Improved flown analyse event:

* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
commit: 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree: 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/nfsv3.pcap.out
parent: 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/test/results/flow-info/nfsv3.pcap.out b/test/results/flow-info/nfsv3.pcap.out
index 7dbeac35f..0d51ae8c6 100644
--- a/test/results/flow-info/nfsv3.pcap.out
+++ b/test/results/flow-info/nfsv3.pcap.out
@@ -18,12 +18,14 @@
               new: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] 
          detected: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable]
           analyse: [.....6] [ip4][..udp] [....139.25.22.2][.1022] -> [..139.25.22.102][.2049] [NFS][DataTransfer][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.010|   0.050|   0.017|   0.015]
-                   [IAT(c->s)...:    0.010|   0.050|   0.017|   0.015][IAT(s->c)...:    0.010|   0.050|   0.017|   0.015]
-                   [PKTLEN(c->s):  170.000| 226.000| 183.000|  17.600][PKTLEN(s->c):   74.000| 314.000| 169.800|  87.400]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.010|    0.050|    0.017|    0.015|  222.222|    0.000]
+                   [PKTLEN......:    74.000|  314.000|  176.400|   63.400| 4021.900|    4.900]
                    [BINS(c->s)..: 0,0,0,0,13,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 0,6,0,2,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1]
+                   [IATS........: 10000,10000,50000,50000,10000,10000,10000,10000,10000,10000,10000,10000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [PKTLENS.....: 170,154,170,206,170,210,170,182,178,74,178,74,226,314,170,154,206,186,178,74,178,74,178,282,178,74,222,302,178,282,178,74]
               new: [.....7] [ip4][..udp] [....139.25.22.2][.3299] -> [..139.25.22.102][..111] 
          detected: [.....7] [ip4][..udp] [....139.25.22.2][.3299] -> [..139.25.22.102][..111] [NFS][DataTransfer][Acceptable]
                    RISK: Known Proto on Non Std Port
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
commit	9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree	73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/nfsv3.pcap.out
parent	28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)