diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-22 19:07:08 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-22 19:07:08 +0200 |
| commit | 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch) | |
| tree | 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/pps.pcap.out | |
| parent | 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff) | |
Improved flown analyse event:
* store packet directions
* merged direction based IATs
* merged direction based PKTLENs
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/pps.pcap.out')
| -rw-r--r-- | test/results/flow-info/pps.pcap.out | 80 |
1 files changed, 48 insertions, 32 deletions
diff --git a/test/results/flow-info/pps.pcap.out b/test/results/flow-info/pps.pcap.out index 5180733f9..dffbdd8cc 100644 --- a/test/results/flow-info/pps.pcap.out +++ b/test/results/flow-info/pps.pcap.out @@ -9,39 +9,47 @@ new: [.....6] [ip4][..udp] [..192.168.115.8][22793] -> [.111.249.53.196][32443] new: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] analyse: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.014| 0.003| 0.004] - [IAT(c->s)...: 0.001| 0.014| 0.004| 0.004][IAT(s->c)...: 0.000| 0.013| 0.002| 0.004] - [PKTLEN(c->s): 1107.000|1107.000|1107.000| 0.000][PKTLEN(s->c): 79.000| 79.000| 79.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.014| 0.003| 0.004| 16.289| 0.000] + [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,0,0,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1] + [IATS........: 306,331,2951,1986,4674,337,125,2,561,612,2012,866,221,1880,1060,119,11920,11824,91,13556,13473,115,2750,2611,216,1278,998,122,1608,1850,320,0] + [PKTLENS.....: 1107,79,79,1107,1107,79,79,79,79,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79] not-detected: [.....1] [ip4][..udp] [....1.173.5.226][22636] -> [..192.168.115.8][22793] [Unknown][Unrated] analyse: [.....3] [ip4][..udp] [..192.168.115.8][22793] -> [...114.42.0.158][.7716] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.013| 0.002| 0.004] - [IAT(c->s)...: 0.000| 0.013| 0.002| 0.003][IAT(s->c)...: 0.001| 0.013| 0.004| 0.004] - [PKTLEN(c->s): 79.000| 79.000| 79.000| 0.000][PKTLEN(s->c): 1107.000|1107.000|1107.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.013| 0.002| 0.004| 13.731| 0.000] + [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] [BINS(c->s)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0] + [IATS........: 314,12554,12553,190,1137,940,141,1586,1472,244,2060,1844,332,694,598,286,1704,1051,140,3586,5819,415,11908,9064,111,1248,1392,110,1452,1075,107,0] + [PKTLENS.....: 79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79] not-detected: [.....3] [ip4][..udp] [..192.168.115.8][22793] -> [...114.42.0.158][.7716] [Unknown][Unrated] new: [.....8] [ip4][..udp] [.183.228.182.44][13913] -> [..192.168.115.8][22793] analyse: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.027| 0.009| 0.008] - [IAT(c->s)...: 0.005| 0.027| 0.015| 0.007][IAT(s->c)...: 0.000| 0.024| 0.006| 0.007] - [PKTLEN(c->s): 1107.000|1107.000|1107.000| 0.000][PKTLEN(s->c): 79.000| 79.000| 79.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.027| 0.009| 0.008| 71.240| 0.000] + [PKTLEN......: 79.000| 1107.000| 400.200| 476.500|227043.400| 4.000] [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,1,0,1,1,0] + [IATS........: 354,233,4927,176,24291,18871,121,5388,6873,160,19127,17570,126,13829,13759,135,13082,15439,116,26979,24414,172,9012,10973,385,1993,887,14115,8282,98,12123,0] + [PKTLENS.....: 1107,79,79,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107] not-detected: [.....2] [ip4][..udp] [..118.171.15.56][.5544] -> [..192.168.115.8][22793] [Unknown][Unrated] new: [.....9] [ip4][..tcp] [..192.168.115.8][50462] -> [.202.108.14.236][...80] [MIDSTREAM] new: [....10] [ip4][..tcp] [...192.168.5.15][65125] -> [.68.233.253.133][...80] [MIDSTREAM] analyse: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.070| 0.024| 0.021] - [IAT(c->s)...: 0.000| 0.046| 0.016| 0.017][IAT(s->c)...: 0.030| 0.070| 0.046| 0.016] - [PKTLEN(c->s): 79.000| 79.000| 79.000| 0.000][PKTLEN(s->c): 1107.000|1107.000|1107.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.070| 0.024| 0.021| 457.568| 0.000] + [PKTLEN......: 79.000| 1107.000| 336.000| 445.100|198147.000| 4.000] [BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0] + [IATS........: 416,29926,29688,118,32027,32808,298,45715,281,69635,23035,67,41991,41569,116,35956,327,59526,23042,142,31796,32196,302,44442,309,68337,22748,167,30877,30767,160,0] + [PKTLENS.....: 79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79] not-detected: [.....7] [ip4][..udp] [..192.168.115.8][22793] -> [219.228.107.156][.1250] [Unknown][Unrated] new: [....11] [ip4][..udp] [..192.168.115.8][22793] -> [..218.61.39.103][17788] new: [....12] [ip4][..udp] [..192.168.115.8][22793] -> [...210.44.171.1][29702] @@ -70,12 +78,14 @@ new: [....35] [ip4][..udp] [..192.168.115.8][22793] -> [119.188.133.182][17788] new: [....36] [ip4][..udp] [..192.168.115.8][22793] -> [.183.61.167.104][17788] analyse: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.108| 0.029| 0.031] - [IAT(c->s)...: 0.000| 0.079| 0.019| 0.025][IAT(s->c)...: 0.018| 0.108| 0.058| 0.027] - [PKTLEN(c->s): 79.000| 79.000| 79.000| 0.000][PKTLEN(s->c): 61.000|1107.000| 976.200| 345.900] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.108| 0.029| 0.031| 941.853| 0.000] + [PKTLEN......: 61.000| 1107.000| 303.300| 425.300|180865.500| 3.900] [BINS(c->s)..: 0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1] + [IATS........: 939,52844,52258,255,55452,67,77746,21970,217,78270,79276,484,437,117,46524,44383,93,18436,18537,325,35971,83,108044,71536,720,28274,507,45891,16142,358,33466,0] + [PKTLENS.....: 79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,1107,79,79,79,79,1107,79,79,79,79,1107,79,79,61] not-detected: [.....4] [ip4][..udp] [..192.168.115.8][22793] -> [.222.197.138.12][.6956] [Unknown][Unrated] new: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [MIDSTREAM] detected: [....37] [ip4][..tcp] [..192.168.115.8][50463] -> [.101.227.200.11][...80] [HTTP.PPStream][Streaming][Fun] @@ -209,12 +219,14 @@ new: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [MIDSTREAM] detected: [....82] [ip4][..tcp] [..192.168.115.8][50504] -> [.202.108.14.236][...80] [HTTP][Streaming][Acceptable] analyse: [....81] [ip4][..tcp] [..192.168.115.8][50505] -> [..223.26.106.19][...80] [HTTP][Web][Acceptable] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.036| 0.003| 0.009] - [IAT(c->s)...: 0.035| 0.035| 0.035| 0.000][IAT(s->c)...: 0.000| 0.036| 0.002| 0.007] - [PKTLEN(c->s): 198.000| 202.000| 200.000| 2.000][PKTLEN(s->c): 566.000|1314.000|1289.100| 134.300] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.036| 0.003| 0.009| 84.840| 0.000] + [PKTLEN......: 198.000| 1314.000| 1221.000| 293.900|86398.000| 4.900] [BINS(c->s)..: 0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS........: 2901,35025,35765,2,54,1038,2,1,1,1,1,1,4098,1,1,1,1,557,2,1,1,4317,82,1,1,1,1,0,0,0,0,0] + [PKTLENS.....: 198,566,202,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] new: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] detected: [....83] [ip4][..udp] [...192.168.5.38][.1900] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [....84] [ip4][..udp] [...192.168.5.41][50374] -> [239.255.255.250][.1900] @@ -256,12 +268,14 @@ new: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] analyse: [...102] [ip4][..tcp] [..192.168.115.8][50778] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.061| 0.005| 0.014] - [IAT(c->s)...: 0.000| 0.000| 0.000| 0.000][IAT(s->c)...: 0.000| 0.061| 0.005| 0.014] - [PKTLEN(c->s): 303.000| 303.000| 303.000| 0.000][PKTLEN(s->c): 1314.000|1314.000|1314.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.061| 0.005| 0.014| 183.828| 0.000] + [PKTLEN......: 303.000| 1314.000| 1282.400| 175.900|30943.100| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS........: 61439,3,3,1,1,30336,2,1,1,25868,1,484,2,1,1,574,2,3519,3,772,1,1,1,1,1,2191,0,0,0,0,0,0] + [PKTLENS.....: 303,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] new: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] detected: [...103] [ip4][..udp] [..192.168.115.1][50945] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [...104] [ip4][..tcp] [..192.168.115.8][50779] -> [..111.206.22.77][...80] [MIDSTREAM] @@ -269,12 +283,14 @@ new: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] analyse: [...105] [ip4][..tcp] [..192.168.115.8][50780] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.063| 0.006| 0.016] - [IAT(c->s)...: 0.000| 0.000| 0.000| 0.000][IAT(s->c)...: 0.000| 0.063| 0.006| 0.016] - [PKTLEN(c->s): 303.000| 303.000| 303.000| 0.000][PKTLEN(s->c): 1314.000|1314.000|1314.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.063| 0.006| 0.016| 268.635| 0.000] + [PKTLEN......: 303.000| 1314.000| 1282.400| 175.900|30943.100| 5.000] [BINS(c->s)..: 0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1] + [IATS........: 62853,7,1,1,1,1,28633,3,1,57886,1,1,29,1,1,276,1,311,1,3236,49,2,773,2,1,1,2,0,0,0,0,0] + [PKTLENS.....: 303,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314,1314] update: [....55] [ip4][..udp] [...192.168.5.57][59648] -> [239.255.255.250][.1900] [SSDP][System][Acceptable] new: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [MIDSTREAM] detected: [...106] [ip4][..tcp] [..192.168.115.8][50781] -> [..223.26.106.20][...80] [HTTP.PPStream][Streaming][Fun] |