diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2023-05-23 04:38:07 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2023-05-24 19:30:19 +0200 |
| commit | c9514136b7c4246a57b85474d1a8e376a9009d4a (patch) | |
| tree | eb17d83ea16815000a4f723c240e54f21cf0691b /test/results/default/ethernetIP.pcap.out | |
| parent | a4e5bab9b2826ae50a48da275b6b441624aab50f (diff) | |
bump libnDPI to ...
* upstream changed regression test interface, needed to adapt
* improved libnDPI helper build script
* updated JSON schema
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/ethernetIP.pcap.out')
| -rw-r--r-- | test/results/default/ethernetIP.pcap.out | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/test/results/default/ethernetIP.pcap.out b/test/results/default/ethernetIP.pcap.out new file mode 100644 index 000000000..5e0e20a21 --- /dev/null +++ b/test/results/default/ethernetIP.pcap.out @@ -0,0 +1,50 @@ +00511{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00574{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1352718180263865} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00642{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1352718180263865,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} +01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180263865,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":82,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":82,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":82,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180263865,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1352718180263865,"flow_dst_last_pkt_time":1352718180264941,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1352718180264941,"pkt":"eOfR4AJeAAC80WDaCABFAAAowW9AAEAGXmGNUQBTjVEACq8SxGOUlUNR3YiN2VAQD8bOTwAAAAAAAI1R"} +02146{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1352718180264969,"flow_dst_last_pkt_time":1352718180264941,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1258,"pkt_l4_len":1224,"thread_ts_usec":1352718180264969,"pkt":"AAC80WDaeOfR4AJeCABFAATccChAAIAGAACNUQAKjVEAU8RjrxLdiI3ZlJVDUVAY+XQfzgAAcAAsAAABAhAAAAAAGzkvAAAAAAAAAAAAAAAAAAoAAgChAAQAChU1ALEAGACvuAoCIAIkAQEABABMAiByJAAEggYAAQBwADoAAAECEAAAAAAcOS8AAAAAAAAAAAAAAAAACgACAKEABAAFCzUAsQAmAHuyCgIgAiQBAgAGABIATAIgciQAGLcEAAEATAIgciQAvFQGAAEAcAAsAAABAhAAAAAAHTkvAAAAAAAAAAAAAAAAAAoAAgChAAQABg01ALEAGAAHpAoCIAIkAQEABABMAiByJAAEggYAAQBwAKoAAAECEAAAAAAeOS8AAAAAAAAAAAAAAAAACgACAKEABAABAzUAsQCWABkzCgIgAiQBCgAWACIALgA6AEYAUgBeAGoAdgCCAEwCIHIkAHR\/BwABAEwCIHIkANiMBAABAEwCIHIkAITEBAABAEwCIHIkAAznBQABAEwCIHIkABh0BwABAEwCIHIkADS+BgABAEwCIHIkABDjBAABAEwCIHIkADQ\/BgABAEwCIHIkADS8BQABAEwCIHIkADTGBgABAHAA4gAAAQIQAAAAAB85LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAIFNQCxAM4AoxkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABAoQYAAQBMAiByJADc\/QUAAQBMAiByJAD0hgUABgBMAiByJAAs5QUAAQBMAiByJACYFAcAAQBMAiByJACkkwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJABQpQUAAQBMAiByJABY4wQAAQBMAiByJAC4xwcAAwBMAiByJAC0zwQAAQBwACwAAAECEAAAAAAgOS8AAAAAAAAAAAAAAAAACgACAKEABAADBzUAsQAYAHenCgIgAiQBAQAEAEwCIHIkAGiiBwAJAHAAwgEAAQIQAAAAACE5LwAAAAAAAAAAAAAAAAAKAAIAoQAEAAQJNQCxAK4Bf58KAiACJAEeAD4ASgBWAGIAbgB6AIYAkgCeAKoAtgDCAM4A2gDmAPIA\/gAKARYBIgEuAToBRgFSAV4BagF2AYIBjgGaAUwCIHIkAIx0BwABAEwCIHIkAKiiBwABAEwCIHIkAJg0BAABAEwCIHIkADgxBwABAEwCIHIkAChvBgABAEwCIHIkACiNBgABAEwCIHIkAAgQBgABAEwCIHIkANRpBwABAEwCIHIkAEB1BgABAEwCIHIkAPQcBgABAEwCIHIkAOwZBgABAEwCIHIkAIizBwABAEwCIHIkAOQgBgABAEwCIHIkAMgaBgABAEwCIHIkAGQ5BwABAEwCIHIkADi\/BgABAEwCIHIkACivBQABAEwCIHIkABwhBgABAEwCIHIkAEj1BQABAEwCIHIkAFT1BgABAEwCIHIkAAA8BgABAEwCIHIkAMRfBwABAEwCIHIkALCqBQABAEwCIHIkAKC1BgABAEwCIHIkAMT8BwABAEwCIHIkAMB0BgABAEwCIHIkAEzoBwABAEwCIHIkAGguBAABAEwCIHIkAHyvBQABAEwCIHIkALwJBgABAA=="} +00778{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180265384,"flow_src_last_pkt_time":1352718180265384,"flow_dst_last_pkt_time":1352718180265384,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180265384,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180265384,"flow_dst_last_pkt_time":1352718180265384,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1352718180265384,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1RAAEAGjEiNUQA\/jVEACq8SzXF9dCfmE+ef0VAYEACJaQAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAncYAgLEAHAAzNYoAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"} +01059{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180265384,"flow_src_last_pkt_time":1352718180265384,"flow_dst_last_pkt_time":1352718180265384,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":72,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":72,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":72,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180265384,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00976{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1352718180265384,"flow_dst_last_pkt_time":1352718180265435,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":386,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":386,"pkt_l4_len":352,"thread_ts_usec":1352718180265435,"pkt":"AAC8x85WeOfR4AJeCABFAAF0cCpAAIAGAACNUQAKjVEAP81xrxIT55\/RfXQoLlAY9kIcUgAAcAA6AAAFAhMAAAAAZsC+AAAAAAAAAAAAAAAAAAoAAgChAAQABy8uALEAJgDoRwoCIAIkAQIABgASAEwCIHIkABi3BAABAEwCIHIkADxUBgABAHAA4gAABQITAAAAAGfAvgAAAAAAAAAAAAAAAAAKAAIAoQAEAAMnLgCxAM4AUkkKAiACJAEOAB4AKgA2AEIATgBaAGYAcgB+AIoAlgCiAK4AugBMAiByJACUpgQAAQBMAiByJABEoQYAAQBMAiByJABc\/QUAAQBMAiByJAB0hgUABgBMAiByJACs5AUAAQBMAiByJACcFAcAAQBMAiByJACokwYAAQBMAiByJABstwQABABMAiByJAA8cgQAAQBMAiByJAC8oAQAAQBMAiByJADQpAUAAQBMAiByJABY4wQAAQBMAiByJAC8xwcAAwBMAiByJAC0zwQAAQA="} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1352718180264969,"flow_dst_last_pkt_time":1352718180267354,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1352718180267354,"pkt":"eOfR4AJeAAC80WDaCABFAAAowXBAAEAGXmCNUQBTjVEACq8SxGOUlUNR3YiSjVAQC2TN\/QAAAAAAAI1R"} +00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1352718180264969,"flow_dst_last_pkt_time":1352718180268264,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1352718180268264,"pkt":"eOfR4AJeAAC80WDaCABFAABwwXFAAEAGXheNUQBTjVEACq8SxGOUlUNR3YiSjVAYC5C8jwAAcAAwAAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQA1\/EAgLEAHADkaooAAAACAAYADgDMAAAAAQAAAMwAAAAFAAAA"} +00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1352718180276314,"flow_dst_last_pkt_time":1352718180265435,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1352718180276314,"pkt":"eOfR4AJeAAC8x85WCABFAABwk1ZAAEAGjEaNUQA\/jVEACq8SzXF9dCguE+ehHVAYEADbwgAAcAAwAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAlcYAgLEAHADoR4oAAAACAAYADgDMAAAAAAAAAMwAAAAFAAAA"} +00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1352718180277875,"flow_dst_last_pkt_time":1352718180265435,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":286,"pkt_l4_len":252,"thread_ts_usec":1352718180277875,"pkt":"eOfR4AJeAAC8x85WCABFAAEQk1dAAEAGi6WNUQA\/jVEACq8SzXF9dCh2E+ehHVAYEACRvgAAcADQAAAFAhMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAjcYAgLEAvABSSYoAAAAOAB4AJgAuADYAUgBaAGIAagB+AIYAjgCWAJ4ArgDMAAAAAAAAAMwAAAAAAAAAzAAAAAgAAADMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzAAAAKefjEHMAAAAAAAAAMwAAAAEAAAAzAAAAAwAAABDOTk5OTk5OTkzNTbMAAAAAAAAAMwAAAAyAAAAzAAAAGQAAADMAAAACgAAAMwAAAAFAAAAb3BmaWwAAADMAAAAAAAAAA=="} +00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1352718180277875,"flow_dst_last_pkt_time":1352718180277922,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1352718180277922,"pkt":"AAC8x85WeOfR4AJeCABFAAAocCtAAIAGAACNUQAKjVEAP81xrxIT56EdfXQpXlAQ+vAbBgAA"} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180390103,"flow_src_last_pkt_time":1352718180390103,"flow_dst_last_pkt_time":1352718180390103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180390103,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00791{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180390103,"flow_dst_last_pkt_time":1352718180390103,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1352718180390103,"pkt":"AAC8X0j6eOfR4AJeCABFAADqcEVAAIAGAACNUQAKjVEAK81yrxIurdArV0tI1VAY+M4btAAAcACqAAAEAhAAAAAAVgG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEAlgBI5QoCIAIkAQoAFgAiAC4AOgBGAFIAXgBqAHYAggBMAiByJABI8gcAAQBMAiByJAAY8QQAAQBMAiByJABUPgUAAQBMAiByJAB42QcAAQBMAiByJAC8YQYAAQBMAiByJAAgzgQAAQBMAiByJAC8LgUAAQBMAiByJACcBgQAAQBMAiByJACwAQYAAQBMAiByJAD8DwQAAQA="} +01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180390103,"flow_src_last_pkt_time":1352718180390103,"flow_dst_last_pkt_time":1352718180390103,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180390103,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1352718180390103,"flow_dst_last_pkt_time":1352718180392743,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1352718180392743,"pkt":"eOfR4AJeAAC8X0j6CABFAADAqJJAAEAGds6NUQArjVEACq8SzXJXS0jVLq3Q7VAYEAA2UAAAcACAAAAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQApcYAgLEAbABI5YoAAAAKABYAHgAmAC4ANgA+AEYATgBWAF4AzAAAAGC0GD\/MAAAAM1O1QswAAAC1P4xBzAAAAAAAAADMAAAAYLQYP8wAAAAAAKBAzAAAAAAAAEDMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAAA="} +01163{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1352718180392878,"flow_dst_last_pkt_time":1352718180392743,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":528,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":528,"pkt_l4_len":494,"thread_ts_usec":1352718180392878,"pkt":"AAC8X0j6eOfR4AJeCABFAAICcEdAAIAGAACNUQAKjVEAK81yrxIurdDtV0tJbVAY+DYczAAAcADCAQAEAhAAAAAAVwG6AAAAAAAAAAAAAAAAAAoAAgChAAQAAi2WALEArgFJUwoCIAIkAR4APgBKAFYAYgBuAHoAhgCSAJ4AqgC2AMIAzgDaAOYA8gD+AAoBFgEiAS4BOgFGAVIBXgFqAXYBggGOAZoBTAIgciQALBwHAAEATAIgciQA0BsGAAEATAIgciQAsBQHAAEATAIgciQA3PMHAAEATAIgciQAnDYFAAEATAIgciQAvAcHAAEATAIgciQAkNEFAAEATAIgciQAAH8HAAEATAIgciQATCMGAAEATAIgciQAOEkGAAEATAIgciQALIcEAAEATAIgciQAALQFAAEATAIgciQAqHwFAAEATAIgciQATJYHAAEATAIgciQAaBgHAAEATAIgciQA3PsGAAEATAIgciQATLwGAAEATAIgciQAGB0IAAEATAIgciQAcFMHAAEATAIgciQAvIMFAAEATAIgciQAvBkGAAEATAIgciQAOJQFAAEATAIgciQATLEFAAEATAIgciQA9HoGAAEATAIgciQApPIGAAEATAIgciQAFIEEAAEATAIgciQA2PAEAAEATAIgciQA+FMGAAEATAIgciQA2PUGAAEATAIgciQApF8HAAEA"} +01003{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1352718180392878,"flow_dst_last_pkt_time":1352718180396360,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":406,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":406,"pkt_l4_len":372,"thread_ts_usec":1352718180396360,"pkt":"eOfR4AJeAAC8X0j6CABFAAGIqJNAAEAGdgWNUQArjVEACq8SzXJXS0ltLq3Sx1AYEAC7AgAAcABIAQAEAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAp8YAgLEANAFJU4oAAAAeAD4ARgBOAFYAXgBmAG4AdgB+AIYAjgCWAJ4ApgCuALYAvgDGAM4A1gDeAOYA7gD2AP4ABgEOARYBHgEmAcwAAAAAAAAAzAAAAAAAAADMAAAAAQAAAMwAAAAAAAAAzAAAAAAAAADMAAAAAQAAAMwAAAAAAAAAzAAAAAAAAADMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAADMAAAAAAAAAMwAAAABAAAAzAAAAAEAAADMAAAAAQAAAMwAAAAAAAAAzAAAAAEAAADMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAADMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAADMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAADMAAAAAAAAAMwAAAAAAAAAzAAAAAAAAADMAAAAAAAAAA=="} +00782{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180397556,"flow_src_last_pkt_time":1352718180397556,"flow_dst_last_pkt_time":1352718180397556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180397556,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00792{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1352718180397556,"flow_dst_last_pkt_time":1352718180397556,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":248,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":248,"pkt_l4_len":214,"thread_ts_usec":1352718180397556,"pkt":"AAC8X0lReOfR4AJeCABFAADqcEpAAIAGAACNUQAKjVEAF\/T9rxIm2H0TxmFi41AY9W4boAAAcACqAAABAhAAAAAAo6iTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAlgBx7AoCIAIkAQQACgAoAEYAagBODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMQEAAf9ODJEWTE1TX0RJU0FCTEVfMkRTQ0FOTkVSMgEAAf9OD5EbTE1TX0RJU0FCTEVfQkFSQ09ERV9TQ0FOTkVSAAEAAP5OD5EbTE1TX1NFVFBPSU5UQ0hBTkdFX1JFQ0VJVkVEAAEAAP4="} +01063{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1352718180397556,"flow_src_last_pkt_time":1352718180397556,"flow_dst_last_pkt_time":1352718180397556,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":194,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":194,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":194,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1352718180397556,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1352718180397556,"flow_dst_last_pkt_time":1352718180400615,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_usec":1352718180400615,"pkt":"eOfR4AJeAAC8X0lRCABFAAB0TSZAAEAG0pqNUQAXjVEACq8S9P3GYWLjJth91VAYEADGbgAAcAA0AAABAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgChAAQAtccAgLEAIABx7IoAAAAEAAoADgASABYAzgAAAM4AAADOAAAAzgAAAA=="} +00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1352718180445661,"flow_dst_last_pkt_time":1352718180396360,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":270,"pkt_l4_len":236,"thread_ts_usec":1352718180445661,"pkt":"AAC8X0j6eOfR4AJeCABFAAEAcF5AAIAGAACNUQAKjVEAK81yrxIurdLHV0tKzVAY9tYbygAAcADAAAAEAhAAAAAAWAG6AAAAAAAAAAAAAAAAAAoAAgChAAQAASuWALEArABJ5QoCIAIkAQUADAAgAD4AXACAAE4HkQxMTVNfQUxJVkVCSVQBAAD+TgyRFkxNU19ESVNBQkxFXzJEU0NBTk5FUjEBAAH\/TgyRFkxNU19ESVNBQkxFXzJEU0NBTk5FUjIBAAH\/Tg+RG0xNU19ESVNBQkxFX0JBUkNPREVfU0NBTk5FUgABAAD+Tg+RG0xNU19TRVRQT0lOVENIQU5HRV9SRUNFSVZFRAABAAD+"} +00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1352718180599940,"flow_dst_last_pkt_time":1352718180400615,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1352718180599940,"pkt":"AAC8X0lReOfR4AJeCABFAAAocJ5AAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AQ+vAa3gAA"} +00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1352718180641979,"flow_dst_last_pkt_time":1352718180400615,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":122,"pkt_l4_len":88,"thread_ts_usec":1352718180641979,"pkt":"AAC8X0lReOfR4AJeCABFAABscLFAAIAGAACNUQAKjVEAF\/T9rxIm2H3VxmFjL1AY+vAbIgAAcAAsAAABAhAAAAAApKiTAAAAAAAAAAAAAAAAAAoAAgChAAQAAQOLALEAGABy7AoCIAIkAQEABABMAiByJACcZwcACQA="} +00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1352718180641979,"flow_dst_last_pkt_time":1352718180643037,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1352718180643037,"pkt":"eOfR4AJeAAC8X0lRCABFAAAoTSpAAEAG0uKNUQAXjVEACq8S9P3GYWMvJth+GVAQD9QSqgAAAAAAAI1R"} +01110{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":16,"flow_first_seen":1352718180263865,"flow_src_last_pkt_time":1352718180959837,"flow_dst_last_pkt_time":1352718180764566,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1204,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":2068,"flow_dst_tot_l4_payload_len":1698,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":11,"flow_first_seen":1352718180397556,"flow_src_last_pkt_time":1352718181046133,"flow_dst_last_pkt_time":1352718181017708,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1538,"flow_dst_tot_l4_payload_len":860,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01109{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":13,"flow_first_seen":1352718180265384,"flow_src_last_pkt_time":1352718181047922,"flow_dst_last_pkt_time":1352718181046461,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":352,"flow_dst_max_l4_payload_len":474,"flow_src_tot_l4_payload_len":1250,"flow_dst_tot_l4_payload_len":1864,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01108{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":12,"flow_first_seen":1352718180390103,"flow_src_last_pkt_time":1352718181046315,"flow_dst_last_pkt_time":1352718181050397,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":474,"flow_dst_max_l4_payload_len":352,"flow_src_tot_l4_payload_len":1492,"flow_dst_tot_l4_payload_len":1106,"midstream":1,"thread_ts_usec":1352718181050397,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"EthernetIP","proto_id":"278","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00587{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"cfgs\/default\/pcap\/ethernetIP.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-payload-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_usec":1352718181050397} +~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ +~~ packets captured/processed: 100/100 +~~ skipped flows.............: 0 +~~ total layer4 data length..: 11876 bytes +~~ total detected protocols..: 4 +~~ total active/idle flows...: 4/4 +~~ total timeout flows.......: 0 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ total memory allocated....: 7685067 bytes +~~ total memory freed........: 7685067 bytes +~~ total allocations/frees...: 142511/142511 +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +~~ json string min len.......: 516 chars +~~ json string max len.......: 2151 chars +~~ json string avg len.......: 1332 chars |