Improved flown analyse event:

* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
commit: 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree: 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/dropbox.pcap.out
parent: 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
1 files changed, 24 insertions, 16 deletions
diff --git a/test/results/flow-info/dropbox.pcap.out b/test/results/flow-info/dropbox.pcap.out
index 11d4b8f6e..b96ade025 100644
--- a/test/results/flow-info/dropbox.pcap.out
+++ b/test/results/flow-info/dropbox.pcap.out
@@ -6,37 +6,45 @@
               new: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] 
          detected: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
           analyse: [.....1] [ip4][..udp] [...192.168.56.1][50311] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.002|   0.118|   0.106|   0.019]
-                   [IAT(c->s)...:    0.104|   0.118|   0.110|   0.003][IAT(s->c)...:    0.002|   0.116|   0.103|   0.026]
-                   [PKTLEN(c->s):  136.000| 143.000| 138.100|   2.100][PKTLEN(s->c):   59.000|  66.000|  61.100|   2.100]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.002|    0.118|    0.106|    0.019|  373.406|    0.000]
+                   [PKTLEN......:    59.000|  143.000|   99.600|   38.600| 1486.700|    4.900]
                    [BINS(c->s)..: 0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
+                   [IATS........: 1824,103882,104036,108951,108450,105413,105949,113800,113717,106838,107131,109410,109028,108906,115953,117757,112312,110612,110806,109887,107946,108022,108009,113116,114023,110812,110429,107359,111248,109470,105114,0]
+                   [PKTLENS.....: 138,61,137,60,136,59,143,66,139,62,136,59,138,61,138,61,140,63,137,60,138,61,137,60,137,60,137,60,143,66,136,59]
               new: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] 
          detected: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
           analyse: [.....2] [ip4][..udp] [...192.168.56.1][50318] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.002|   0.128|   0.112|   0.021]
-                   [IAT(c->s)...:    0.106|   0.128|   0.115|   0.006][IAT(s->c)...:    0.002|   0.126|   0.108|   0.028]
-                   [PKTLEN(c->s):  137.000| 142.000| 139.000|   1.800][PKTLEN(s->c):   60.000|  65.000|  62.000|   1.800]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.002|    0.128|    0.112|    0.021|  434.412|    0.000]
+                   [PKTLEN......:    60.000|  142.000|  100.500|   38.500| 1485.600|    4.900]
                    [BINS(c->s)..: 0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
+                   [IATS........: 2441,112948,114313,107773,108080,108005,107995,109511,111427,119112,118338,116979,117004,127663,125063,114041,112993,120228,120931,111475,111310,105608,107791,113820,112048,122618,125498,112978,109966,123530,125708,0]
+                   [PKTLENS.....: 137,60,141,64,140,63,142,65,137,60,139,62,140,63,139,62,137,60,138,61,142,65,140,63,137,60,137,60,137,60,141,64]
               new: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] 
          detected: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
           analyse: [.....3] [ip4][..udp] [...192.168.56.1][50312] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.001|   0.131|   0.117|   0.022]
-                   [IAT(c->s)...:    0.105|   0.131|   0.121|   0.008][IAT(s->c)...:    0.001|   0.131|   0.113|   0.030]
-                   [PKTLEN(c->s):  137.000| 143.000| 139.800|   1.800][PKTLEN(s->c):   60.000|  66.000|  62.800|   1.800]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.001|    0.131|    0.117|    0.022|  500.202|    0.000]
+                   [PKTLEN......:    60.000|  143.000|  101.200|   38.500| 1485.300|    4.900]
                    [BINS(c->s)..: 0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
+                   [IATS........: 1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537,0]
+                   [PKTLENS.....: 139,62,143,66,139,62,140,63,140,63,137,60,137,60,137,60,142,65,140,63,141,64,139,62,139,62,142,65,141,64,140,63]
           analyse: [.....4] [ip4][..udp] [...192.168.56.1][50319] -> [.192.168.56.101][17500] [Dropbox][Cloud][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.005|   0.172|   0.127|   0.026]
-                   [IAT(c->s)...:    0.107|   0.172|   0.131|   0.015][IAT(s->c)...:    0.005|   0.165|   0.123|   0.033]
-                   [PKTLEN(c->s):  136.000| 143.000| 139.600|   2.200][PKTLEN(s->c):   59.000|  66.000|  62.600|   2.200]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.005|    0.172|    0.127|    0.026|  689.813|    0.000]
+                   [PKTLEN......:    59.000|  143.000|  101.100|   38.600| 1487.100|    4.900]
                    [BINS(c->s)..: 0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
+                   [IATS........: 5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564,0]
+                   [PKTLENS.....: 141,64,142,65,137,60,137,60,140,63,137,60,136,59,141,64,139,62,143,66,140,63,138,61,139,62,143,66,138,61,142,65]
      DAEMON-EVENT: [Processed: 800 pkts][ZLib][compressions: 0|diff: 0 / 0]
      DAEMON-EVENT: [Flows][active: 4 / 4|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0]
               new: [.....5] [ip4][..udp] [..192.168.1.105][55407] -> [..192.168.1.254][...53]
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
commit	9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree	73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/dropbox.pcap.out
parent	28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)