Improved flown analyse event:

* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
commit: 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree: 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/quickplay.pcap.out
parent: 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/test/results/flow-info/quickplay.pcap.out b/test/results/flow-info/quickplay.pcap.out
index fcdf76245..bee258994 100644
--- a/test/results/flow-info/quickplay.pcap.out
+++ b/test/results/flow-info/quickplay.pcap.out
@@ -34,12 +34,14 @@
          detected: [....14] [ip4][..tcp] [..10.54.169.250][42762] -> [203.205.129.101][...80] [HTTP_Proxy.QQ][Chat][Fun]
                    RISK: Known Proto on Non Std Port
           analyse: [....11] [ip4][..tcp] [..10.54.169.250][52009] -> [...120.28.35.40][...80] [HTTP][Streaming][Acceptable]
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.183|   5.871|   2.460|   1.331]
-                   [IAT(c->s)...:    0.183|   5.871|   2.249|   1.405][IAT(s->c)...:    0.646|   5.777|   2.715|   1.186]
-                   [PKTLEN(c->s):  500.000| 587.000| 520.400|  34.800][PKTLEN(s->c):   76.000|1456.000| 831.100| 469.800]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.183|    5.871|    2.460|    1.331|1772261.736|    0.000]
+                   [PKTLEN......:    76.000| 1456.000|  656.400|  347.900|121006.600|    4.800]
                    [BINS(c->s)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,13,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,1,2,0,0,0,0,0,2,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0]
+                   [IATS........: 2337891,2470825,5776550,5871155,324615,2084534,1689148,182557,2170257,2013275,645600,519622,2223724,2353455,480927,4401947,3911834,3909668,3936554,2356476,2338349,2619995,2626526,2264068,2270477,2391541,2349518,2604523,2641967,2224884,2252137,0]
+                   [PKTLENS.....: 500,1456,500,240,585,502,1248,585,502,854,587,76,504,1268,585,502,158,502,658,502,1124,502,1208,502,348,502,1456,502,962,502,580,502]
               new: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [MIDSTREAM] 
          detected: [....15] [ip4][..tcp] [..10.54.169.250][35670] -> [203.205.147.215][...80] [HTTP_Proxy.QQ][Chat][Fun]
                    RISK: Known Proto on Non Std Port
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
commit	9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree	73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/quickplay.pcap.out
parent	28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)