diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2024-09-11 13:01:23 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2024-09-11 13:01:23 +0200 |
| commit | 1c9aa854851c4daf479c988ce8a064ae2accbaab (patch) | |
| tree | ec61c08ebeb5ee3e7df512c962f9f3ccc96d25b0 /test/results/default/telegram_videocall.pcapng.out | |
| parent | aef9d629f01b66a5e1985f265e9c74fd40542fe1 (diff) | |
Save hostname after detection finished for later use within analyse/end/idle flow events. Fixes #39.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/telegram_videocall.pcapng.out')
| -rw-r--r-- | test/results/default/telegram_videocall.pcapng.out | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/test/results/default/telegram_videocall.pcapng.out b/test/results/default/telegram_videocall.pcapng.out index 11867375c..918e8662e 100644 --- a/test/results/default/telegram_videocall.pcapng.out +++ b/test/results/default/telegram_videocall.pcapng.out @@ -223,7 +223,7 @@ 00791{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1648032336009920,"flow_src_last_pkt_time":1648032336041683,"flow_dst_last_pkt_time":1648032336040673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37948,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 01125{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":156,"flow_dst_packets_processed":214,"flow_first_seen":1648032336009996,"flow_src_last_pkt_time":1648032377077811,"flow_dst_last_pkt_time":1648032377149578,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":30433,"flow_dst_tot_l4_payload_len":128721,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37950,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032340008639,"flow_src_last_pkt_time":1648032340089757,"flow_dst_last_pkt_time":1648032340162942,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":466,"flow_dst_max_l4_payload_len":258,"flow_src_tot_l4_payload_len":779,"flow_dst_tot_l4_payload_len":258,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.91","src_port":37966,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032367726063,"flow_dst_last_pkt_time":1648032367761550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":816,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01162{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":10,"flow_first_seen":1648032353559621,"flow_src_last_pkt_time":1648032367726063,"flow_dst_last_pkt_time":1648032367761550,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":148,"flow_src_tot_l4_payload_len":888,"flow_dst_tot_l4_payload_len":816,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","src_port":40643,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} 00958{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648032354824070,"flow_src_last_pkt_time":1648032354824070,"flow_dst_last_pkt_time":1648032354824070,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip6","src_ip":"fe80::abe:acff:fe0b:176e","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"ICMPV6","proto_id":"102","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 00986{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032334318608,"flow_src_last_pkt_time":1648032364328703,"flow_dst_last_pkt_time":1648032334318608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":132,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":264,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.1","dst_ip":"192.168.12.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Dropbox","proto_id":"121","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":13,"category":"Cloud"}} 01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1648032353524758,"flow_src_last_pkt_time":1648032363673567,"flow_dst_last_pkt_time":1648032363819830,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":40,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":40906,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} @@ -238,11 +238,11 @@ 01122{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":80,"flow_dst_packets_processed":100,"flow_first_seen":1648032336638090,"flow_src_last_pkt_time":1648032364833042,"flow_dst_last_pkt_time":1648032364830140,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1999,"flow_dst_tot_l4_payload_len":114100,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40830,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01120{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":15,"flow_first_seen":1648032336639074,"flow_src_last_pkt_time":1648032364836832,"flow_dst_last_pkt_time":1648032364830191,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":578,"flow_dst_max_l4_payload_len":1228,"flow_src_tot_l4_payload_len":1060,"flow_dst_tot_l4_payload_len":12707,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40832,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} 01115{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1648032336710519,"flow_src_last_pkt_time":1648032336807614,"flow_dst_last_pkt_time":1648032336880010,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":249,"flow_dst_max_l4_payload_len":684,"flow_src_tot_l4_payload_len":450,"flow_dst_tot_l4_payload_len":684,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"149.154.167.222","src_port":40834,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"Telegram","proto_id":"185","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":1,"breed":"Acceptable","category_id":9,"category":"Chat"}} -01135{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032367726487,"flow_dst_last_pkt_time":1648032367858291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01161{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353561154,"flow_src_last_pkt_time":1648032367726487,"flow_dst_last_pkt_time":1648032367858291,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","src_port":49667,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} 01252{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":0,"flow_first_seen":1648032354029382,"flow_src_last_pkt_time":1648032367501855,"flow_dst_last_pkt_time":1648032354029382,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":100,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":100,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1300,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"10.46.103.200","src_port":40906,"dst_port":42554,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01130{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1648032353568287,"flow_src_last_pkt_time":1648032367733413,"flow_dst_last_pkt_time":1648032367880227,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":124,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":276,"flow_dst_tot_l4_payload_len":252,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":37444,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01148{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":55,"flow_first_seen":1648032354077734,"flow_src_last_pkt_time":1648032356099058,"flow_dst_last_pkt_time":1648032356073261,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":23,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1112,"flow_dst_max_l4_payload_len":393,"flow_src_tot_l4_payload_len":15509,"flow_dst_tot_l4_payload_len":6792,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"93.36.13.115","src_port":42405,"dst_port":35393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} -01134{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032367726813,"flow_dst_last_pkt_time":1648032367876128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} +01160{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":6,"flow_first_seen":1648032353562490,"flow_src_last_pkt_time":1648032367726813,"flow_dst_last_pkt_time":1648032367876128,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":660,"flow_dst_tot_l4_payload_len":452,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","src_port":49780,"dst_port":1400,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.TelegramVoip","proto_id":"78.355","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"telegram.org"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367877247,"flow_src_last_pkt_time":1648032367885663,"flow_dst_last_pkt_time":1648032367877247,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.17.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01070{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367859462,"flow_src_last_pkt_time":1648032367864669,"flow_dst_last_pkt_time":1648032367859462,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.13.23","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":889,"source":"cfgs\/default\/pcap\/telegram_videocall.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1648032367762702,"flow_src_last_pkt_time":1648032367764744,"flow_dst_last_pkt_time":1648032367762702,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":104,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":104,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":208,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648032378336597,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"91.108.9.35","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Telegram","proto_by_ip_id":185,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} @@ -264,8 +264,8 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6761118 bytes -~~ total memory freed........: 6761118 bytes +~~ total memory allocated....: 6761390 bytes +~~ total memory freed........: 6761390 bytes ~~ total allocations/frees...: 115286/115286 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 543 chars |