aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/quic-28.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2023-11-08 17:07:20 +0100
committerToni Uhlig <matzeton@googlemail.com>2023-11-08 17:07:20 +0100
commitb667f9e1daa913acddb0bf2117651481d788fdf8 (patch)
treeba30ba11c159888e5cac8adb2747df0562849342 /test/results/default/quic-28.pcap.out
parent55c8a848d3ee160c2b4630180b62d534c2b70788 (diff)
Forcefully reset `NDPI_UNIDIRECTIONAL_TRAFFIC` if classification was done after the first packet. Nonsense.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/quic-28.pcap.out')
-rw-r--r--test/results/default/quic-28.pcap.out2
1 files changed, 1 insertions, 1 deletions
diff --git a/test/results/default/quic-28.pcap.out b/test/results/default/quic-28.pcap.out
index ea6151b1b..73eae8888 100644
--- a/test/results/default/quic-28.pcap.out
+++ b/test/results/default/quic-28.pcap.out
@@ -2,7 +2,7 @@
00626{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1591267474847575}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474847575,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"}
-01320{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3"}}}}
+01195{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1591267474847575,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474847575,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1591267474847575,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Cloudflare","proto_by_ip_id":220,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"www.wireshark.org","quic": {"quic_version":"Draft-28","tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-28,h3-27","tls_supported_versions":"TLSv1.3"}}}}
00573{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1591267474847575,"flow_dst_last_pkt_time":1591267474861209,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1591267474861209,"pkt":"bmImQfCg7jdRvai\/CABFAABL8YhAADkR0gRoGgvwCgkAAgG76soANzParQAAAAAUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwQgoOBp4aIL+MPCXOdR4KiF\/8AABs="}
02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474861209,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1591267474861366,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsJAAEARSUoKCQACaBoL8OrKAbsEuILewv8AABsQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgps603pxkyOuWqOuDCBHqFD5j6Z3HbedH1LdiS7r9g7eF1q+4GbQDzwEnV9STArM0Em4niSxcOP14YGEMbCxBeurtCEC8Tmf6DBDqyOKEQqlh98RR0FuyctJCM99u6oRT6urYJjdL6PSSu3YTL8HY6NviKj+LkpdTz6KmCgYvbgKd7NEhPEXmVYO+dL7mTC6YtcnEsrAHQU704mlKvqtFGL2\/5msnq\/TWBIk6bybV0DxYkGzE2Dnlwtw+dvrt9SpZJQBYmvuqQWRkw7Xl0Ri5Ou\/YH0Nf3CEwfW93dKkzcyI\/xYg9i+2QKy1ICjIZ\/JAWTdEHFRK8O6Gl0vStYOHFWBxnM\/YifVgYZg0OsrKE2RfzjKKmCKUpNz\/eEInpy3g7Oy6BASDjgCLyqH4KHC0RkRyxMeAwO\/4Ueuev5PR+GIZT6RPX+8eDG+GEJz8bGHJ80oLKupj5MfUtk1+qegg2dzVfHgOvprBxIArXCNmBUVNivV7wlObqf87COabZiPrwNrq3bed\/ALhpVnLbXDu3mPYFozof6hWLQUSRUCvRIP+L3zyyxfAOLZZ711TySAZxpgSSNbMb5wMga2ZxBCZGIiJBujBs0RFh65ea1D90334s1gOATeyFD6G0Y5nni0vv93RqV0rCUx5NmKsmees6Lb5Tn92zzlLElQ0tJj8i0NV+A1o9UmRJisTfKPDHGhnjIKCy7tWmA\/6WnyjC5MVpEofvbOp6VSLzrYFEbs4xO0nP5EWcI9akrhkBkR4BVPvA3BR\/JNC6qdA6XjZq7vEC4PK42e5TCzz\/lS4AoqV6qY+iOUqeRm\/KZeFGwLXw2YBxOFGvLQSYLCrM0JT+ZZ\/+YM0cgNTb4UsfslWeAa\/dEDn2K0d5vlVIufoqB2DscZriUDfkBrMe3p2BYO28jOG0dIt\/\/+wVszbGGjaG2DAkiTDrcM67+fz7k2j14PiNbU6+l0I0CfyoRbB67XXdFnPllMtNEGiR4aBRcQCCchbCVwdD7xGfKg8VLCKykEzUES\/y7hiagE2xpKTSbAUtzMYTnIbSLikbFGyfUOpyFdt16r3gk3qkldqup8CI9vmdvD1rvxsFHFdQKlm4ct28WVqNsM7AcMCYS4IdY3fjlHdgQeFzGauOLiE2HquU8FAgRipNJCs2vXSgmlj6qxAuSretb3YYCFUtS5vV7VhzZ\/si5aRaf72K7CkGDHBs9yzIrPzdtDp1CIjAcpqkTgTiqw5a7bneWQdm6knt9coPgKABTdfR1Wfei0Q3edydbubwRd1QyG5zjI0T9bXVZf85BmVvZ\/oiH86E0oC1c6Hyl3M4ke1W9+ncVNagK7XEVU\/lQ9u6NvkLWq7c7LzCfIQKMjglkD6IZxuZzbgX+IVXu+2\/W0iJnR1BIZqRhI1sURkCMk5kSbefJtA\/3ss1rR1eV5WU9Nj63Lk8fki45wlDZBMYeXWKNBze+M4K2DVnLaUMILrXDsu6YTHRFaaXufk6rRMF0IUC\/p6LhqvtpFhBb7T6xRXz1tVkXrpMYBZz4xjGSbfGjFB"}
00607{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1591267474861366,"flow_dst_last_pkt_time":1591267474875141,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_usec":1591267474875141,"pkt":"bmImQfCg7jdRvai\/CABFAABj8Y9AADkR0eVoGgvwCgkAAgG76soAT+eKyv8AABsUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwU0rPlqKVxohC0BrmDOppdYLs59TAAFv5HsDxxmd5VEpKl2hES\/adSPHMDBUM="}