Improved flown analyse event:

* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
commit: 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree: 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/KakaoTalk_talk.pcap.out
parent: 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
1 files changed, 24 insertions, 16 deletions
diff --git a/test/results/flow-info/KakaoTalk_talk.pcap.out b/test/results/flow-info/KakaoTalk_talk.pcap.out
index 49f336b08..796393a8e 100644
--- a/test/results/flow-info/KakaoTalk_talk.pcap.out
+++ b/test/results/flow-info/KakaoTalk_talk.pcap.out
@@ -33,37 +33,45 @@
               new: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] 
          detected: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable]
           analyse: [....12] [ip4][..udp] [...10.24.82.188][11320] -> [....1.201.1.174][23044] [RTP][Media][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.000|   0.389|   0.067|   0.073]
-                   [IAT(c->s)...:    0.000|   0.104|   0.052|   0.049][IAT(s->c)...:    0.016|   0.389|   0.090|   0.095]
-                   [PKTLEN(c->s):   99.000| 100.000|  99.100|   0.200][PKTLEN(s->c):   99.000| 192.000| 110.100|  25.800]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.000|    0.389|    0.067|    0.073| 5302.569|    0.000]
+                   [PKTLEN......:    99.000|  192.000|  103.200|   16.700|  278.800|    5.000]
                    [BINS(c->s)..: 0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1]
+                   [IATS........: 2106,92,91278,244,98327,122,103547,389008,99365,152,41687,34149,94086,1190,99945,98542,31952,72327,100128,1037,27862,87799,99732,30,76142,16052,99243,84228,99884,1099,113099,0]
+                   [PKTLENS.....: 100,99,99,99,99,99,99,99,123,99,99,192,115,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99]
           analyse: [....13] [ip4][..udp] [...10.24.82.188][10268] -> [....1.201.1.174][23046] [RTP][Media][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.004|   0.144|   0.063|   0.038]
-                   [IAT(c->s)...:    0.032|   0.102|   0.057|   0.022][IAT(s->c)...:    0.004|   0.144|   0.071|   0.050]
-                   [PKTLEN(c->s):   99.000| 192.000| 112.400|  26.300][PKTLEN(s->c):   99.000|  99.000|  99.000|   0.000]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.004|    0.144|    0.063|    0.038| 1440.325|    0.000]
+                   [PKTLEN......:    99.000|  192.000|  106.600|   20.800|  434.500|    5.000]
                    [BINS(c->s)..: 0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,1,0,0,0,1]
+                   [IATS........: 36072,39245,140350,102021,35217,98114,7904,55847,41962,93445,6775,89905,91767,48217,40192,100067,12024,81512,89386,6988,84107,40741,87677,54901,38818,107880,4181,87555,68482,32257,143921,0]
+                   [PKTLENS.....: 123,192,115,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,99,166,141,99]
               new: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [MIDSTREAM] 
          detected: [....14] [ip4][..tcp] [...10.24.82.188][49217] -> [.216.58.220.174][..443] [TLS.Google][Web][Acceptable]
               new: [....15] [ip4][..tcp] [..173.252.122.1][..443] -> [...10.24.82.188][52123] [MIDSTREAM] 
               new: [....16] [ip4][..tcp] [...10.24.82.188][53974] -> [203.205.151.233][.8080] [MIDSTREAM] 
           analyse: [.....6] [ip4][..tcp] [...10.24.82.188][32968] -> [..110.76.143.50][.8080] [TLS.KakaoTalk][Chat][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.002|  20.337|   1.801|   4.155]
-                   [IAT(c->s)...:    0.002|  20.337|   2.259|   5.063][IAT(s->c)...:    0.005|   8.676|   1.245|   2.556]
-                   [PKTLEN(c->s):   68.000| 814.000| 204.700| 177.400][PKTLEN(s->c):   68.000| 920.000| 288.900| 276.500]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.002|   20.337|    1.801|    4.155|17264411.673|    0.000]
+                   [PKTLEN......:    68.000|  920.000|  241.500|  230.000|52885.800|    4.500]
                    [BINS(c->s)..: 8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0]
+                   [IATS........: 141571,151855,11750,244934,5676,231720,5279,268921,267944,260468,295685,6066894,6069489,2289,183686,177368,76049,36560,148072,8359650,8675995,4516,469818,147369,147094,2564,694885,724152,479767,20336762,1138366,0]
+                   [PKTLENS.....: 76,76,68,210,68,920,68,394,302,814,574,68,782,68,238,366,68,68,238,68,254,68,238,68,366,68,238,238,68,80,254,254]
           analyse: [.....8] [ip4][..tcp] [...10.24.82.188][58857] -> [..110.76.143.50][.9001] [TLS.KakaoTalk][Chat][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.000|  21.237|   2.444|   5.342]
-                   [IAT(c->s)...:    0.000|  20.472|   2.198|   5.070][IAT(s->c)...:    0.000|  21.237|   2.744|   5.641]
-                   [PKTLEN(c->s):   68.000| 862.000| 226.300| 229.600][PKTLEN(s->c):   68.000| 920.000| 319.400| 299.200]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.000|   21.237|    2.444|    5.342|28541506.814|    0.000]
+                   [PKTLEN......:    68.000|  920.000|  267.100|  266.400|70953.500|    4.400]
                    [BINS(c->s)..: 9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1]
+                   [IATS........: 148041,148315,14374,196289,3692,185608,22217,228394,215698,291656,316833,4536377,4872620,301514,147949,147858,122284,336243,8596588,8810699,73731,557586,700867,602508,20472016,917846,21237091,519257,336,183,1054260,0]
+                   [PKTLENS.....: 76,76,68,210,68,920,68,394,302,766,734,68,862,846,68,366,68,238,68,366,68,238,238,68,80,254,254,430,68,68,68,80]
               new: [....17] [ip4][..tcp] [173.194.117.229][..443] -> [...10.24.82.188][38380] [MIDSTREAM] 
               new: [....18] [ip4][..tcp] [.173.252.88.128][..443] -> [...10.24.82.188][59912] [MIDSTREAM] 
               new: [....19] [ip4][..tcp] [...10.24.82.188][59954] -> [.173.252.88.128][..443]
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
commit	9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree	73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/KakaoTalk_talk.pcap.out
parent	28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)