Added nDPIsrvd-analysed to generate CSV files from analyse events.

* nDPIsrvd.h: iterate over JSON arrays * nDPId: calculate l3 payload packet entropies for analysis Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-30 18:42:10 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-30 19:28:49 +0200
commit: 14f6b87551c1d03837f25755abbc8eb71d958e3e (patch)
tree: 6b7f1a3e481f61e726486c8d255b14e0d9e83f12 /test/results/flow-info/netbios.pcap.out
parent: 74f71643da536c6798d077dc1d9b13d56a9afc5d (diff)
1 files changed, 10 insertions, 8 deletions
diff --git a/test/results/flow-info/netbios.pcap.out b/test/results/flow-info/netbios.pcap.out
index a2837b091..d5322fa90 100644
--- a/test/results/flow-info/netbios.pcap.out
+++ b/test/results/flow-info/netbios.pcap.out
@@ -10,14 +10,15 @@
                    RISK: Unsafe Protocol
               new: [.....4] [ip4][..tcp] [......10.0.4.24][..139] -> [.....10.0.4.131][.1398] [MIDSTREAM] 
           analyse: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable]
-                                        min|      max|      avg|   stddev| variance|  entropy
-                   [IAT.........:     0.014|    0.750|    0.325|    0.215|46083.158|    0.000]
-                   [PKTLEN......:    92.000|   92.000|   92.000|    0.000|    0.000|    5.000]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.014|    0.750|    0.325|    0.215|      46083.158|   4.600]
+                   [PKTLEN......:    78.000|   78.000|   78.000|    0.000|          0.000|   5.000]
                    [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [IATS(ms)....: 471.3,14.0,264.7,470.8,80.2,113.8,555.8,80.0,113.3,146.8,489.8,113.3,146.4,750.0,33.7,749.5,308.6,441.4,307.6,628.9,121.0,628.9,471.0,279.0,470.7,458.5,291.5,334.2,123.8,93.1,532.9]
-                   [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92]
+                   [PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78]
+                   [ENTROPIES...: 4.1,4.1,4.2,4.1,4.1,4.1,4.1,4.1,4.2,4.2,4.2,4.2,4.2,4.2,4.2,4.1,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.1,4.2,4.2,4.2,4.1,4.2,4.2,4.2]
               new: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] 
          detected: [.....5] [ip4][..udp] [......10.0.1.87][57836] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable]
               new: [.....6] [ip4][..udp] [.....10.0.4.101][..137] -> [.....10.0.5.255][..137] 
@@ -40,14 +41,15 @@
               new: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] 
          detected: [....14] [ip4][..udp] [......10.0.4.14][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable]
           analyse: [.....2] [ip4][..udp] [.....10.0.5.233][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable]
-                                        min|      max|      avg|   stddev| variance|  entropy
-                   [IAT.........:     0.749|    1.516|    0.995|    0.356|126784.610|    0.000]
-                   [PKTLEN......:    92.000|   92.000|   92.000|    0.000|    0.000|    5.000]
+                                        min|      max|      avg|   stddev|       variance| entropy
+                   [IAT.........:     0.749|    1.516|    0.995|    0.356|     126784.610|   4.900]
+                   [PKTLEN......:    78.000|   78.000|   78.000|    0.000|          0.000|   5.000]
                    [BINS(c->s)..: 0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [IATS(ms)....: 749.4,750.1,1510.9,749.4,750.1,1512.1,749.1,750.1,1513.7,749.6,750.2,1509.2,749.9,750.1,1511.1,749.1,750.1,1516.0,749.2,750.1,1508.0,749.3,750.1,1513.5,749.8,750.0,1513.1,749.2,750.1,1506.9,749.4]
-                   [PKTLENS.....: 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92]
+                   [PKTLENS.....: 78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78]
+                   [ENTROPIES...: 3.9,3.9,3.9,3.9,3.8,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.9,3.8,3.9]
               new: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] 
          detected: [....15] [ip4][..udp] [......10.0.1.87][57921] -> [......10.0.4.24][..137] [NetBIOS][System][Acceptable]
            update: [.....1] [ip4][..udp] [.....10.0.4.131][..137] -> [.....10.0.5.255][..137] [NetBIOS][System][Acceptable]
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-30 18:42:10 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-30 19:28:49 +0200
commit	14f6b87551c1d03837f25755abbc8eb71d958e3e (patch)
tree	6b7f1a3e481f61e726486c8d255b14e0d9e83f12 /test/results/flow-info/netbios.pcap.out
parent	74f71643da536c6798d077dc1d9b13d56a9afc5d (diff)