summaryrefslogtreecommitdiff
path: root/test/results/doq_adguard.pcapng.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2022-09-19 10:14:37 +0200
committerToni Uhlig <matzeton@googlemail.com>2022-09-19 10:14:37 +0200
commit015a739efda638737adeed521ca5ba43708949f0 (patch)
treee4da6a2f5afc6f451911bd34369d6ef334a66153 /test/results/doq_adguard.pcapng.out
parent31715295d9c2ec580483c089a33f660b21e5539b (diff)
Added layer4 payload length bins.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/doq_adguard.pcapng.out')
-rw-r--r--test/results/doq_adguard.pcapng.out8
1 files changed, 4 insertions, 4 deletions
diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out
index f77b27882..ae7cd46ed 100644
--- a/test/results/doq_adguard.pcapng.out
+++ b/test/results/doq_adguard.pcapng.out
@@ -5,7 +5,7 @@
01103{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425043144,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1232,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1232,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1608278425043144,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","encrypted":1,"breed":"Fun","category_id":14,"category":"Network","hostname":"dns.adguard.com","quic": {"tls": {"version":"TLSv1.3","ja3":"1e022f87823477abd6a79c31d70062d7","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"doq-i00","tls_supported_versions":"TLSv1.3"}}}}
00689{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1608278425043144,"flow_dst_last_pkt_time":1608278425079621,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1608278425079621,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="}
02173{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1608278425084825,"flow_dst_last_pkt_time":1608278425079621,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_usec":1608278425084825,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="}
-01362{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278427520204,"flow_dst_last_pkt_time":1608278427556259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":3388,"flow_dst_tot_l4_payload_len":9887,"midstream":0,"thread_ts_usec":1608278427556259,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":12,"flow_avg":160973.4,"flow_max":1885270,"flow_stddev":453072.4,"c_to_s_min":12,"c_to_s_avg":165137.3,"c_to_s_max":1830423,"c_to_s_stddev":456483.3,"s_to_c_min":12,"s_to_c_avg":157069.7,"s_to_c_max":1885270,"s_to_c_stddev":449816.2},"pktlen": {"c_to_s_min":73,"c_to_s_avg":253.8,"c_to_s_max":1274,"c_to_s_stddev":388.3,"s_to_c_min":83,"s_to_c_avg":659.9,"s_to_c_max":1294,"s_to_c_stddev":560.0}},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","encrypted":1,"breed":"Fun","category_id":14,"category":"Network"}}
+01588{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278427520204,"flow_dst_last_pkt_time":1608278427556259,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":31,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":3388,"flow_dst_tot_l4_payload_len":9887,"midstream":0,"thread_ts_usec":1608278427556259,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":12,"flow_avg":160973.4,"flow_max":1885270,"flow_stddev":453072.4,"c_to_s_min":12,"c_to_s_avg":165137.3,"c_to_s_max":1830423,"c_to_s_stddev":456483.3,"s_to_c_min":12,"s_to_c_avg":157069.7,"s_to_c_max":1885270,"s_to_c_stddev":449816.2},"pktlen": {"c_to_s_min":73,"c_to_s_avg":253.8,"c_to_s_max":1274,"c_to_s_stddev":388.3,"s_to_c_min":83,"s_to_c_avg":659.9,"s_to_c_max":1294,"s_to_c_stddev":560.0},"bins": {"c_to_s": [4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0],"s_to_c": [0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","encrypted":1,"breed":"Fun","category_id":14,"category":"Network"}}
00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":164,"flow_dst_packets_processed":132,"flow_first_seen":1608278425043144,"flow_src_last_pkt_time":1608278463119538,"flow_dst_last_pkt_time":1608278462796456,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":30,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1232,"flow_dst_max_l4_payload_len":1252,"flow_src_tot_l4_payload_len":10308,"flow_dst_tot_l4_payload_len":21705,"midstream":0,"thread_ts_usec":1608278463119538,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.DoH_DoT","proto_id":"188.196","encrypted":1,"breed":"Fun","category_id":14,"category":"Network"}}
00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-payload-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_usec":1608278463119538}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -16,9 +16,9 @@
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6054635 bytes
-~~ total memory freed........: 6054635 bytes
-~~ total allocations/frees...: 121804/121804
+~~ total memory allocated....: 6054763 bytes
+~~ total memory freed........: 6054763 bytes
+~~ total allocations/frees...: 121806/121806
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 484 chars
~~ json string max len.......: 2179 chars
Powered by cgit, Themed by Ted Yin.