diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-08-03 11:26:44 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2021-08-03 12:37:59 +0200 |
| commit | 3a760355705761f46d57a70cca3a34834225ae97 (patch) | |
| tree | 273a6ac4a44af6bb33df0a36c7cd9b5b969c3bed /test/results/coap_mqtt.pcap.out | |
| parent | c32461b032fd2fec74821f3bd5c9bcc2c9689de2 (diff) | |
bump libnDPI to 6b7e5fa8d251f11c1bae16ea892a43a92b098480
* fixed linking issue by using CMake to check if explicit link against libm required
* make nDPIsrvd collectd exit if parent pid changed, meaning that collectd died somehow
* nDPId-test restores SIGPIPE to the default handler (termination), so abnormal connection drop's do now have consequences
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/coap_mqtt.pcap.out')
| -rw-r--r-- | test/results/coap_mqtt.pcap.out | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out index 311458de1..fae052e54 100644 --- a/test/results/coap_mqtt.pcap.out +++ b/test/results/coap_mqtt.pcap.out @@ -44,12 +44,12 @@ 00489{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":6,"flow_first_seen":1375090935240,"flow_last_seen":1375091022272,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":95,"flow_avg_l4_payload_len":15,"midstream":0,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":46819,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15} 00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00418{"flow_id":9,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":976582,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} -00514{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00571{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_first_seen":1455907243976,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00414{"flow_id":9,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907243,"pkt_ts_usec":977291,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqrABAAEAGnRbAqDhlwKg4AURd0RKQSIQZeoYoHFAYAOXx0wAA0AA="} 00419{"flow_id":9,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907244,"pkt_ts_usec":175731,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELlAAIAG+F\/AqDgBwKg4ZdESRF16higckEiEG1AQAQDwpgAAAAAAAAAA"} 00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00419{"flow_id":10,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332152,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELpAAIAG+FzAqDgBwKg4ZdETRF1NYgogm49Jd1AYAQCrGAAAwAAAAAAA"} -00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00572{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_first_seen":1455907258332,"flow_last_seen":0,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00416{"flow_id":10,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":332556,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":22,"pkt":"CAAnAERyCAAnmO\/hCABFAAAqf0dAAEAGyc\/AqDhlwKg4AURd0RObj0l3TWIKIlAYAOXx0wAA0AA="} 00419{"flow_id":10,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907258,"pkt_ts_usec":532086,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoELtAAIAG+F3AqDgBwKg4ZdETRF1NYgoim49JeVAQAQBrHwAAAAAAAAAA"} 00487{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_first_seen":1455907267002,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} @@ -57,7 +57,7 @@ 00425{"flow_id":11,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2284,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"CAAnAERyCAAnmO\/hCABFAAA0AABAAEAGSQ3AqDhlwKg4AURd0RiuSO3C3wLxZ4ASchDx3QAAAgQFtAEBBAIBAwMH"} 00417{"flow_id":11,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":2460,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"pkt":"CAAnmO\/hCAAnAERyCABFAAAoEL1AAIAG+FvAqDgBwKg4ZdEYRF3fAvFnrkjtw1AQAQA7MAAAAAAAAAAA"} 00437{"flow_id":11,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7095,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"pkt":"CAAnmO\/hCAAnAERyCABFAAA7EL5AAIAG+EfAqDgBwKg4ZdEYRF3fAvFnrkjtw1AYAQCebQAAEBEABE1RVFQEAgA8AAVCdXM0MQ=="} -00529{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00586{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":4,"flow_first_seen":1455907267002,"flow_last_seen":1455907267007,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00409{"flow_id":11,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":7143,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"CAAnAERyCAAnmO\/hCABFAAAolKdAAEAGtHHAqDhlwKg4AURd0RiuSO3D3wLxelAQAOXx0QAA"} 00417{"flow_id":11,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":8181,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"CAAnAERyCAAnmO\/hCABFAAAslKhAAEAGtGzAqDhlwKg4AURd0RiuSO3D3wLxelAYAOXx1QAAIAIAAA=="} 00492{"flow_id":11,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907267,"pkt_ts_usec":16406,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"pkt":"CAAnmO\/hCAAnAERyCABFAABkEL9AAIAG+B3AqDgBwKg4ZdEYRF3fAvF6rkjtx1AYAQBtHAAAMzoACUJ1czE3SW5mbwABVXBkYXRlIHRyaWdnZXJlZCBGcmkgRmViIDE5IDIwOjQxOjA3IEVFVCAyMDE2"} @@ -76,7 +76,7 @@ 00530{"flow_id":10,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":45,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483346,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+f0hAAEAGyXrAqDhlwKg4AURd0RObj0l5TWIKIlAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} 00491{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} 00530{"flow_id":13,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483430,"pkt_caplen":140,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":140,"pkt_l4_len":106,"pkt":"CAAnAERyCAAnmO\/hCABFAAB+1KdAAEAGdBvAqDhlwKg4AURd0RSW3pIhxZi6gFAYAOXyJwAAMlQACEJ1czE3Q21kAAJ7Im1lc3NhZ2VUeXBlIjoiVVBEQVRFIiwibWVzc2FnZUNvbnRlbnQiOiJGcmkgRmViIDE5IDIwOjQxOjExIEVFVCAyMDE2In0="} -00519{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"proto":"MQTT","breed":"Acceptable","category":"RPC"}} +00576{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_first_seen":1455907271483,"flow_last_seen":0,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00424{"flow_id":12,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":483762,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"CAAnAERyCAAnmO\/hCABFAAAvXYVAAEAR64HAqDhlwKg4AURcxIcAG\/HjY0Q1AW9STYsvci9CdXMxN0NtZA=="} 00420{"flow_id":10,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":484395,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMVAAIAG+E\/AqDgBwKg4ZdETRF1NYgoim49Jz1AYAP8qugAAQAIAAgAA"} 00419{"flow_id":13,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"coap_mqtt.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1455907271,"pkt_ts_usec":485428,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"pkt":"CAAnmO\/hCAAnAERyCABFAAAsEMdAAIAG+E3AqDgBwKg4ZdEURF3FmLqAlt6Sd1AYAP++LAAAQAIAAgAA"} @@ -194,7 +194,7 @@ ~~ total detected protocols..: 16 ~~ total active/idle flows...: 16/16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 2043837 bytes -~~ total memory freed........: 2043837 bytes -~~ total allocations/frees...: 41882/41882 +~~ total memory allocated....: 2229204 bytes +~~ total memory freed........: 2229204 bytes +~~ total allocations/frees...: 43887/43887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |