diff options
| author | lns <matzeton@googlemail.com> | 2023-05-26 11:17:38 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2023-05-26 11:17:38 +0200 |
| commit | 8a936a507271b727f7b0907a20fbddbe85bb725e (patch) | |
| tree | fc5d940c747ea965884e60275eafda32ae5823b5 /test/results/default/tinc.pcap.out | |
| parent | c9514136b7c4246a57b85474d1a8e376a9009d4a (diff) | |
Fixed integer overflow for tcp timeout (>INT_MAX).
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/default/tinc.pcap.out')
| -rw-r--r-- | test/results/default/tinc.pcap.out | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/test/results/default/tinc.pcap.out b/test/results/default/tinc.pcap.out index 5e4ab4f3c..066b9676c 100644 --- a/test/results/default/tinc.pcap.out +++ b/test/results/default/tinc.pcap.out @@ -1,19 +1,19 @@ -00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1495983427717971} -00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427717971,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427717971,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} -00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427744301,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427744301,"pkt":"ABcILL3nACbGCvpSCABFEAA8k+lAAEAG53CDcqgbuVPacMCK2WgWL9D7AAAAAKACchDyzQAAAgQFtAQCCAoov3nyAAAAAAEDAwc="} -00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1495983427768940,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9ln52yg0OtBuZf\/QYASOQhw5gAAAgQFtAEBBAIBAwMH"} -00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1495983427768999,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1495983427768999,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"} -00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1495983427769052,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1495983427769052,"pkt":"ABcILL3nACbGCvpSCABFEAAzvE1AAEAGvxWDcqgbuVPacOds2We5l\/9BoNDrQlAYAOU1egAAMCB0aGluayAxNwo="} -00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1495983427794171,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9lowIoRT99iFi\/Q\/IASOQgE1gAAAgQFtAEBBAIBAwMH"} -00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1495983427794228,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1495983427794228,"pkt":"ABcILL3nACbGCvpSCABFEAAok+pAAEAG54ODcqgbuVPacMCK2WgWL9D8EU\/fY1AQAOV9ywAA"} -00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1495983427794279,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1495983427794279,"pkt":"ABcILL3nACbGCvpSCABFEAAvk+tAAEAG53uDcqgbuVPacMCK2WgWL9D8EU\/fY1AYAOWeRAAAMCB0IDE3Cg=="} -00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1495983427769052,"flow_dst_last_pkt_time":1495983427816156,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1495983427816156,"pkt":"ACbGCvpSABcILL3nCABFCAAo0wJAADEGt3O5U9pwg3KoG9ln52yg0OtCuZf\/TFAQAHPqQgAAAAAAAAAA"} -01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427816902,"flow_dst_last_pkt_time":1495983427818440,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":1050,"flow_dst_tot_l4_payload_len":1047,"midstream":0,"thread_ts_usec":1495983427818440,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1495983427794279,"flow_dst_last_pkt_time":1495983427844409,"flow_idle_time":3285032704,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1495983427844409,"pkt":"ACbGCvpSABcILL3nCABFCAAo5z5AADEGoze5U9pwg3KoG9lowIoRT99jFi\/RA1AQAHN+NgAAAAAAAAAA"} -01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427846083,"flow_dst_last_pkt_time":1495983427844511,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":1046,"flow_dst_tot_l4_payload_len":1044,"midstream":0,"thread_ts_usec":1495983427846083,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427717971,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427717971,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427717971,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} +00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983427744301,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427744301,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1495983427744301,"pkt":"ABcILL3nACbGCvpSCABFEAA8k+lAAEAG53CDcqgbuVPacMCK2WgWL9D7AAAAAKACchDyzQAAAgQFtAQCCAoov3nyAAAAAAEDAwc="} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1495983427717971,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1495983427768940,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9ln52yg0OtBuZf\/QYASOQhw5gAAAgQFtAEBBAIBAwMH"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1495983427768999,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1495983427768999,"pkt":"ABcILL3nACbGCvpSCABFEAAovExAAEAGvyGDcqgbuVPacOds2We5l\/9BoNDrQlAQAOXp2wAA"} +00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1495983427769052,"flow_dst_last_pkt_time":1495983427768940,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_usec":1495983427769052,"pkt":"ABcILL3nACbGCvpSCABFEAAzvE1AAEAGvxWDcqgbuVPacOds2We5l\/9BoNDrQlAYAOU1egAAMCB0aGluayAxNwo="} +00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1495983427744301,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1495983427794171,"pkt":"ACbGCvpSABcILL3nCABFCAA0AABAADEGimq5U9pwg3KoG9lowIoRT99iFi\/Q\/IASOQgE1gAAAgQFtAEBBAIBAwMH"} +00522{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1495983427794228,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1495983427794228,"pkt":"ABcILL3nACbGCvpSCABFEAAok+pAAEAG54ODcqgbuVPacMCK2WgWL9D8EU\/fY1AQAOV9ywAA"} +00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1495983427794279,"flow_dst_last_pkt_time":1495983427794171,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"thread_ts_usec":1495983427794279,"pkt":"ABcILL3nACbGCvpSCABFEAAvk+tAAEAG53uDcqgbuVPacMCK2WgWL9D8EU\/fY1AYAOWeRAAAMCB0IDE3Cg=="} +00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1495983427769052,"flow_dst_last_pkt_time":1495983427816156,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1495983427816156,"pkt":"ACbGCvpSABcILL3nCABFCAAo0wJAADEGt3O5U9pwg3KoG9ln52yg0OtCuZf\/TFAQAHPqQgAAAAAAAAAA"} +01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":4,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983427816902,"flow_dst_last_pkt_time":1495983427818440,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":1050,"flow_dst_tot_l4_payload_len":1047,"midstream":0,"thread_ts_usec":1495983427818440,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} +00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1495983427794279,"flow_dst_last_pkt_time":1495983427844409,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1495983427844409,"pkt":"ACbGCvpSABcILL3nCABFCAAo5z5AADEGoze5U9pwg3KoG9lowIoRT99jFi\/RA1AQAHN+NgAAAAAAAAAA"} +01065{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983427846083,"flow_dst_last_pkt_time":1495983427844511,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":1046,"flow_dst_tot_l4_payload_len":1044,"midstream":0,"thread_ts_usec":1495983427846083,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983428000367,"flow_dst_last_pkt_time":1495983428000367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":644,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":644,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983428000367,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 01378{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1495983428000367,"flow_dst_last_pkt_time":1495983428000367,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":686,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":686,"pkt_l4_len":652,"thread_ts_usec":1495983428000367,"pkt":"ABcILL3nACbGCvpSCABFAAKgAABAAEARePuDcqgbuVPacNln2WcCjOIVMnicz9ZajjNEbdb6GxVP+T0CYtKzdvwcc\/GkysPu2p+HyRNKFCh5wNXMj6m9vaZ39wOg\/SFDxkblUqiUmI5T0t6KnEjzK4HfVELTk6MBki+YvI91VjjOz3oekNHxmSbldeRnnKPd925mZ9lxMA3GG9gZmsCSn4wPwr41LS70gLZbanbUNnlN7x6Kh9gVM6JtlzGBIjbSf6B4epOKePy2xW4AQp4bPXtTf\/0OGkPuy5hSETaSFX43lK3JOI2urGuq\/8zhvAyKL4t3LDJwEcTmglCiHm1tbrVnkmBCUBidOZ0NL52X+MKzyHnGOwdAwfV4+3VKFFmQE8IO6WWoZ\/vYOzfj1XZjyXREui0IMCYkWnraOSjlBBxRPQ4DkdgtsHokBlbzUjfr8Ss8XpNaUoZaaRCYy8Kw3szJstqYEU2GPLD0+pg+X9RZcEt+NlU1dFprcf5TwwLwxVrUXlq0UN21vjPNjBpnc4JeghgRv\/VcYRefFyhIUgPMVrdpg5GrCB4JTq65maVpsTyfybYsJ+i42aA3YjBU5z0PIhvBUxoHrj9TxX5OiZvAe42wvflGvW6iHzGGkgjUXDRxjS28FvW05QZJMaG4nQLQu0v8AHNHzQKZciwh33gMV3VVc\/5ghMO+CpJHRRkAZ7mBJzHMFXodcVJsk6K\/2J54sUaiJ48wBzCUQaWI9+w9ancXV2nZd+EHodY95wdzarfbqW8B30M66dRT3RsX8ddjytNxLuW+ewDpuzxP\/dncf+l0Gbul3BZMq9q4XnRT0wDb7bXlR0N7oHMRyWJ2GHC0RV7IQnYGzB\/YDI0StaWXOcSFic4ZA5TwYmSAm0iGFMYJM8DJznOohvp1QzM="} 01176{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983428000367,"flow_dst_last_pkt_time":1495983428000367,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":644,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":644,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":644,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1495983428000367,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} @@ -30,10 +30,10 @@ 02169{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1495983428043295,"flow_dst_last_pkt_time":1495983428044294,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1270,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1270,"pkt_l4_len":1236,"thread_ts_usec":1495983428044294,"pkt":"ABcILL3nACbGCvpSCABFAAToAABAAEARdrODcqgbuVPacNlo2WgE1Ky0g6TtBObpsPGOGJJQW0suWMljVUPagRgTUahiB4IjMQW4Tg9f5cyshjm+p29iVNftVxe04dz+cfBMCVwhcjyEFkeou0ifCNhflHKECEASMlSPHygCv0jVCXv8ZCd4sw1DV4qkJHpNuqDzIOeMO5kigXd6Zr9\/kVGFNbYATiJ\/4\/d07Ys9tYVMMU9+GZLsw5TEeonc6JkgLf1Ag3YWp13STJFjkXmUQQEmCx7jMF2zuyFMW5l\/1l+DbcCnhmbrBjbCGgGFI5zBwsgztvAY5qYKZmeQM416lrSfO\/FAzqiwFmco4KFBkS27f0df+2LqiHW32UmxNTIO7nt7Lxv6feXMiqoigaWWhN1NpH+olHgBkDgRLRZR4izZRSb8NUu3oEYl7mity8XB29TfUHGUnr7zFV+ThMWXOU3y0zQ9o5ikDE7I+WgQ7I9UyX6BXcM9EDJAd1\/ntbLOCFZ73uP0F0pkt2EO0wYonWlaz4t\/h2ZlpNEogqERgZVlvsXJ3cypRCK7BJ2hkH0cxa7zmtpQWpxgzM1azMgu0Zgp5HWBZKU3HSw1WRpTgj3+b1F+M1u27lyVKPP+KJcO6xdB1JrsYND9NvH6gEBt8cFgwPuzeHo6wCDKovtGsN5fvYwZPB4Hh6PHHNRhCh3AasN9rEPpw8JY5BDOCRAAA3iiYGcBaPnZ0toysnHlF65SS7yd3NDlqep+WAUSHRxxU8yzD1fmlWf4vJglbKskZhPmmm3GZR4YD4PkDqxgwkla64kkcOD8ccSMwfZnv5Z28h9GnGF+kQBVOLMIb7nl3z3N+WVKF7N25EEZzkfhSx\/h6janHpbhx+CdQ4ITvm5cu4+8facY3f2FOR816OA\/QfBn0tfLB1974fZP1fYqUFGo7KoCBhYIQ2ACsS1WRnIV4NYdcX1uMmVf50b3HtIK4sV9yKgJdfmD+EV7ezZL2MeV0LYarWre0bgnjKAVFDY0UVHIc4kmK4sxUN5+iakUFgwhsrVeTwJsaXHUfixNVEmgrP3Jf5kqIPeitYRaU0E9kvujkfFBcX+w8r42EXbRrc61L5X1Rd01DEE+9On2z6e4vX+Equt5\/m2UdWD9O\/PpySdoiKsCe5pDggSnynFF+FOXuAnWEI0mpUVDmqumkpCDb8c2ERNo+A5Vxs9qjD6tLD0yLNOCE7qhLjU+bSCS1QOoJGuQs7qxOb0ZnBHAZHFaf0+B3HbB\/tXNawHGqfKAuiLM3txkOqXcIGBq0CVbdYOikKqUCQDWCB\/HeQEArr0ZW4yzfSrIPnpD1p0UVQ7wuqY9xXo4VLgsQR04gQLlJTUWVifMLbu3sAYHYrE6\/npTXS49H\/RY+ihrdGLN15Bwl7LkO6NlZm6aweckyA0cEuiwILQ7jWNd+fOXd3Ku1+dy2u25uV3Ez96JUM99NWNXBgebQa4mwBzMhR8Am75s\/KFEWAx1uA3jAG0Au+UTmHis+TKR59uUQJqHwgArWpwhKHyUFC4HHlXQKBnS9lutaV4lAOTGrmQVS0MDRQzqTtMhIAKY2b3DrwAXsov84LvryNSH009x5WiK1x6IzMLQpKSIgJCfUvBojuUi\/zAx7ICX+r2u1iKgemgZssbZF6IAXAyOQb8CxNvxnmB00hq83N\/933x+Cg=="} 02453{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":104,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983431160747,"flow_dst_last_pkt_time":1495983430158623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":19148,"flow_dst_tot_l4_payload_len":16284,"midstream":0,"thread_ts_usec":1495983431160747,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":23,"avg":171568.9,"max":1069532,"stddev":377387.1,"var":142420983808.0,"ent":2.5,"data": [157,27472,47,25,27522,244,68,237,181,126,15445,30,41839,33,23,1057953,304,258,1003680,53,1840,184,45315,102,25,1024085,82,1069532,137,1001358,279]},"pktlen": {"min":176,"avg":1135.2,"max":1496,"stddev":450.4,"var":202833.5,"ent":4.9,"data": [672,720,224,1472,768,216,1256,176,1296,1464,760,672,720,1264,176,1296,1344,1464,1360,1472,1488,1472,1480,1344,1472,1360,1488,1488,1488,1480,1496,1480]},"bins": {"c_to_s": [0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0],"s_to_c": [0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0]},"directions": [0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0],"entropies": [7.665557861,7.732561588,7.082343578,7.846774578,7.752214432,6.906925201,7.855091572,6.755141735,7.856310368,7.846433163,7.747685909,7.710433006,7.733560562,7.868661880,6.790736675,7.858621597,7.869617462,7.873907566,7.874854565,7.877315998,7.870153904,7.874608040,7.878478050,7.845719337,7.883452892,7.855854511,7.886187077,7.874522686,7.870358467,7.871251106,7.874283314,7.868322849]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 02454{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983432571150,"flow_dst_last_pkt_time":1495983432526055,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":148,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":1452,"flow_src_tot_l4_payload_len":10944,"flow_dst_tot_l4_payload_len":20512,"midstream":0,"thread_ts_usec":1495983432571150,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":24,"avg":290670.0,"max":2412459,"stddev":558680.6,"var":312123949056.0,"ent":2.9,"data": [50,27,594,482,207,142,1049148,39,24,1048033,86,239,119,120,91,44079,43,25,1044735,279,1021999,20586,1001463,275,241,363633,1001240,149,123,2412459,39]},"pktlen": {"min":104,"avg":1011.0,"max":1480,"stddev":450.3,"var":202783.0,"ent":4.8,"data": [752,1472,944,720,1256,1472,944,1056,656,320,1048,176,1296,512,656,320,176,1296,512,1464,1360,1360,1360,1472,1336,1304,104,1480,1464,1328,1376,1360]},"bins": {"c_to_s": [0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0],"s_to_c": [0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0]},"directions": [0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0],"entropies": [7.690577507,7.881368160,7.775002003,7.728326797,7.851398468,7.867018700,7.774654388,7.831391335,7.688314915,7.329430103,7.812694550,6.669548035,7.843146801,7.557564259,7.679370403,7.194211483,6.957363605,7.850227833,7.572175503,7.873534679,7.858608246,7.866045952,7.839975357,7.845044613,7.866905689,7.841031551,6.193184853,7.882274628,7.896846294,7.859506130,7.852632523,7.876025200]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983475109122,"flow_dst_last_pkt_time":1495983475109062,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":3036,"flow_dst_tot_l4_payload_len":2354,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":13,"flow_first_seen":1495983427744301,"flow_src_last_pkt_time":1495983475109122,"flow_dst_last_pkt_time":1495983475109062,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":3036,"flow_dst_tot_l4_payload_len":2354,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01229{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":101,"flow_dst_packets_processed":29,"flow_first_seen":1495983428000367,"flow_src_last_pkt_time":1495983470930418,"flow_dst_last_pkt_time":1495983470973187,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":76,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1468,"flow_dst_max_l4_payload_len":1460,"flow_src_tot_l4_payload_len":132724,"flow_dst_tot_l4_payload_len":31332,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 01230{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":105,"flow_first_seen":1495983428043218,"flow_src_last_pkt_time":1495983463866065,"flow_dst_last_pkt_time":1495983463817214,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":1468,"flow_src_tot_l4_payload_len":28820,"flow_dst_tot_l4_payload_len":135316,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"5":"DPI (cache)"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} -01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983475073125,"flow_dst_last_pkt_time":1495983475073073,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":2339,"flow_dst_tot_l4_payload_len":2308,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} +01106{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":15,"flow_dst_packets_processed":11,"flow_first_seen":1495983427717971,"flow_src_last_pkt_time":1495983475073125,"flow_dst_last_pkt_time":1495983475073073,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1039,"flow_dst_max_l4_payload_len":1037,"flow_src_tot_l4_payload_len":2339,"flow_dst_tot_l4_payload_len":2308,"midstream":0,"thread_ts_usec":1495983475109122,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"TINC","proto_id":"209","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00582{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"cfgs\/default\/pcap\/tinc.pcap","alias":"nDPId-test","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-payload-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1495983475109122} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 317/317 |