diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-22 19:07:08 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-22 19:07:08 +0200 |
| commit | 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch) | |
| tree | 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/flow-info/telnet.pcap.out | |
| parent | 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff) | |
Improved flown analyse event:
* store packet directions
* merged direction based IATs
* merged direction based PKTLENs
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/flow-info/telnet.pcap.out')
| -rw-r--r-- | test/results/flow-info/telnet.pcap.out | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/test/results/flow-info/telnet.pcap.out b/test/results/flow-info/telnet.pcap.out index 02a936136..1e9a1a938 100644 --- a/test/results/flow-info/telnet.pcap.out +++ b/test/results/flow-info/telnet.pcap.out @@ -9,12 +9,14 @@ detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] RISK: Unsafe Protocol analyse: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 1.233| 0.125| 0.337] - [IAT(c->s)...: 0.000| 1.233| 0.160| 0.383][IAT(s->c)...: 0.001| 1.107| 0.088| 0.275] - [PKTLEN(c->s): 66.000| 151.000| 78.400| 23.800][PKTLEN(s->c): 66.000| 98.000| 75.800| 10.400] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 1.233| 0.125| 0.337|113396.253| 0.000] + [PKTLEN......: 66.000| 151.000| 77.200| 18.800| 354.000| 5.000] [BINS(c->s)..: 15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0] + [IATS........: 2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372,0] + [PKTLENS.....: 74,74,66,93,69,66,69,66,91,130,66,84,75,66,90,66,151,66,69,69,66,78,72,66,81,66,98,66,73,66,72,66] detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] RISK: Unsafe Protocol end: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe] |