Added nDPIsrvd-analysed to generate CSV files from analyse events.

* nDPIsrvd.h: iterate over JSON arrays * nDPId: calculate l3 payload packet entropies for analysis Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-30 18:42:10 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-30 19:28:49 +0200
commit: 14f6b87551c1d03837f25755abbc8eb71d958e3e (patch)
tree: 6b7f1a3e481f61e726486c8d255b14e0d9e83f12 /test/results/flow-info/imap.pcap.out
parent: 74f71643da536c6798d077dc1d9b13d56a9afc5d (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/test/results/flow-info/imap.pcap.out b/test/results/flow-info/imap.pcap.out
index 1e029c299..ce031bfd9 100644
--- a/test/results/flow-info/imap.pcap.out
+++ b/test/results/flow-info/imap.pcap.out
@@ -5,14 +5,15 @@
          detected: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe]
                    RISK: Unsafe Protocol
           analyse: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe]
-                                        min|      max|      avg|   stddev| variance|  entropy
-                   [IAT.........:     0.000|    4.331|    0.295|    1.060|1123749.069|    0.000]
-                   [PKTLEN......:    66.000|  762.000|  115.900|  125.900|15857.500|    4.600]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.000|    4.331|    0.295|    1.060|    1123749.069|   1.400]
+                   [PKTLEN......:    52.000|  748.000|  101.900|  125.900|      15857.500|   4.400]
                    [BINS(c->s)..: 18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [DIRECTIONS..: 0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1]
                    [IATS(ms)....: 0.1,0.1,12.9,12.9,0.2,0.4,36.9,36.8,0.1,4330.0,4331.4,1.4,16.8,17.3,39.9,39.5,0.1,0.2,0.6,39.7,39.4,0.1,0.9,1.3,39.0,38.7,0.1,0.1,10.8,47.8,37.2]
-                   [PKTLENS.....: 74,74,66,108,66,85,131,66,98,66,92,93,66,86,87,66,123,66,86,87,66,123,66,87,78,66,325,66,139,178,66,762]
+                   [PKTLENS.....: 60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748]
+                   [ENTROPIES...: 4.5,5.0,4.9,5.5,4.9,5.2,5.6,4.8,5.5,4.9,5.4,5.5,5.0,5.2,5.3,4.9,5.6,4.9,5.2,5.3,5.0,5.6,5.0,5.4,5.2,5.0,5.6,4.9,5.6,5.8,4.9,5.5]
              idle: [.....1] [ip4][..tcp] [......10.40.4.2][46045] -> [......10.40.3.2][..143] [IMAP][Email][Unsafe]
                    RISK: Unsafe Protocol
      DAEMON-EVENT: shutdown
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-30 18:42:10 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-30 19:28:49 +0200
commit	14f6b87551c1d03837f25755abbc8eb71d958e3e (patch)
tree	6b7f1a3e481f61e726486c8d255b14e0d9e83f12 /test/results/flow-info/imap.pcap.out
parent	74f71643da536c6798d077dc1d9b13d56a9afc5d (diff)