diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-30 18:42:10 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-30 19:28:49 +0200 |
| commit | 14f6b87551c1d03837f25755abbc8eb71d958e3e (patch) | |
| tree | 6b7f1a3e481f61e726486c8d255b14e0d9e83f12 /test/results/flow-info/jabber.pcap.out | |
| parent | 74f71643da536c6798d077dc1d9b13d56a9afc5d (diff) | |
Added nDPIsrvd-analysed to generate CSV files from analyse events.
* nDPIsrvd.h: iterate over JSON arrays
* nDPId: calculate l3 payload packet entropies for analysis
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/jabber.pcap.out')
| -rw-r--r-- | test/results/flow-info/jabber.pcap.out | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/test/results/flow-info/jabber.pcap.out b/test/results/flow-info/jabber.pcap.out index d92f7fb7b..9990f0c23 100644 --- a/test/results/flow-info/jabber.pcap.out +++ b/test/results/flow-info/jabber.pcap.out @@ -4,25 +4,27 @@ new: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] detected: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] analyse: [.....1] [ip4][..tcp] [....172.16.0.62][57094] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.338| 0.039| 0.084| 7085.730| 0.000] - [PKTLEN......: 66.000| 445.000| 142.100| 104.500|10930.100| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.338| 0.039| 0.084| 7085.730| 3.000] + [PKTLEN......: 52.000| 431.000| 128.100| 104.500| 10930.100| 4.600] [BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0] [IATS(ms)....: 0.4,0.5,0.4,0.8,0.4,0.4,12.4,12.8,2.4,2.4,0.3,2.0,1.6,0.2,40.8,37.0,77.5,0.2,0.6,337.3,337.7,0.4,0.8,51.1,51.5,6.4,6.4,0.3,0.8,109.1,109.6] - [PKTLENS.....: 78,74,66,88,66,182,66,245,66,351,66,228,226,66,404,66,186,66,118,66,117,66,182,66,245,66,445,66,189,66,198,66] + [PKTLENS.....: 64,60,52,74,52,168,52,231,52,337,52,214,212,52,390,52,172,52,104,52,103,52,168,52,231,52,431,52,175,52,184,52] + [ENTROPIES...: 4.2,5.0,4.9,5.5,4.9,5.4,4.9,5.6,4.7,5.4,4.7,5.6,6.1,4.7,6.1,4.9,5.9,4.9,5.4,4.8,5.5,4.8,5.4,4.8,5.6,4.6,5.4,4.8,5.5,4.8,5.6,4.8] new: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] detected: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] analyse: [.....2] [ip4][..tcp] [....172.16.0.62][57122] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 0.337| 0.038| 0.085| 7210.629| 0.000] - [PKTLEN......: 66.000| 445.000| 142.000| 104.500|10917.300| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 0.337| 0.038| 0.085| 7210.629| 2.800] + [PKTLEN......: 52.000| 431.000| 128.000| 104.500| 10917.300| 4.600] [BINS(c->s)..: 11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0] [IATS(ms)....: 0.7,0.7,0.1,0.5,0.4,0.3,0.2,0.5,0.1,0.1,0.2,1.4,1.3,0.2,39.8,41.0,80.7,0.2,0.6,336.4,336.8,0.3,0.8,51.2,51.7,0.1,0.1,0.3,0.8,115.1,115.6] - [PKTLENS.....: 78,74,66,88,66,182,66,243,66,351,66,228,226,66,404,66,186,66,118,66,117,66,182,66,245,66,445,66,189,66,198,66] + [PKTLENS.....: 64,60,52,74,52,168,52,229,52,337,52,214,212,52,390,52,172,52,104,52,103,52,168,52,231,52,431,52,175,52,184,52] + [ENTROPIES...: 4.3,5.1,4.8,5.4,4.9,5.4,4.8,5.6,4.7,5.4,4.8,5.6,6.1,4.8,6.1,4.9,6.0,4.7,5.4,4.8,5.4,4.6,5.4,4.9,5.6,4.8,5.4,4.7,5.4,4.8,5.5,4.7] new: [.....3] [ip4][..tcp] [....172.16.0.62][57126] -> [...172.16.1.138][.5222] [MIDSTREAM] detected: [.....3] [ip4][..tcp] [....172.16.0.62][57126] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] new: [.....4] [ip4][..tcp] [....172.16.0.62][57129] -> [...172.16.1.138][.5222] [MIDSTREAM] @@ -38,14 +40,15 @@ DAEMON-EVENT: [Processed: 243 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] analyse: [.....6] [ip4][..tcp] [....172.16.0.62][57149] -> [...172.16.1.138][.5222] [Jabber][Web][Acceptable] - min| max| avg| stddev| variance| entropy - [IAT.........: 0.000| 600.488| 42.007| 147.105|21639823353.709| 0.000] - [PKTLEN......: 66.000| 529.000| 164.800| 117.900|13893.800| 4.700] + min| max| avg| stddev| variance| entropy + [IAT.........: 0.000| 600.488| 42.007| 147.105|21639823353.709| 1.400] + [PKTLEN......: 52.000| 515.000| 150.800| 117.900| 13893.800| 4.600] [BINS(c->s)..: 9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [DIRECTIONS..: 0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1] [IATS(ms)....: 5.0,0.0,5.1,0.0,217.0,218.0,1.0,3684.5,3688.3,3.9,600484.2,600487.8,0.0,3.6,0.0,1.1,1.1,7.8,47.5,39.7,0.4,63.0,63.4,0.3,0.5,0.2,0.1,0.0,0.1,46584.0,46624.0] - [PKTLENS.....: 305,474,186,66,66,248,529,66,248,193,66,216,270,172,120,66,286,66,114,66,114,66,288,66,114,167,66,66,171,66,201,66] + [PKTLENS.....: 291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52] + [ENTROPIES...: 5.6,5.5,5.5,4.9,4.9,5.5,5.3,4.9,5.5,5.5,4.9,5.5,5.6,5.5,5.5,4.7,5.6,4.8,5.5,4.9,5.4,4.9,5.6,4.6,5.4,5.5,4.7,4.8,5.7,4.6,5.4,4.9] DAEMON-EVENT: [Processed: 270 pkts][ZLib][compressions: 0|diff: 0 / 0] DAEMON-EVENT: [Flows][active: 4 / 6|skipped: 0|!detected: 0|guessed: 0|detection-updates: 0|updates: 0] new: [.....7] [ip4][..tcp] [...192.168.58.1][53460] -> [.192.168.58.153][.5222] |