,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":10,"global_ts_usec":1495451620149557} 00352{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="} -00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_usec":1495451620868987} +00344{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_usec":1495451620868987} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} 00316{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1495451620868987,"packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_usec":1495451620868987} 00353{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"cfgs\/default\/pcap\/badpackets.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_usec":1495451029466717,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} diff --git a/test/results/default/fins.pcap.out b/test/results/default/fins.pcap.out index 3bedc49b1..06bead3fe 100644 --- a/test/results/default/fins.pcap.out +++ b/test/results/default/fins.pcap.out @@ -8,41 +8,46 @@ 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1233089082809410,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809410,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi5AAEAREyMKBA5mCoKCguViJYAAGn1SgAACAAAAAAAAegEBgczMzAAC"} 00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1233089082809435,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809435,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi9AAEAREyIKBA5mCoKCguViJYAAGnxSgAACAAAAAAAAegEBgszMzAAC"} 02050{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082810135,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082810135,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":25.9,"max":31,"stddev":1.6,"var":2.4,"ent":5.0,"data": [22,29,26,25,25,26,27,26,26,25,25,25,26,26,25,26,25,25,26,27,31,27,25,25,26,25,25,26,25,25,29]},"pktlen": {"min":44,"avg":47.2,"max":65,"stddev":3.5,"var":12.6,"ent":5.0,"data": [46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,52,48,44,48,50,46,46,46,46,46,50,48,65]},"bins": {"c_to_s": [31,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.966703415,3.990315914,4.006726265,4.050204754,4.015212536,4.077271938,4.033793926,4.077271938,4.093682766,4.093682766,4.093682766,4.093682766,4.050204754,4.093682766,4.093682766,4.093682766,4.093682766,4.050204277,4.077271938,4.222351551,4.000422955,3.952195406,3.979268074,4.288366795,3.913608313,3.913608313,3.913608789,3.913608313,3.837309122,4.107601166,3.918294430,3.660078049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} +<<<<<<< HEAD 00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1428095655145347} 00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655145347,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":66,"expected":70,"global_ts_usec":1428095655145347} +======= +00840{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1428095655145347} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655145347,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":66,"expected":70,"global_ts_usec":1428095655145347} +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_usec":1233089082814433,"pkt":"ABkHJDzKPKn0ISL4CABFAAA0ZANAAIAGf24KAQGtCgEBpELuJYDc78x8AAAAAIACIAAl6QAAAgQFtAEDAwIBAQQC"} 00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655145347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655145347,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655145347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1428095655145347,"pkt":"ABkHJDzKPKn0ISL4CABFAAA0ZANAAIAGf24KAQGtCgEBpELuJYDc78x8AAAAAIACIAAl6QAAAgQFtAEDAwIBAQQC"} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655286926,"packet_id":247,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":58,"expected":62,"global_ts_usec":1428095655286926} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655286926,"packet_id":247,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":58,"expected":62,"global_ts_usec":1428095655286926} 00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":247,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_usec":1428095655145347,"pkt":"PKn0ISL4ABkHJDzKCABFAAAsCPcAABQGhoMKAQGkCgEBrSWAQu5Ka\/mo3O\/MfWASCGAmEAAAAgQCGA=="} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1428095655286926,"pkt":"PKn0ISL4ABkHJDzKCABFAAAsCPcAABQGhoMKAQGkCgEBrSWAQu5Ka\/mo3O\/MfWASCGAmEAAAAgQCGA=="} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655287055,"packet_id":248,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655287055} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655287055,"packet_id":248,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655287055} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":248,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655286926,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZARAAIAGf3kKAQGtCgEBpELuJYDc78x9Smv5qVAQ\/3BDIAAA"} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1428095655287055,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1428095655287055,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZARAAIAGf3kKAQGtCgEBpELuJYDc78x9Smv5qVAQ\/3BDIAAA"} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655289816,"packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":74,"expected":78,"global_ts_usec":1428095655289816} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655289816,"packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":74,"expected":78,"global_ts_usec":1428095655289816} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_usec":1428095655287055,"pkt":"ABkHJDzKPKn0ISL4CABFAAA8ZAVAAIAGf2QKAQGtCgEBpELuJYDc78x9Smv5qVAY\/3CuWwAARklOUwAAAAwAAAAAAAAAAAAAAAA="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1428095655289816,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1428095655289816,"pkt":"ABkHJDzKPKn0ISL4CABFAAA8ZAVAAIAGf2QKAQGtCgEBpELuJYDc78x9Smv5qVAY\/3CuWwAARklOUwAAAAwAAAAAAAAAAAAAAAA="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655289816,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655289816,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655432184,"packet_id":250,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":78,"expected":82,"global_ts_usec":1428095655432184} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655432184,"packet_id":250,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":78,"expected":82,"global_ts_usec":1428095655432184} 00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":250,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_usec":1428095655289816,"pkt":"PKn0ISL4ABkHJDzKCABFAABACPgAABQGhm4KAQGkCgEBrSWAQu5Ka\/mp3O\/MkVAYCEyjoAAARklOUwAAABAAAAABAAAAAAAAAPsAAADI"} 00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1428095655289816,"flow_dst_last_pkt_time":1428095655432184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1428095655432184,"pkt":"PKn0ISL4ABkHJDzKCABFAABACPgAABQGhm4KAQGkCgEBrSWAQu5Ka\/mp3O\/MkVAYCEyjoAAARklOUwAAABAAAAABAAAAAAAAAPsAAADI"} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655432629,"packet_id":251,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":83,"expected":87,"global_ts_usec":1428095655432629} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655432629,"packet_id":251,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":83,"expected":87,"global_ts_usec":1428095655432629} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":251,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_usec":1428095655432184,"pkt":"ABkHJDzKPKn0ISL4CABFAABFZAZAAIAGf1oKAQGtCgEBpELuJYDc78yRSmv5wVAY\/1hwKwAARklOUwAAABUAAAACAAAAAIAAAgDIAAAA7wUFAQA="} -00340{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655590052,"packet_id":252,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":176,"expected":180,"global_ts_usec":1428095655590052} +00340{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655590052,"packet_id":252,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":176,"expected":180,"global_ts_usec":1428095655590052} 00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":252,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1428095655432629,"pkt":"PKn0ISL4ABkHJDzKCABFAACiCPkAABQGhgsKAQGkCgEBrSWAQu5Ka\/nB3O\/MrlAYCC+h\/QAARklOUwAAAHIAAAACAAAAAMAAAgD77wDIAAUFAQAAQ1AxTC1FTDIwRFItRAAAACAgICAwMS4wMAAAAAAAMDEuMDYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAABAAMAChcqEAgAAAAAAAA="} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655590846,"packet_id":253,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655590846} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655590846,"packet_id":253,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655590846} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":253,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655590052,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZApAAIAGf3MKAQGtCgEBpELuJYDc78yuSmv6O1AR\/t5C7gAA"} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655734575,"packet_id":254,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655734575} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655734575,"packet_id":254,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655734575} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":254,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655590846,"pkt":"PKn0ISL4ABkHJDzKCABFAAAoCPoAABQGhoQKAQGkCgEBrSWAQu5Ka\/o73O\/Mr1ARCC45ngAA"} -00339{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655734613,"packet_id":255,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655734613} +00339{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655734613,"packet_id":255,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655734613} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":255,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655734575,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZA1AAIAGf3AKAQGtCgEBpELuJYDc78yvSmv6PFAQ\/t5C7QAA"} 00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":245,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082814433,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6597,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655734613,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095675892372,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":55,"expected":59,"global_ts_usec":1428095675892372} +00338{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095675892372,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":55,"expected":59,"global_ts_usec":1428095675892372} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_usec":1428095655734613,"pkt":"ABkHJDzKPKn0ISL4CABFAAApZUwAAIARviUKAQGtCgEBpNZHJYAAFWRWgAACAAAAAGMA7wUBAA=="} 00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095675892372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095675892372,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095675892372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":21,"thread_ts_usec":1428095675892372,"pkt":"ABkHJDzKPKn0ISL4CABFAAApZUwAAIARviUKAQGtCgEBpNZHJYAAFWRWgAACAAAAAGMA7wUBAA=="} 00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095675892372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095675892372,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} -00340{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095676054158,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":148,"expected":152,"global_ts_usec":1428095676054158} +00340{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095676054158,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":148,"expected":152,"global_ts_usec":1428095676054158} 00489{"packet_event_id":1,"packet_event_name":"packet","packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":152,"pkt_l4_len":0,"thread_ts_usec":1428095675892372,"pkt":"PKn0ISL4ABkHJDzKCABFAACGCP0AABQRhhgKAQGkCgEBrSWA1kcAcoFswAACAGMAAMgA7wUBAABDUDFMLUVMMjBEUi1EAAAAICAgIDAxLjAwAAAAAAAwMS4wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAEAAwAKFyoQCAAAAAAAAA=="} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":114,"thread_ts_usec":1428095676054158,"pkt":"PKn0ISL4ABkHJDzKCABFAACGCP0AABQRhhgKAQGkCgEBrSWA1kcAcoFswAACAGMAAMgA7wUBAABDUDFMLUVMMjBEUi1EAAAAICAgIDAxLjAwAAAAAAAwMS4wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAEAAwAKFyoQCAAAAAAAAA=="} 00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655734613,"flow_dst_last_pkt_time":1428095655734575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}} diff --git a/test/results/default/fuzz-2006-06-26-2594.pcap.out b/test/results/default/fuzz-2006-06-26-2594.pcap.out index 48f373516..1cca91add 100644 --- a/test/results/default/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/default/fuzz-2006-06-26-2594.pcap.out @@ -146,7 +146,7 @@ 00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":99,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_usec":1120469635129222,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635152654,"flow_src_last_pkt_time":1120469635152654,"flow_dst_last_pkt_time":1120469635152654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1120469635152654,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635152654,"flow_dst_last_pkt_time":1120469635152654,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1120469635152654,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469635152721,"packet_id":86,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_usec":1120469635152721} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1120469635152721,"packet_id":86,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_usec":1120469635152721} 00377{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":42,"pkt_len":54,"pkt_l4_len":12,"thread_ts_usec":1120469635152654,"pkt":"ADBUADRWAODtAW69CABHAAAoabxAAIAGOYLAqAECk+oB\/Qqh5ncb6piL5SG6HVAQQiTRUAAA"} 00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1120469635153018,"flow_src_last_pkt_time":1120469635153018,"flow_dst_last_pkt_time":1120469635153018,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1120469635153018,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"cfgs\/default\/pcap\/fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_src_last_pkt_time":1120469635153018,"flow_dst_last_pkt_time":1120469635153018,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1120469635153018,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"} diff --git a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out index 23db7b424..9827c74a4 100644 --- a/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/default/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -1,6 +1,12 @@ +<<<<<<< HEAD 00631{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1953631155595384} 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384} +======= +00628{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00852{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1953631155595384} +00366{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_usec":1953631155595384} +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} 00331{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1953631155595384,"packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_usec":1953631155595384} 00382{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":4093509168,"pkt_l4_len":0,"thread_ts_usec":1953631155595384,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} diff --git a/test/results/default/gre.pcapng.out b/test/results/default/gre.pcapng.out index 4d66a0801..25615053c 100644 --- a/test/results/default/gre.pcapng.out +++ b/test/results/default/gre.pcapng.out @@ -1,3 +1,4 @@ +<<<<<<< HEAD 00610{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483501349095788} 00757{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5} @@ -5,17 +6,32 @@ 00905{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":620000000,"flow_src_min_l4_payload_len":346,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":346,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":346,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"109.105.228.253","dst_ip":"10.177.98.84","l4_proto":47,"flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GRE","proto_id":"80","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":346,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1483501349095788} +======= +00607{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00831{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1483501349095788} +00793{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"192.168.10.210","dst_ip":"192.168.103.40","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} +00980{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","vlan_id":142,"flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":58,"pkt_l4_offset":78,"pkt_len":384,"pkt_l4_len":306,"thread_ts_usec":1483501349095788,"pkt":"AAAAAAACnDf0fG6RgQAAjggARQABbq+lAADyL1hPbWnk\/QqxYlQwgYgLAUqYUAAAAGoAAACM\/wMAIUWgAUY4wQAAPxFN+8CoCtLAqGcoE8QTxAEyV9VTSVAvMi4wIDEwMCBUcnlpbmcNClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xMDMuNDA6NTA2MDtycG9ydD01MDYwO3JlY2VpdmVkPTE5Mi4xNjguMTAzLjQwO2JyYW5jaD16OWhHNGJLX0FJMjAwMEF1ZzA2NDkxMzY3MjI3MTEwDQpUbzogPHNpcDoyNzFAMTkyLjE2OC4xMC4yMTA+DQpGcm9tOiA8c2lwOjI4MUAxOTIuMTY4LjEwMy40MD47dGFnPUFJQ0NGODA1RTU3OENFNjQwMw0KQ2FsbC1JRDogQUkxNzM3QUI1NDkxQURDMzkyQDE5Mi4xNjguMTAzLjQwDQpDU2VxOiAxIElOVklURQ0KQ29udGVudC1MZW5ndGg6IDANCg0K"} +00939{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"192.168.10.210","dst_ip":"192.168.103.40","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00978{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1483501349095788,"flow_src_last_pkt_time":1483501349095788,"flow_dst_last_pkt_time":1483501349095788,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":298,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":298,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":298,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1483501349095788,"vlan_id":142,"l3_proto":"ip4","src_ip":"192.168.10.210","dst_ip":"192.168.103.40","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SIP","proto_id":"100","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +00835{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gre.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":1,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":298,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":7,"global_ts_usec":1483501349095788} +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 346 bytes +~~ total layer4 data length..: 298 bytes ~~ total detected protocols..: 1 ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +<<<<<<< HEAD ~~ total memory allocated....: 7485238 bytes ~~ total memory freed........: 7485238 bytes ~~ total allocations/frees...: 125869/125869 +======= +~~ total memory allocated....: 6654275 bytes +~~ total memory freed........: 6654275 bytes +~~ total allocations/frees...: 114140/114140 +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 615 chars ~~ json message max len.......: 985 chars diff --git a/test/results/default/ip_fragmented_garbage.pcap.out b/test/results/default/ip_fragmented_garbage.pcap.out index 33f9e99e8..bee5aac3e 100644 --- a/test/results/default/ip_fragmented_garbage.pcap.out +++ b/test/results/default/ip_fragmented_garbage.pcap.out @@ -2,37 +2,37 @@ 00847{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1534244024697756} 00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244024697756,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1534244024697756,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1534244024697756,"flow_dst_last_pkt_time":1534244024697756,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697792,"packet_id":2,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697792} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697792,"packet_id":2,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697792} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAkAGRa8KAAACCoAAAl4mKigqJl4lJCMmKihLSUo="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697801,"packet_id":3,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697801} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697801,"packet_id":3,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697801} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgBEAGRa0KAAACCoAAAkhHRkQyKiZERkdISksmXiU="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697809,"packet_id":4,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697809} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697809,"packet_id":4,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697809} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgBkAGRasKAAACCoAAAiQjI0VUUiVZXlUmSSpPUHs="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697817,"packet_id":5,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697817} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697817,"packet_id":5,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697817} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgCEAGRakKAAACCoAAAiI6aGRmbGtkYT5MPE1OQkg="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697824,"packet_id":6,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697824} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697824,"packet_id":6,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697824} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgCkAGRacKAAACCoAAAkdGREVXI0AkJV5IQkdWCjQ="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697832,"packet_id":7,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697832} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697832,"packet_id":7,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697832} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgDEAGRaUKAAACCoAAAjIxNDYzMTk4MjA1MSkoKiY="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697843,"packet_id":8,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697843} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697843,"packet_id":8,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697843} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgDkAGRaMKAAACCoAAAl4lJCNAIyQlXiYqKComXiU="} -00328{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697880,"packet_id":9,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697880} +00328{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697880,"packet_id":9,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697880} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgEEAGRaEKAAACCoAAAiQjcnNkbHVoZ2tmZHNia24="} -00329{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697888,"packet_id":10,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697888} +00329{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697888,"packet_id":10,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697888} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgEkAGRZ8KAAACCoAAAnZjLy50Z2Z0Zz9HUj9HUj8="} -00330{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697895,"packet_id":11,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697895} +00330{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697895,"packet_id":11,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697895} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgFEAGRZ0KAAACCoAAAnNSPzc0ODM5NikoKiZeJSQ="} -00330{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697903,"packet_id":12,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697903} +00330{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697903,"packet_id":12,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697903} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgFkAGRZsKAAACCoAAAiNAIUAjJCVeJiooKSgqJl4="} -00330{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697911,"packet_id":13,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697911} +00330{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697911,"packet_id":13,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697911} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgGEAGRZkKAAACCoAAAiUkI0AjJCVeJiooKiZeJSQ="} -00330{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697920,"packet_id":14,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697920} +00330{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697920,"packet_id":14,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697920} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgGkAGRZcKAAACCoAAAiMmKihLSUpIR0ZEMiomREY="} -00330{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697928,"packet_id":15,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697928} +00330{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697928,"packet_id":15,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697928} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgHEAGRZUKAAACCoAAAkdISksmXiUkIyNFVFIlWV4="} -00330{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697935,"packet_id":16,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697935} +00330{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697935,"packet_id":16,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697935} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgHkAGRZMKAAACCoAAAlUmSSpPUHsiOmhkZmxrZGE="} -00330{"error_event_id":13,"error_event_name":"TCP packet smaller than expected","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697943,"packet_id":17,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697943} +00330{"error_event_id":14,"error_event_name":"TCP packet smaller than expected","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1534244024697943,"packet_id":17,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","size":50,"expected":54,"global_ts_usec":1534244024697943} 00373{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":50,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":50,"pkt_l4_len":16,"thread_ts_usec":1534244024697756,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgIEAGRZEKAAACCoAAAj5MPE1OQkhHRkRFVyNAJCU="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1534244025001741,"flow_src_last_pkt_time":1534244025001741,"flow_dst_last_pkt_time":1534244025001741,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1534244025001741,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18730,"dst_port":20304,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":314,"source":"cfgs\/default\/pcap\/ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1534244025001741,"flow_dst_last_pkt_time":1534244025001741,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_usec":1534244025001741,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAkkqT1B7IjpoZGZsa2RhPkwp4QAA"} diff --git a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out index 344fa28e2..478ccdde9 100644 --- a/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/default/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -1,37 +1,43 @@ +<<<<<<< HEAD 00637{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} 00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724520744830,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830} +======= +00634{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00858{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1505724520744830} +00366{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724520744830,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1505724520744830} +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) 00469{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":80,"thread_ts_usec":1505724520744830,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00962{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520744830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1505724520744830,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00628{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1505724520744830,"flow_dst_last_pkt_time":1505724520947456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_usec":1505724520947456,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="} -00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724521281457,"packet_id":3,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724521281457} +00366{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724521281457,"packet_id":3,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724521281457} 00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724520947456,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="} 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1505724521281457,"flow_dst_last_pkt_time":1505724520947456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":72,"thread_ts_usec":1505724521281457,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="} -00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724521624823,"packet_id":4,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_usec":1505724521624823} +00366{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724521624823,"packet_id":4,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_usec":1505724521624823} 01007{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":517,"pkt_l4_len":0,"thread_ts_usec":1505724521281457,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAHzPsUAAEARcAyEvvQMl3m5LAhoCGgB3wAAMv8BzwE8W3RzUAAARQABy2NMQABABihtwKiTsZd5waDkgAG7Qsba5lXaAWOAGAHJpLIAAAEBCAoAC7oOMW78fxYDAQGSAQABjgMDWb+IaLIesQWIv6YFz4XWzGx5xL0th24F2at6CJidHk8AAQbALMAwAJ\/ArcCfwCTAKABrwArAFAA5wK\/Ao8CHwIvAfcBzwHcAxACIwCvALwCewKzAnsAjwCcAZ8AJwBMAM8CuwKLAhsCKwHzAcsB2AL4ARcAIwBIAFgCrwKfAOACzwDYAkcCRwJvAl8CrAKrApsA3ALLANQCQwJDAlsCawKrANACPAJ3AnQA9ADXAMsAqwA\/ALsAmwAXAocB7AMAAhMCNwHnAicB1AJzAnAA8AC\/AMcApwA7ALcAlwATAoMB6ALoAQcCMwHjAiMB0AArADcADAK0AtwCVwJPAmQCsALYAlMCSwJgAkwCpwKUArwCNwI\/AlcCpAKjApACuAIzAjsCUwKgAiwD\/AQAAXwAAABMAEQAADjE5Mi42OS4xMzYuMTc5AA0AFgAUBgMGAQUDBQEEAwQBAwMDAQIDAgEACgAYABYAGQAcABgAGwAXABYAGgAVABQAEwASAAsAAgEAABYAAAAXAAAAIwAA"} 01171{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1505724521624823,"flow_dst_last_pkt_time":1505724520947456,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":517,"pkt_l4_len":479,"thread_ts_usec":1505724521624823,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAHzPsUAAEARcAyEvvQMl3m5LAhoCGgB3wAAMv8BzwE8W3RzUAAARQABy2NMQABABihtwKiTsZd5waDkgAG7Qsba5lXaAWOAGAHJpLIAAAEBCAoAC7oOMW78fxYDAQGSAQABjgMDWb+IaLIesQWIv6YFz4XWzGx5xL0th24F2at6CJidHk8AAQbALMAwAJ\/ArcCfwCTAKABrwArAFAA5wK\/Ao8CHwIvAfcBzwHcAxACIwCvALwCewKzAnsAjwCcAZ8AJwBMAM8CuwKLAhsCKwHzAcsB2AL4ARcAIwBIAFgCrwKfAOACzwDYAkcCRwJvAl8CrAKrApsA3ALLANQCQwJDAlsCawKrANACPAJ3AnQA9ADXAMsAqwA\/ALsAmwAXAocB7AMAAhMCNwHnAicB1AJzAnAA8AC\/AMcApwA7ALcAlwATAoMB6ALoAQcCMwHjAiMB0AArADcADAK0AtwCVwJPAmQCsALYAlMCSwJgAkwCpwKUArwCNwI\/AlcCpAKjApACuAIzAjsCUwKgAiwD\/AQAAXwAAABMAEQAADjE5Mi42OS4xMzYuMTc5AA0AFgAUBgMGAQUDBQEEAwQBAwMDAQIDAgEACgAYABYAGQAcABgAGwAXABYAGgAVABQAEwASAAsAAgEAABYAAAAXAAAAIwAA"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1505724521624823,"flow_dst_last_pkt_time":1505724521827076,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_usec":1505724521827076,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABYPdsAAD0RdkmXebkshL70DAhoCGgARAAAMP8ANEGxP1xFAAA0\/\/RAADIGm1uXecGgwKiTsQG75IBV2gFjQsbcfYAQAOuAKQAAAQEICjFu\/+8AC7oO"} -00366{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523243945,"packet_id":9,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523243945} +00366{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523243945,"packet_id":9,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523243945} 00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724522900342,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABccWEAAEARPweEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R4UAAARQAANGNNQABABioDwKiTsZd5waDkgAG7QsbcfVXaBs+AEAIjeMYAAAEBCAoAC7rNMW7\/7w=="} -00367{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523425476,"packet_id":10,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523425476} +00367{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523425476,"packet_id":10,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724523425476} 00463{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724523243945,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcdugAAEAROYCEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R5UAAARQAANGNOQABABioCwKiTsZd5waDkgAG7QsbcfVXaB5OAEAIjeAIAAAEBCAoAC7rNMW7\/7w=="} -00367{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523784944,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_usec":1505724523784944} +00367{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724523784944,"packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_usec":1505724523784944} 00478{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1505724523425476,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABogi4AAEARLi6EvvQMl3m5LAhoCGgAVAAAMv8ARAE8W3R6UAAARQAAQGNPQABABin1wKiTsZd5waDkgAG7QsbcfVXaB5OwEAIjg6MAAAEBCAoAC7rNMW8EIAEBBQpV2gbPVdoHkw=="} -00367{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525364548,"packet_id":12,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_usec":1505724525364548} +00367{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525364548,"packet_id":12,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_usec":1505724525364548} 01166{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":633,"pkt_l4_len":0,"thread_ts_usec":1505724523784944,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAJnsccAAEAR\/JWEvvQMl3m5LAhoCGgCUwAAMv8CQwE8W3R7UAAARQACP2NQQABABif1wKiTsZd5waDkgAG7QsbcfVXaB5OAGAIjv8IAAAEBCAoAC7rRMW8EIBYDAwIGEAACAgIAmOi+GN3N8UwFIOyGgG7fRoYqddIen6fJLfOoMdGcgjC7EXRuMLo4ueRPzuPNKTKsd0rXjIh8nF1luCtj74M6hLMrC8RgUQ8NtWnU+VyJ5ocLdxtzZF0gGB+1NhUGr48PAz8CyV8iWtZ4r5z1HdzPAjUZcbzNDe0GFdLkO0mrmT1V\/fADZpMXfOis2u6uwZpitz8p9IosL8QiH6+IqUMckXifdvysezYp9tH9I18YsH7HyCm46xkjwyg7bNLoY89xVSe+3KoGnCgNymiAS0DFirvRnfEhZ55M6aVqDHyopcrpE\/p7Ra+JZESNmMF2sYfinmGSLWypwRK8tqaU\/ff99MtBg4KsFRNdp7dUOalIiR2j+\/gLC7fy\/B8rinO1aEkQfPwupPH+TOkI6kU7p6ZpEMlgYUAeUCVVdw2kpGnwan1lhC7pX4eYGUKHCcYnb9WwWjN9kb1rdtJu6KJWHsmxhkqn+5IJXszwezV7EVVZplgJPkRBwWsUatOWpjd9GuEZrUofu+2zRAWb37O45WXULSMfnimMKJd4Xwqcyx7tqMpzzTK7dWYdIkVZW9y5jVbcfrEnX0PFjjBobFRt6z81tve44yNzWQLg\/BhIGmKgyP4ZWrM3REf0v0GIj8wfwr+jHsMczvQifNTnUyyug\/Xc6cQyMh8qaav4EhHbL4l4yFg="} -00367{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525422029,"packet_id":13,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_usec":1505724525422029} +00367{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525422029,"packet_id":13,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_usec":1505724525422029} 00471{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":116,"pkt_l4_len":0,"thread_ts_usec":1505724525364548,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABis2MAAEAR\/P6EvvQMl3m5LAhoCGgATgAAMv8APgE8W3R8UAAARQAAOmNRQABABin5wKiTsZd5waDkgAG7QsbeiFXaB5OAGAIjWbAAAAEBCAoAC7rRMW8EIBQDAwABAQ=="} -00367{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525500430,"packet_id":14,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724525500430} +00367{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724525500430,"packet_id":14,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724525500430} 00522{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_usec":1505724525422029,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJtcMAAEAR+neEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3R9UAAARQAAYWNSQABABinRwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj3G8AAAEBCAoAC7rRMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="} -00368{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526101283,"packet_id":21,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724526101283} +00368{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526101283,"packet_id":21,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_usec":1505724526101283} 00522{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_usec":1505724525702072,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJx48AAEAR6KuEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3SBUAAARQAAYWNTQABABinQwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj26cAAAEBCAoAC7uZMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="} -00368{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526161588,"packet_id":22,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526161588} +00368{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526161588,"packet_id":22,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526161588} 00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724526101283,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcySMAAEAR50SEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SDUAAARQAANGNUQABABin8wKiTsZd5waDkgAG7Qsbeu1XaCFKAEAIjZNIAAAEBCAoAC7vdMW8PEg=="} -00370{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501623,"packet_id":24,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_usec":1505724526501623} +00370{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501623,"packet_id":24,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_usec":1505724526501623} 01943{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1206,"pkt_l4_len":0,"thread_ts_usec":1505724526302674,"pkt":"\/Ejvopo\/MNF+D2w+CABFuASk0zUAAEAR2OqEvvQMl3m5LAhoCGgEkAAAMv8EgAE8W3SEUAAARQAEfGNVQABABiWzwKiTsZd5waDkgAG7Qsbeu1XaCIaAGAIjjQIAAAEBCAoAC7viMW8PEhcDAwRDAAAAAAAAAAFJqZsr2XFOAWwXDu0+7Y9vPaXF6QBuCgzG25Q\/KbgqYu88jDq040h3tvc+aLu+DTcTspkgI5XvLXRFxqBxdvTufQDpaiPCYyECwSJhep14pGbJr74Zfc\/j6Av4+JPM7XoLFlKyk030dBFrQrGR3OC0pR3zpNnKaUQjB+tTd4nLUXzWv2mjrWj7pce\/bPzpfedXtz8tcxLvi8SEHscHZsArZDwdeUf5QLLvVFDZNU4ZEQaimEyX15KzM6G5ToQIrvIFXEhAF3dG5oXfA+Ae4WLPSnyb5NwMMF4kDDNIe1ZVjNBxSABFaYjPPiJg0gQg\/+QEqg1CX23cpDZyJxz7smWB9h7xs7H9AygfzY9wASIaEq6DqGATMfMsN3dYWATzH3hum27SvUyhZ75L0k5HqqsoGIfu+LYC1hNDONFV6+lkufq4BpitkoCYAzdbmomEw05OzNlTrWr0XPFYwgNz7thDeUGqO\/xKaUFeEC4Y7Xy1Gc41hkWo54xuUrmAxO9X1\/+gkn+c3MHGrRESux79pmus577Y7Fo4U\/4oJ6luI0bGV303za2qj4yCdXLeQWjtrOGdBBkw\/wBHF5IbYMOF9bJFx68HeOrrn4nYFgmVhrWXDxyY1xWgLDIjRY5UDtLoQjMcM03rPMf1Z8L76UZ2YHFgGbBPU1OGctMjFUx+R73JxaqxVRw4ymshyrqvP9+E3HE7UquBR2x9EQISSgDorx56T92cLWOMHjn+ek1JnoCiwSF6nQ5wDmyw72RptvWz6AU0FUnuqURBs\/Yt3PJfdurGsJxYBs+wDZGPNy41Qf5bJwUyIKMkYqmgYULqkbNWOZxFV99s4+BV262g1PDKETuLCv2a\/bmZ\/xolpL0HSIF0vX2xBElZHZ+hd84KVa1Y1XFdDw8mr7TyDNVUiL3tNunlmrQfdQETgjFhKIaQn6XGF8V1kH05Pfc52o2vbYUaSnIDJWt30SPlvtzw5ruQY4AYjS9\/zvW4ADabvEgwiTZjb2txs6oHyKnVCekE0WjVDCEceBK1aQn6rKOOPXvKdj3iDTl1Ep2O3m+u3pqEIGzMPxhnKMpUTUMR5vH5kQ6XVO3\/\/O3Fv4Gs+QXjMNEsaI4CKiHU5k1Q0MbXxbrvkqD7nzLmoRz\/kTcbg2\/gjB1KRUMXAi27pqag38iFL5LdNl02Bk8czI\/JMSOpzjzmaW1x5HQLihorbExEU6gi6LG\/RLyN0wdxLAEVfUuvGwMzSO969\/mxBBfNydqDsDV4YQiFLRSJTGt9vGEn+QmnSkfZdl3aM1n9v1oUbRwSanCl2G5YkrCo8NVoEuKsjRybURkxyp7cEy1T38EAeIr7HE3lwdlheQG63MqfDiIz7ld4f9Q0nYgQa1Und43tDU8iH72YEZe9PfwwG1sJOBUaECdibU9+goippYdBUnHF+Q41lhVnISz+74wOY0LMuM8="} -00368{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501639,"packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639} +00368{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1505724526501639,"packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1505724526501639} 00462{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1505724526501623,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="} 01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":14,"flow_first_seen":1505724520744830,"flow_src_last_pkt_time":1505724526501639,"flow_dst_last_pkt_time":1505724526702991,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1160,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2974,"flow_dst_tot_l4_payload_len":2858,"midstream":0,"thread_ts_usec":1505724526702991,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00867{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":27,"packets-processed":27,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":37,"global_ts_usec":1505724526702991} diff --git a/test/results/default/reasm_segv_anon.pcapng.out b/test/results/default/reasm_segv_anon.pcapng.out index 61aaa1a7e..666a6bcb0 100644 --- a/test/results/default/reasm_segv_anon.pcapng.out +++ b/test/results/default/reasm_segv_anon.pcapng.out @@ -1,44 +1,50 @@ +<<<<<<< HEAD 00622{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} 00351{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466} +======= +00619{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00843{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} +00351{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466} +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00784{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":72,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00943{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00351{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828949487,"packet_id":2,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828949487} +00351{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828949487,"packet_id":2,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828949487} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1550422828949487,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":72,"thread_ts_usec":1550422828949487,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} -00351{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422829033309,"packet_id":3,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422829033309} +00351{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422829033309,"packet_id":3,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422829033309} 00445{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_usec":1550422828949487,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1550422829033309,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":72,"thread_ts_usec":1550422829033309,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="} 02481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1550422829033309,"flow_dst_last_pkt_time":1550422829929637,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1490,"pkt_l4_len":1456,"thread_ts_usec":1550422829929637,"pkt":"AAAAcxs8EFFy5LtdCABFeAXERWUAADkRsl67YDRVkUwC7AhoCGgFsAAAMP8FoDg844lFAAWgxWgAAPsGU98\/vpErrBEkFQBQ4RM6qmoB8LOPBlAQAEiwDQAARAeExr+y8AhzVpgKCkKlnvlehsfpm0bTBDeOsVCIPJJRR8i7O0ShlC8OkbZcjr27e46mdxo6iVDTSSR19U\/OnX\/J9ytt7JmoZ+ArhxnMbhDMeJxmyZ8joLjowqY9ASTolrXiHLvjMJPYJuaqE9CZI9fJgP3JYWRy+SPj\/LcOM9atRNZddEoFbkLAmvP45TpduQtDDD0pDbEmAAH9D9ePgPsOEwL8iIAmdomWzYeDoeXmIRRso+nGSf4SW8p0Z+kHfn8Lcb7fe4gNvCVxNuRzZ9XoBr78EKOyvcLsb6QBVosDrP5BGiDhsNMJiQSrlAGKaHvmkIy2ABeX7VCwAXY\/FGyAbQ8p3LqXoETrP4eCuMN+qg7mDqupltxhdAN0xeOMr5cxvs5W8fVVMDdwTeYn\/BXjraVrGZxOjNpYcHt2VM+dfgmvUtbfUC5eJov3yTFN343b4JJd+2n55Xma4PBSZhxMr2o0NMqbMEOjBgwN0HH\/QWEjmNewbzK\/U7y2dKfGPvj9YLFBTGuOaRo5d+Yg7b9Jr0LlpgfUB\/38A8BQjT14lBVLpip7QEPVqmr\/pav2TiolHdabQ\/W6HgUZtkgzERzbT+xNV00\/4lJoH8nDNabGIMnyA0L5NfH+c8xMtPbRxHP+wDtWOxxk8hukw5NmkA6HCbHYj2ywfw4EW7PyHWDoFlGbnCWZniy8lS5OzEluRgVuExMmbCtBeAffLPbOAWmzmBgPRr47k23xk8S+kS7OrKn3unqgghpx3XG8VsVJgBYwF3NODGXhGt5YSjRAF180YCRe29+AkXhyf7F4BTc7xifeVx2MtmvEg3H+7vLERWT+s4P3AZnXBiNzIFvtwEwFJeIiHxEeji1jP5E3Gxp+BF1tCaPu6obNy7v312tehtK4XI8AET4KDTpxYuqF4o8mWadnmlkSLeIccQj0ynnVdo9TnKNIzTuc5\/RbSvcxSS9mZ5L+n\/tESY\/7JO89LhGzECDIX90nC\/K6BL\/lBSqHhbgT9RdK2aeR\/hr1LhbSJCHuz+sMAk4U4hHNMEwFuyg2bB9pPGNEGV5FDqcQcjYha5zbWxzkppMDexX5qATyKNuLfdklycdPHIsMOuYBdj51hSz3\/zndLw1O90l7g9D97Hdui+79exqg++\/23IruPeOjT+BV4cxPdEYk\/tBuEvFH2PhLDknGn0fnUSDxF4qjixTXgKMY4YsT2sg9aFc4D25qTblsB+tai9PCNvi8bVM4rrFBnbbV7FS1rVS+kcW114hzBa53ptF6ZyHgx0sRhNSC+0HAv1cFkgu7A+YDKCUJ7gOQymcV4hrpIFojhUqnHUeCeJgVSqVK71ddSPy+XGEqVag5L\/0Gqw+dY+hdP7gIppiz11hfS4NOMqWqvlp3B04ypXJfO+9GDyJNMl1w4mTzxula6Vb2azYk2Wr86P9ZXLC3XQwIanOqivxyqwN4YXtVcZAQLsX0lZ+fKeIzE8rSToQINW3NrqItJJSJ0slwXb5FMlzT\/SL+WW1Ov3ajSSp8JjF1EWu+jwLRQNc9ll5NlDg0nauYojaEpClkdU+7Zhcnv+Pi\/OcN5l7wealz00XPTwR0p4lgeIptxGGbR6Y1gakUO3ANS7eDHCZku1OZLNMFtsJpIm3cnX8R0zZA2gKpfesUv2WmV1o6bSJVVY7CCpdOr8FYTuZtkJdOh3lJWL0JLV+DrH7R35L6zTl\/IAq6eoNpga1prIDseOxIgPH2665iaA11vAiUYV+nUtw4ZG2tGGtzuYh8GM0vM02vkfj++6UilU9DigSWrT4u7otV9gjLYULYvVRpFDI1BndDnz2Nu1hMBe3gxfNkmmdQot+ybYe4CI+Ga6cR0VyKZ0AIfyxht\/A="} 02500{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1550422829033309,"flow_dst_last_pkt_time":1550422829929761,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1490,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1490,"pkt_l4_len":1456,"thread_ts_usec":1550422829929761,"pkt":"AAAAcxs8EFFy5LtdCABFeAXERWQAADkRsl+7YDRVkUwC7AhoCGgFsAAAMP8FoDg844lFAAWgxWcAAPsGU+A\/vpErrBEkFQBQ4RM6qmSJ8LOPBlAQAEjjuQAASGv3Neuozq7kv67kL1Hnj7lbmz9d0fXlu7gwQuJz\/eXJf\/oG1BkNeS+BDSv6HE0FK4jJx9QaKEQiXfpZtW2zgSTYwTNMgpEzn934WY3oICm9l0npFWKetyiPIqoWwXfeJtSlQWOSG7O\/riFvuzLW0FiqZMqT9TUykKW3r\/swoVySUn\/LVsVXJMGU05QJnGzxN1P8TWuqczag3oRHV5Xz8bsVptimHF51jSk0uD7JZrepvGLeiDlEIHoeq8nv4bdYvkaCtI2ju+I7i6osvuLaAHN3HSHtr+AboJg6mMzPnlZKxHVRlQDqIteAVOKJbxQFWwHrw98gcQ6JTDgsdAMzEhjhOBSfrLmPJPKrYoPXVsju7hWvJSn7nc04JPXZlU6Xqe\/TxtG3GWUst5eSjkESbtgGPI2zs+t6h9+L4UILmVs\/6yC7AFK8Qzngut13oXw91+2+\/jWzw8ZpOWr018RRu7gZOxDK4hF4DT9It47IR\/ZOMuO5IkS6H2Sv8BI7aI+f7\/qjiPb0sas\/9A6AW+CfNPsTiH9cfXNtw7M5\/vw7Eg6jvFvfuB7Af3wkEPCP\/lZE98FojBOAw0Sig6xxdPkTgR0AkeO3DD+NkzldDjNOvCn590DQ91Ufu1JfS9QBitd7G47\/VFDYC+xzAOwJRizmI57hnStCP4cBiC7rGSl0ZyGWWIxkjs80NkwZU0\/VSxnPUDdm7MB2Rg2vrCuqWy58sbPIr\/j7gp2nJETpODOvK9DZCcmWQ5s56Xu\/6HW3ipRy\/rrfv6AuBvhMndF3dps+Y\/9rfn+gyrT+ZLHBvS6brMdBkRvZJVuaE5U+T6NQQ31ymUKK8OG7HlbdFXhCFDWSmH5FLaZPBorpThtFMR17kong76kT00CCTqtmZCXIfptGJxVlFMTytZr2h13f\/enaHobdF74LCwXpNE4lql\/SNdbBIorqTSdYRXMbaGwJ5ZmSFtjQq9iQ2gEyHrLisf5BKNGGh+ECDxPvg56WxDs\/ld3dRjK+IIzJ9Knib574Oz5Muat5WIbualBcsRmepJwUS8aLfShqqecpWbpOryUN\/1QNIwd2nU0r8mOCvKyyA+ZB\/4fUFDzFgh4xoTTUIC3mJJI7jvyw5DRaXMOsfbYXGSog9zo7teO3TKphQDxOQFQ0+ZE1inquwIijujS9fIg+sesJWaiHYKGOR\/1cynrTmNqbMlE+oxYP9ZMwY5u5fzhO6QPUrR4+Hmz+2Xy82CCfUCvMZIbCXO3BvdoQhpMa8bc6RIx7LJ\/hUy5tlFBxYvoGXIM3iAfu6D4w\/aWHVmwbeB46z5cwHwqe33pmX7H+KsO7ICdOdsrFhKKH5Y9jhD+aYoXPvj\/nl+941Fx4CCA7cgxt4zV4BgumfsmwEv0jXx6T\/SMOfibyTEG5nS\/PGwr2PyTx1+38XZR\/poF2Gcw+xvpzQCiIX+Xnq1L4\/Sm8lz8iPP9dA11Iwy7UPei3pGLxaqK7A8JP5xoocvexYEhrckxyD1vFw4TieVLpvJ\/dO6Bc3IqCvNI9UblB0yaeZ\/YlnKKbsPD2GXLImWlkxV+hQy6vSzJS9n6hreJrjGLrlXRtpg\/Du5OQpoOLZ44UK0cVB7rP+dXXTjbmPLnGulAwr8H4iFTvk7d+hcP4RjyxqWOSLpCINnB\/G++1s7NRb\/3hV2pGcBxnEIFZ9spRIvjRAdWcPloceNGk96gCVSXY45qjDKrSJZ\/vpWu4wary5R74s8i\/L8Avj\/fm1qr8dGW95GtzUyjcNjnoLlkTN+BuF1PBDlEPlWAiEmPXo4gCU8G\/VMJk+iVKankUCQfYBZElrD9\/TrzbEXiuOhkEWA\/fOb\/ozkBUuE6dU99Mq3FLVB6R3BKXAtwShUc="} -00352{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422830892428,"packet_id":14,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422830892428} +00352{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422830892428,"packet_id":14,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422830892428} 00455{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422829930010,"pkt":"AAAAcxs8EFFy5LtdCABFeABkrHMAAEARSbCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPacwAARQAAPFkxQAB\/BgF7rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEB\/lMAAAEBBRI6qmoBOqpveTqqdPE6qpBJ"} -00352{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831332137,"packet_id":16,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422831332137} +00352{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831332137,"packet_id":16,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422831332137} 00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422830894938,"pkt":"AAAAcxs8EFFy5LtdCABFeABkPGYAAEARub2RTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPbcwAARQAAPFkyQAB\/BgF6rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEBA8wAAAEBBRI6qmSJOqpveTqqdPE6qpBJ"} -00352{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831496038,"packet_id":24,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831496038} +00352{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831496038,"packet_id":24,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831496038} 00467{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"thread_ts_usec":1550422831334845,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdA0AAEARgg6RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPccwAARQAARFkzQAB\/BgFxrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBaSwAAAEBBRo6qn\/hOqqFWTqqdPE6qpBJOqpkiTqqb3k="} -00352{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831516116,"packet_id":25,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831516116} +00352{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831516116,"packet_id":25,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831516116} 00466{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"thread_ts_usec":1550422831496038,"pkt":"AAAAcxs8EFFy5LtdCABFeABseqMAAEARe3iRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPdcwAARQAARFk0QAB\/BgFwrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBXjwAAAEBBRo6qoVZOqqK0TqqdPE6qpBJOqpkiTqqb3k="} -00352{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833131470,"packet_id":26,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833131470} +00352{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833131470,"packet_id":26,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833131470} 00455{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422831516116,"pkt":"AAAAcxs8EFFy5LtdCABFeABkmSIAAEARXQGRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPqcwAARQAAPFk9QAB\/BgFvrBEkFT++kSvhEwBQ8LOPBjqqWZmgEAEB\/lMAAAEBBRI6qnTxOqqQSTqqZIk6qm95"} -00352{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833287234,"packet_id":30,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833287234} +00352{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833287234,"packet_id":30,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833287234} 00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422833134009,"pkt":"AAAAcxs8EFFy5LtdCABFeABkzGMAAEARKcCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPrcwAARQAAPFk+QAB\/BgFurBEkFT++kSvhEwBQ8LOPBjqqXxGgEAEB+NsAAAEBBRI6qnTxOqqQSTqqZIk6qm95"} 02204{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422833287234,"flow_dst_last_pkt_time":1550422833289770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":27912,"midstream":0,"thread_ts_usec":1550422833289770,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":305486.2,"max":1859119,"stddev":563984.9,"var":318078976000.0,"ent":3.1,"data": [396021,83822,1376171,124,2,2,1,3,2,2,113,124,1859119,964928,439709,439658,123,2,1,1,1,121,163901,20078,1615354,1799040,121,3,155764,155637,124]},"pktlen": {"min":76,"avg":920.2,"max":1476,"stddev":651.3,"var":424215.9,"ent":4.5,"data": [92,92,92,1476,1476,1476,1476,1476,1476,1476,1476,1476,1476,100,1476,100,1476,1476,1476,1476,1372,1476,1476,108,108,100,76,388,1164,100,76,388]},"bins": {"c_to_s": [0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0]},"directions": [0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1],"entropies": [5.396138191,5.404344082,5.439617157,7.876337528,7.839885235,7.778254986,7.872960091,7.839048862,7.805950642,7.829119205,7.848347187,7.849987984,7.779471874,5.402985096,7.775711060,5.441986561,7.838281155,7.873279095,7.848281860,7.860656261,7.849815845,7.850412846,7.844122410,5.518630505,5.537148952,5.382984638,5.187358379,7.340617657,7.811021328,5.454438686,5.151109695,7.382753849]},"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833447409,"packet_id":34,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422833447409} +00353{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833447409,"packet_id":34,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422833447409} 00467{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"thread_ts_usec":1550422833289895,"pkt":"AAAAcxs8EFFy5LtdCABFeABsAdEAAEAR9EqRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPscwAARQAARFk\/QAB\/BgFlrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBHQQAAAEBBRo6qqCxOqqlwTqqdPE6qpBJOqpkiTqqb3k="} -00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834706876,"packet_id":35,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834706876} +00353{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834706876,"packet_id":35,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834706876} 00466{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"thread_ts_usec":1550422833447409,"pkt":"AAAAcxs8EFFy5LtdCABFeABspBUAAEARUgaRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP1cwAARQAARFlIQAB\/BgFcrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBG8wAAAEBBRo6qqCxOqqm+TqqdPE6qpBJOqpkiTqqb3k="} -00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":36,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} +00353{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":36,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} 00466{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"thread_ts_usec":1550422834706876,"pkt":"AAAAcxs8EFFy5LtdCABFeABswggAAEARNBORTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP3cwAARQAARFlJQAB\/BgFbrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBF4wAAAEBBRo6qqCxOqqrOTqqdPE6qpBJOqpkiTqqb3k="} -00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":37,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} +00353{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":37,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} 00466{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"thread_ts_usec":1550422834810623,"pkt":"AAAAcxs8EFFy5LtdCABFeABswgkAAEARNBKRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP4cwAARQAARFlKQAB\/BgFarBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBFlQAAAEBBRo6qqCxOqqscTqqdPE6qpBJOqpkiTqqb3k="} -00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834970446,"packet_id":38,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834970446} +00353{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834970446,"packet_id":38,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834970446} 00466{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":126,"pkt_l4_len":0,"thread_ts_usec":1550422834810623,"pkt":"AAAAcxs8EFFy5LtdCABFeABsCZYAAEAR7IWRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP6cwAARQAARFlLQAB\/BgFZrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBEhQAAAEBBRo6qqCxOqqwsTqqdPE6qpBJOqpkiTqqb3k="} -00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422836805918,"packet_id":49,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_usec":1550422836805918} +00353{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422836805918,"packet_id":49,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_usec":1550422836805918} 00478{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":134,"pkt_l4_len":0,"thread_ts_usec":1550422835423571,"pkt":"AAAAcxs8EFFy5LtdCABFeAB0ec4AAEARfEWRTALsu2A0VQhoCGgAYAAAMv8AUAn8kEMGdAAARQAATFlXQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqXxHgEAEBriQAAAEBBSI6qmSJOqpqATqqZIk6qm95OqqgsTqqsLE6qnTxOqqQSQ=="} -00353{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976} +00353{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976} 00454{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_usec":1550422836808446,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"} 00994{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":54,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422844222036,"flow_dst_last_pkt_time":1550422844224430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":72488,"midstream":0,"thread_ts_usec":1550422844224430,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00853{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/reasm_segv_anon.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":82,"packets-processed":82,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":44,"global_ts_usec":1550422844224430} diff --git a/test/results/default/rsh-syslog-false-positive.pcap.out b/test/results/default/rsh-syslog-false-positive.pcap.out index c22113c99..af0de3336 100644 --- a/test/results/default/rsh-syslog-false-positive.pcap.out +++ b/test/results/default/rsh-syslog-false-positive.pcap.out @@ -7,9 +7,9 @@ 00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1464076252968094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":303,"pkt_l4_len":283,"thread_ts_usec":1464076252968094,"pkt":"RQABL74gQAA8Bq0hrB9OgawdK8kjTwICdUbV3TedTUKAGABzb+4AAAEBCAoozL94kELhBTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc4OTUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIK"} 01129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1464076252980094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":490,"pkt_l4_len":470,"thread_ts_usec":1464076252980094,"pkt":"RQAB6r4hQAA8BqxlrB9OgawdK8kjTwICdUbW2DedTUKAGABzmrEAAAEBCAoozL+EkELhGDwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc5MTArMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyBjbiB1c2VyUGFzc3dvcmQgZ2lkTnVtYmVyIG1vZGlmeVRpbWVzdGFtcCBtb2RpZnlUaW1lc3RhbXAKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk1NzkxNiswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDUgRU5UUlkgZG49ImNuPWludHNpci1hZG1pbnMsb3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc5MjArMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNFQVJDSCBSRVNVTFQgdGFnPTEwMSBlcnI9MCBuZW50cmllcz0xIHRleHQ9Cg=="} 01473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1464076252992093,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":749,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":749,"pkt_l4_len":729,"thread_ts_usec":1464076252992093,"pkt":"RQAC7b4iQAA8BqthrB9OgawdK8kjTwICdUbYjjedTUKAGABzWYUAAAEBCAoozL+RkELhJDwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NzA5MzUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ2IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKGdpZE51bWJlcj02MDAwMSkob2JqZWN0Q2xhc3M9cG9zaXhHcm91cCkoY249KikoJihnaWROdW1iZXI9KikoIShnaWROdW1iZXI9MCkpKSkiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NzA5NTArMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ2IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyBjbiB1c2VyUGFzc3dvcmQgZ2lkTnVtYmVyIG1lbWJlcnVpZCBtb2RpZnlUaW1lc3RhbXAgbW9kaWZ5VGltZXN0YW1wCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NzA5NTUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ2IEVOVFJZIGRuPSJjbj1pbnRzaXItYWRtaW5zLG91PWdyb3VwZXMsZGM9aW4sZGM9cGhtLGRjPWVkdWNhdGlvbixkYz1nb3V2LGRjPWZyIgo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTcwOTYwKzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NiBTRUFSQ0ggUkVTVUxUIHRhZz0xMDEgZXJyPTAgbmVudHJpZXM9MSB0ZXh0PQo="} -00361{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253006101,"packet_id":6,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_usec":1464076253006101} +00361{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253006101,"packet_id":6,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_usec":1464076253006101} 01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1084,"pkt_l4_len":0,"thread_ts_usec":1464076252992093,"pkt":"RQAEPL4jQAA8BqoRrB9OgawdK8kjTwICdUbbRzedTUKAGABzdzIAAAEBCAoozL+dkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5MjgrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NDMrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTg3OTQ5KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NyBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NTMrMDI6MDAgbGRhcDAxIHNsYXA="} -00361{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101} +00361{"error_event_id":16,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101} 01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1400,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="} 00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}} 00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1464076253018101} diff --git a/test/results/flow-analyse/default/gre.pcapng.out b/test/results/flow-analyse/default/gre.pcapng.out index 7075450dc..94f7ed1a4 100644 --- a/test/results/flow-analyse/default/gre.pcapng.out +++ b/test/results/flow-analyse/default/gre.pcapng.out @@ -1,3 +1,7 @@ flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count +<<<<<<< HEAD 0,7,5932,346,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +======= +0,7,6033,298,0,1,0,1,0,0,0,1,0,0,0,0,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) diff --git a/test/results/flow-info/default/gre.pcapng.out b/test/results/flow-info/default/gre.pcapng.out index 750268a11..8853ee01e 100644 --- a/test/results/flow-info/default/gre.pcapng.out +++ b/test/results/flow-info/default/gre.pcapng.out @@ -1,7 +1,7 @@ DAEMON-EVENT: init DAEMON-EVENT: [Processed: 0 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 0 / 0|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] - new: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] - detected: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable] - idle: [.....1][.142] [ip4][...47] [109.105.228.253] -> [...10.177.98.84] [GRE][Unknown][Network][Acceptable] + new: [.....1][.142] [ip4][..udp] [.192.168.10.210][.5060] -> [.192.168.103.40][.5060] + detected: [.....1][.142] [ip4][..udp] [.192.168.10.210][.5060] -> [.192.168.103.40][.5060] [SIP][Unknown][VoIP][Acceptable] + idle: [.....1][.142] [ip4][..udp] [.192.168.10.210][.5060] -> [.192.168.103.40][.5060] [SIP][Unknown][VoIP][Acceptable] DAEMON-EVENT: shutdown diff --git a/test/results/influxd/default/gre.pcapng.out b/test/results/influxd/default/gre.pcapng.out index ac70ffec0..5f154729e 100644 --- a/test/results/influxd/default/gre.pcapng.out +++ b/test/results/influxd/default/gre.pcapng.out @@ -1,11 +1,19 @@ +<<<<<<< HEAD general json_lines=7,json_bytes=5932,flow_src_total_bytes=346,flow_dst_total_bytes=0 events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 state flow_state_info=0,flow_state_finished=1 breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=0,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=1,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_health_count=0,flow_category_unknown_count=0 +======= +general json_lines=7,json_bytes=6033,flow_src_total_bytes=298,flow_dst_total_bytes=0 +events flow_new_count=1,flow_end_count=0,flow_idle_count=1,flow_update_count=0,flow_analyse_count=0,flow_guessed_count=0,flow_detected_count=1,flow_detection_update_count=0,flow_not_detected_count=0,flow_risky_count=0,packet_count=0,packet_flow_count=1,init_count=1,reconnect_count=0,shutdown_count=1,status_count=1,error_unknown_datalink=0,error_unknown_l3_protocol=0,error_unsupported_datalink=0,error_packet_too_short=0,error_packet_type_unknown=0,error_packet_header_invalid=0,error_ip4_packet_too_short=0,error_ip4_size_smaller_than_header=0,error_ip4_l4_payload_detection=0,error_ip6_packet_too_short=0,error_ip6_size_smaller_than_header=0,error_ip6_l4_payload_detection=0,error_tcp_packet_too_short=0,error_udp_packet_too_short=0,error_capture_size_smaller_than_packet=0,error_max_flows_to_track=0,error_flow_memory_alloc=0 +state flow_state_info=0,flow_state_finished=1 +breed flow_breed_safe_count=0,flow_breed_acceptable_count=1,flow_breed_fun_count=0,flow_breed_unsafe_count=0,flow_breed_potentially_dangerous_count=0,flow_breed_tracker_ads_count=0,flow_breed_dangerous_count=0,flow_breed_unrated_count=0,flow_breed_unknown_count=0 +category flow_category_unspecified_count=0,flow_category_media_count=0,flow_category_vpn_count=0,flow_category_email_count=0,flow_category_data_transfer_count=0,flow_category_web_count=0,flow_category_social_network_count=0,flow_category_download_count=0,flow_category_game_count=0,flow_category_chat_count=0,flow_category_voip_count=1,flow_category_database_count=0,flow_category_remote_access_count=0,flow_category_cloud_count=0,flow_category_network_count=0,flow_category_collaborative_count=0,flow_category_rpc_count=0,flow_category_streaming_count=0,flow_category_system_count=0,flow_category_software_update_count=0,flow_category_music_count=0,flow_category_video_count=0,flow_category_shopping_count=0,flow_category_productivity_count=0,flow_category_file_sharing_count=0,flow_category_conn_check_count=0,flow_category_iot_scada_count=0,flow_category_virt_assistant_count=0,flow_category_cybersecurity_count=0,flow_category_adult_content_count=0,flow_category_mining_count=0,flow_category_malware_count=0,flow_category_advertisment_count=0,flow_category_banned_site_count=0,flow_category_site_unavail_count=0,flow_category_allowed_site_count=0,flow_category_antimalware_count=0,flow_category_crypto_currency_count=0,flow_category_gambling_count=0,flow_category_unknown_count=0 +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) confidence flow_confidence_by_port=0,flow_confidence_dpi_partial=0,flow_confidence_dpi_partial_cache=0,flow_confidence_dpi_cache=0,flow_confidence_dpi=1,flow_confidence_nbpf=0,flow_confidence_by_ip=0,flow_confidence_dpi_aggressive=0,flow_confidence_custom_rule=0,flow_confidence_unknown=0 severity flow_severity_low=0,flow_severity_medium=0,flow_severity_high=0,flow_severity_severe=0,flow_severity_critical=0,flow_severity_emergency=0,flow_severity_unknown=0 layer3 flow_l3_ip4_count=1,flow_l3_ip6_count=0,flow_l3_other_count=0 -layer4 flow_l4_tcp_count=0,flow_l4_udp_count=0,flow_l4_icmp_count=0,flow_l4_other_count=1 +layer4 flow_l4_tcp_count=0,flow_l4_udp_count=1,flow_l4_icmp_count=0,flow_l4_other_count=0 detection flow_active_count=1,flow_detected_count=1,flow_guessed_count=0,flow_not_detected_count=0 risks flow_risk_unknown_count=0,flow_risk_1_count=0,flow_risk_2_count=0,flow_risk_3_count=0,flow_risk_4_count=0,flow_risk_5_count=0,flow_risk_6_count=0,flow_risk_7_count=0,flow_risk_8_count=0,flow_risk_9_count=0,flow_risk_10_count=0,flow_risk_11_count=0,flow_risk_12_count=0,flow_risk_13_count=0,flow_risk_14_count=0,flow_risk_15_count=0,flow_risk_16_count=0,flow_risk_17_count=0,flow_risk_18_count=0,flow_risk_19_count=0,flow_risk_20_count=0,flow_risk_21_count=0,flow_risk_22_count=0,flow_risk_23_count=0,flow_risk_24_count=0,flow_risk_25_count=0,flow_risk_26_count=0,flow_risk_27_count=0,flow_risk_28_count=0,flow_risk_29_count=0,flow_risk_30_count=0,flow_risk_31_count=0,flow_risk_32_count=0,flow_risk_33_count=0,flow_risk_34_count=0,flow_risk_35_count=0,flow_risk_36_count=0,flow_risk_37_count=0,flow_risk_38_count=0,flow_risk_39_count=0,flow_risk_40_count=0,flow_risk_41_count=0,flow_risk_42_count=0,flow_risk_43_count=0,flow_risk_44_count=0,flow_risk_45_count=0,flow_risk_46_count=0,flow_risk_47_count=0,flow_risk_48_count=0,flow_risk_49_count=0,flow_risk_50_count=0,flow_risk_51_count=0,flow_risk_52_count=0,flow_risk_53_count=0,flow_risk_54_count=0,flow_risk_55_count=0,flow_risk_56_count=0 diff --git a/test/results/stats/default/gre.pcapng.out b/test/results/stats/default/gre.pcapng.out index 32119923c..2dc8c1647 100644 --- a/test/results/stats/default/gre.pcapng.out +++ b/test/results/stats/default/gre.pcapng.out @@ -1,5 +1,9 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-json_lines" interval=60 N:7 +<<<<<<< HEAD PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:5932 +======= +PUTVAL "localhost/exec-nDPIsrvd/counter-json_bytes" interval=60 N:6033 +>>>>>>> 65e9cd94c (Initial tunnel decoding (GRE - Layer4 only atm). Fixes #53) PUTVAL "localhost/exec-nDPIsrvd/counter-flow_new_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_end_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_idle_count" interval=60 N:1 @@ -9,7 +13,7 @@ PUTVAL "localhost/exec-nDPIsrvd/counter-flow_guessed_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detected_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_detection_update_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_not_detected_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:346 +PUTVAL "localhost/exec-nDPIsrvd/counter-flow_src_total_bytes" interval=60 N:298 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_dst_total_bytes" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-flow_risky_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/counter-packet_count" interval=60 N:0 @@ -54,11 +58,11 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_social_network_count" interv PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_download_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_game_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_chat_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_voip_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_database_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_remote_access_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_cloud_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_network_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_collaborative_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_rpc_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_category_streaming_count" interval=60 N:0 @@ -106,9 +110,9 @@ PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip4_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_ip6_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l3_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_tcp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:0 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_udp_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_icmp_count" interval=60 N:0 -PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:1 +PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_l4_other_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_risk_unknown_count" interval=60 N:0 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_active_count" interval=60 N:1 PUTVAL "localhost/exec-nDPIsrvd/gauge-flow_detected_count" interval=60 N:1 |