aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/stun.pcap.out
diff options
context:
space:
mode:
authorlns <matzeton@googlemail.com>2023-05-26 11:17:38 +0200
committerlns <matzeton@googlemail.com>2023-05-26 11:17:38 +0200
commit8a936a507271b727f7b0907a20fbddbe85bb725e (patch)
treefc5d940c747ea965884e60275eafda32ae5823b5 /test/results/default/stun.pcap.out
parentc9514136b7c4246a57b85474d1a8e376a9009d4a (diff)
Fixed integer overflow for tcp timeout (>INT_MAX).
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/stun.pcap.out')
-rw-r--r--test/results/default/stun.pcap.out18
1 files changed, 9 insertions, 9 deletions
diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out
index 5f48e4757..ef907c973 100644
--- a/test/results/default/stun.pcap.out
+++ b/test/results/default/stun.pcap.out
@@ -1,4 +1,4 @@
-00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1614938022295727}
00822{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="}
@@ -22,13 +22,13 @@
02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":74,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":114,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":118,"packets-processed":117,"total-skipped-flows":0,"total-l4-payload-len":8748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_usec":1643626018009166}
-00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
-00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="}
-00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="}
-00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018269673,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVtAAD8G+3A2ATmbVy9kEZGJDZZkx84Rb9rhMYAYAQDivwAAAQEICgdixl6f27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="}
-00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"}
-01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","stun": {"num_pkts":3,"num_binding_requests":0,"num_processed_pkts":3}}}
-00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="}
+00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1643626018009166,"pkt":"AAAAAAAAAAIAmUIoCABFAAA8AABAAC4GIeBXL2QRNgE5mw2WkYlv2uEwZMfN9aAScSBlfgAAAgQFtAQCCAqf27foB2LEZgEDAwc="}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018016908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018016908,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVpAAD8G+3E2ATmbVy9kEZGJDZZkx831b9rhMYAYAQDj2AAAAQEICgdixWGf27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="}
+00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_usec":1643626018269673,"pkt":"AAAAAAAAAAUALNPrCABFAABQFVtAAD8G+3A2ATmbVy9kEZGJDZZkx84Rb9rhMYAYAQDivwAAAQEICgdixl6f27foAAMACCESpEJwTVNWeGJTOWtyTkQAGQAEEQAAAA=="}
+00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"}
+01024{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":121,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","stun": {"num_pkts":3,"num_binding_requests":0,"num_processed_pkts":3}}}
+00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="}
01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00579{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":138,"packets-processed":137,"total-skipped-flows":0,"total-l4-payload-len":11092,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":3,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_usec":1647958145472010}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
@@ -40,7 +40,7 @@
02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="}
02216{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00995{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147591534,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2100,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleHangoutDuo","proto_id":"78.201","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":170,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","packets-captured":170,"packets-processed":170,"total-skipped-flows":0,"total-l4-payload-len":15998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":3,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_usec":1647958147591534}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 170/170
Powered by cgit, Themed by Ted Yin.