summaryrefslogtreecommitdiff
path: root/test/results/exe_download.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2021-05-20 14:55:05 +0200
committerToni Uhlig <matzeton@googlemail.com>2021-05-20 14:55:05 +0200
commit9a1c2d0ea731724edfaca97195c87569e4321681 (patch)
treed1371082f38a429a2c491ef918ed2a963936bc9a /test/results/exe_download.pcap.out
parentdb39772aa7b10ee6fb9e21db8f44c0f5fca7a1d2 (diff)
Reworked layer 4 flow length naming/calculation.
* nDPIsrvd services usually do not care about layer4 data length, payload length is quite more essential for further processing Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/exe_download.pcap.out')
-rw-r--r--test/results/exe_download.pcap.out8
1 files changed, 4 insertions, 4 deletions
diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out
index d81c66534..a980f25f7 100644
--- a/test/results/exe_download.pcap.out
+++ b/test/results/exe_download.pcap.out
@@ -1,13 +1,13 @@
00480{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
-00475{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_tot_l4_data_len":32,"flow_min_l4_data_len":32,"flow_max_l4_data_len":32,"flow_avg_l4_data_len":32,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1569434051004,"flow_last_seen":0,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00425{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":4796,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"}
00419{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324116,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="}
00412{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324323,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALJAAIAGAJIKCRllkFtFw8ANAFC+hvgfPu\/YuVAQ+vAsqgAA"}
00621{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":324979,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"pkt":"IOUqtpPxAAgCHEeuCABFAADBALNAAIAG\/\/cKCRllkFtFw8ANAFC+hvgfPu\/YuVAY+vAITAAAR0VUIC9zb2xhci5waHAgSFRUUC8xLjENCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdDogKi8qDQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLXVzDQpVc2VyLUFnZW50OiBwd3R5eUVLek50R2F0d25Kam1DY0JMYk92ZUNWcGMNCkhvc3Q6IDE0NC45MS42OS4xOTUNCg0K"}
-00706{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_tot_l4_data_len":249,"flow_min_l4_data_len":20,"flow_max_l4_data_len":173,"flow_avg_l4_data_len":62,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
+00717{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
00411{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":325236,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"AAgCHEeuIOUqtpPxCABFAAAoBbEAAIAGO5OQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vAsEQAA"}
02368{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623372,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbQAAIAGNdyQW0XDCgkZZQBQwA0+79i5vob4uFAQ+vA4RgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IG5naW54LzEuMTAuMw0KRGF0ZTogV2VkLCAyNSBTZXAgMjAxOSAxNzo1NDoxMiBHTVQNCkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtDQpDb250ZW50LUxlbmd0aDogNjc5MDA4DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpDb250ZW50LURlc2NyaXB0aW9uOiBGaWxlIFRyYW5zZmVyDQpDb250ZW50LURpc3Bvc2l0aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0icGhuMzR5Y2p0Z2htLmV4ZSINCkV4cGlyZXM6IDANCkNhY2hlLUNvbnRyb2w6IG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBwdWJsaWMNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADF5hWJgYd72oGHe9qBh3vasqVe2oOHe9pbpGfai4d72likZ9qAh3vae6Ri2piHe9qBh3ra\/4V72nujO9qdh3vae6Nn2gSHe9qqplzaiId72nujZtoZh3vae6M+2oCHe9p7o0bagId72lJpY2iBh3vaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAEwBBAA3BYtdAAAAAAAAAADgAA8BCwEHAABABAAAwAQAAAAAAGIRAQAAEAAAAFAEAAAAQAAAEAAAABAAAAQAAAAAAAAABAAAAAAAAAAAEAkAABAAAJAACQACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAAAAAsZAUAGAEAAAAABgDyAQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFAEAGAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAAKMzBAAAEAAAAEAEAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAABgOwEAAFAEAABAAQAAUAQAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAxGAAAACQBQAAMAAAAJAFAAAAAAAAAAAAAAAAAEAAAMAucnNyYwAAAPIBAwAAAAYAABADAADABQAAAAAAAAAAAAAAAABAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
-00808{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_tot_l4_data_len":1749,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":291,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
+00819{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4":"Binary application transfer","12":"HTTP Numeric IP Address"},"proto":"HTTP","breed":"Acceptable","category":"Download-FileTransfer-FileSharing"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}}
02109{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623382,"pkt_caplen":1322,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1322,"pkt_l4_len":1288,"pkt":"AAgCHEeuIOUqtpPxCABFAAUcBbUAAIAGNpuQW0XDCgkZZQBQwA0+795tvob4uFAY+vAhYQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00412{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":623558,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALZAAIAGAI4KCRllkFtFw8ANAFC+hvi4Pu\/jYVAQ+vAhaQAA"}
02237{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":624937,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"pkt":"AAgCHEeuIOUqtpPxCABFAAV8BbYAAIAGNjqQW0XDCgkZZQBQwA0+7+Nhvob4uFAY+vAcDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
@@ -17,5 +17,5 @@
02532{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630207,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"pkt":"AAgCHEeuIOUqtpPxCABFAAXcBbkAAIAGNdeQW0XDCgkZZQBQwA0+7\/Ndvob4uFAQ+vCglwAAAAABAAAAg+xUuRUAAACNdaiL\/POli02k6PMCAABfXovlXcPMzMzMzMzMzMzMzMzMVYvsg+xcVleJTaSNRahQi02k6PO9AQCLTaSDudQBAAAAdBiLVbCD4vuJVbCLRaTHgNQBAAAAAAAA6x\/HRawEAIAAx0WwBAAAAMZF+AGLTaTHgdQBAAABAAAAg+xUuRUAAACNdaiL\/POli02k6G8CAABfXovlXcPMzMzMzMzMzMxVi+xRiU38i+Vdw8zMzMzMVYvsav9oTSlEAGShAAAAAFBkiSUAAAAAgey4AAAAiY1A\/\/\/\/aGwBAADoydIBAIPEBImFRP\/\/\/8dF\/AAAAACDvUT\/\/\/8AdBVqAIuNRP\/\/\/+jcAwAAiYU8\/\/\/\/6wrHhTz\/\/\/8AAAAAi4U8\/\/\/\/iYVI\/\/\/\/x0X8\/\/\/\/\/4uNSP\/\/\/4lN8ItV8IsCi03w\/5BAAQAAg\/gBD4W3AAAAx4VM\/\/\/\/nAAAAItN8IO5YAEAAAB0D4uVUP\/\/\/4PKAomVUP\/\/\/4tF8IO4aAEAAAB0D4uNUP\/\/\/4PJAYmNUP\/\/\/4tV8IO6ZAEAAAB0D4uFUP\/\/\/4PIBImFUP\/\/\/4tN8IuRYAEAAGnSoAUAAImVXP\/\/\/4tF8IuIZAEAAGnJoAUAAIlN7ItV7PfaiZVg\/\/\/\/i0Xwi4hoAQAAacmgBQAAA03siY1Y\/\/\/\/jZVM\/\/\/\/UouNQP\/\/\/+hmvAEAi030ZIkNAAAAAIvlXcPMzFWL7FGJTfyLRfyLiMwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNABAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNwBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNgBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7FGJTfyLRfyLiNQBAABRi1UIiwKLTQj\/UASL5V3CBADMzMzMzMzMzMzMzMzMzFWL7IPsEIlN9I1F\/FCNTfhRi0306Di6AQCLVfg7Vfx1CcdF8P\/\/\/\/\/rBotF\/IlF8ItN8FGLVfhSi0306L65AQCNRQhQi0306MC6AQCL5V3CVADMzMzMzMzMzMzMzMzMzFWL7IHszAAAAImNOP\/\/\/2oBi0UIixCLTQj\/EseFPP\/\/\/wAAAACNhUD\/\/\/9Qi404\/\/\/\/6LG6AQCLTQiLUQSJlTT\/\/\/+DvTT\/\/\/9ldCuDvTT\/\/\/9mdAuDvTT\/\/\/9ndDDrRQ+3hVj\/\/\/+D6AL32BvAQImFPP\/\/\/+s4D7eNWP\/\/\/4PpAffZG8lBiY08\/\/\/\/6yEPt5VY\/\/\/\/g+oD99ob0kKJlTz\/\/\/\/rCseFPP\/\/\/wAAAAAzwIO9PP\/\/\/wAPlcBQi00IixGLTQj\/UgiL5V3CBADMzMxVi+yD7AiJTfyLRQiJRfiDffhldA6DffhmdBSDffhndBrrImoBi0386NP1\/\/\/rFmoCi0386Mf1\/\/\/rCmoDi0386Lv1\/\/+L5V3CBADMzMzMzFWL7ItFCFDoRs8BAIPEBF3CBADMzMzMzMzMzMzMzMzMVYvsUYlN\/GoAi0X8i0gcUf8VUFVEAIvlXcPMzMzMzMxVi+xRiU38agGLRfyLSBxR\/xVQVUQAi+Vdw8zMzMzMzFWL7Gr\/aIEpRABkoQAAAABQZIklAAAAAIPsEIlN5ItFCFBqZotN5Oh3FQIAx0X8AAAAAItN5McBSFxEAItV5IPCcIlV8ItN8OjO2gEAi0XwxwCElEQAxkX8AYtN5IHBwAAAAIlN7ItN7Oit2gEAi1XsxwKElEQAxkX8AotF5AUQAQAAiUXoi03o6I3aAQCLTejHAYSURADHRfz\/\/\/\/\/i0Xki030ZIkNAAAAAIvlXcIEAMzMzMzMzMzMzMzMzMzMzFWL7FE="}
02138{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630216,"pkt_caplen":1302,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1302,"pkt_l4_len":1268,"pkt":"AAgCHEeuIOUqtpPxCABFAAUIBboAAIAGNqqQW0XDCgkZZQBQwA0+7\/kRvob4uFAY+vB0WgAAiU38i0386CEAAACLRQiD4AGFwHQMi038UegQzgEAg8QEi0X8i+VdwgQAzMxVi+xq\/2ixKUQAZKEAAAAAUGSJJQAAAABRiU3wx0X8AgAAAItN8IHBEAEAAOiLCwMAxkX8AYtN8IHBwAAAAOh5CwMAxkX8AItN8IPBcOhqCwMAx0X8\/\/\/\/\/4tN8OilEwIAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/ItF\/IPAcFBo6gMAAItNCFHoqYwCAItV\/IHCwAAAAFJo6wMAAItFCFDokYwCAItN\/IHBEAEAAFFo7AMAAItVCFLoeYwCAIvlXcIEAMzMzMzMzMzMzMzMzMzMVYvsUYlN\/LhIW0QAi+Vdw1WL7IPsGIlN6MdF8AAAAADrCYtF8IPAAYlF8IN98Bl9N4tN8IsUjbCQRQBSaKBdRACNRfRQ\/xXUVUQAg8QMjU30UWoAaEMBAACLVQiLQhxQ\/xVIVUQA67rHRewAAAAAagCLTexRaE4BAACLVQiLQhxQ\/xVIVUQAi+VdwgQAzMzMVYvsUYlN\/ItN\/OiFFgIAi0X8g8BwUItN\/Ohi\/\/\/\/i038gcHAAAAAUYtN\/OhQ\/\/\/\/i1X8gcIQAQAAUotN\/Og+\/\/\/\/uAEAAACL5V3DzMzMzMxVi+xq\/2jIKUQAZKEAAAAAUGSJJQAAAACD7CCJTeCLTeDoOuQBAOipGwIAiUXoi0XoixCLTej\/UgyJReyLReyDwBCJRfDHRfwAAAAAjU3wUYtN4IPBcOj27wEAagBqAGhHAQAAi1Xgi4KMAAAAUP8VSFVEAIXAdBGLTfBR6F\/lAACDxASJRdzrB8dF3AAAAACLVeCLRdyJgmABAACNTfBRi03ggcHAAAAA6KPvAQBqAGoAaEcBAACLVeCLgtwAAABQ\/xVIVUQAhcB0EYtN8FHoDOUAAIPEBIlF2OsHx0XYAAAAAItV4ItF2ImCZAEAAI1N8FGLTeCBwRABAADoUO8BAGoAagBoRwEAAItV4IuCLAEAAFD\/FUhVRACFwHQRi03wUei55AAAg8QEiUXU6wfHRdQAAAAAi1Xgi0XUiYJoAQAAx0X8\/\/\/\/\/41N8OifAAAAi030ZIkNAAAAAIvlXcPMVYvsUYlN\/IvlXcIEAMzMzFWL7FGJTfyLRQxQD7dNCFGLVfyLAotN\/P+QNAEAAIvlXcIIAMzMzMzMzMzMzMzMzFWL7FGJTfyLTfzoXQgDAItFCIPgAYXAdAyLTfxR6JDKAQCDxASLRfyL5V3CBADMzFWL7IPsCIlN+ItN+OgPAAAAi+Vdw8zMzMzMzMzMzMzMVYvsg+wIiU34i0X4iwiD6RCJTfyLVfyDwgyDyP\/wD8ECSIXAfxOLTfxRi1X8iwKLTfyLCYsQ\/1IEi+Vdw8zMzFWL7Gr\/aOopRABkoQAAAABQZIklAAAAAIPsDGgYAgAA6NLJAQCDxASJRezHRfwAAAAAg33sAHQNi03s6FAAAACJRejrB8dF6AAAAACLReiJRfDHRfz\/\/\/\/\/i0Xwi030ZIkNAAAAAIvlXcPMzMzMzMxVi+xRiU38uABfRACL5V3DVYvsUYlN\/LikXUQAi+Vdw1WL7Gr\/aBYqRABkoQAAAABQZIklAAAAAFGJTfCLTfDoiScDAMdF\/AAAAACLRfDHAChfRACLTfCBwdAAAADobEsDAMZF"}
00414{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"exe_download.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1569434051,"pkt_ts_usec":630369,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"pkt":"IOUqtpPxAAgCHEeuCABFAAAoALhAAIAGAIwKCRllkFtFw8ANAFC+hvi4Pu\/98VAQ+vAG2QAA"}
-00498{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_tot_l4_data_len":693561,"flow_min_l4_data_len":20,"flow_max_l4_data_len":1480,"flow_avg_l4_data_len":986,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
+00509{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00133{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test"}
Powered by cgit, Themed by Ted Yin.