Improved flown analyse event:

* store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-22 19:07:08 +0200
commit: 9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree: 73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/fuzz-2020-02-16-11740.pcap.out
parent: 28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)
1 files changed, 6 insertions, 6 deletions
diff --git a/test/results/fuzz-2020-02-16-11740.pcap.out b/test/results/fuzz-2020-02-16-11740.pcap.out
index cdfa6fb7d..fc16483c0 100644
--- a/test/results/fuzz-2020-02-16-11740.pcap.out
+++ b/test/results/fuzz-2020-02-16-11740.pcap.out
@@ -94,7 +94,7 @@
 00220{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_usec":1528997012338586}
 00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_usec":1528997012137776,"pkt":"ABRP+4rqcNuYVcUnCABFAIEw++ZAAPwRV5TG4hk1CgxAHgcUchABHA0JAicBFBsdKAWbpXDSR2MuOEvDRI4aCwAAV8gbBVNQQxpuAAABNxA0owm4HCG6PU2XNAkv\/vzDOB0KCSSyhii6vunR59O76CIKGOYjAfl7PUhdXq\/+IyUA1AERNOgzhBq9cBFTORk8iq5zOGawlRK5SmrzC9CE14BmLSTx9+rzUr5gcK7nljeTYDH3Q7JtAU4wMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNCUALm12YzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNDg0L2YwOjc5OjYwOmQxOjdkOjM3LzIxNVkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJln13lrCrLxGDT3fIxBMmg"}
 00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1528996603395872,"flow_src_last_pkt_time":1528996832079336,"flow_dst_last_pkt_time":1528996609592806,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":209,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":834,"flow_dst_max_l4_payload_len":105,"flow_src_tot_l4_payload_len":2009,"flow_dst_tot_l4_payload_len":105,"midstream":0,"thread_ts_usec":1528997012137776,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
-01624{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528997019398709,"flow_dst_last_pkt_time":1528997011828903,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":12258,"flow_dst_tot_l4_payload_len":2595,"midstream":0,"thread_ts_usec":1528997019398709,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":155168,"flow_avg":61128012.0,"flow_max":612411195,"flow_stddev":140850256.0,"c_to_s_min":187053,"c_to_s_avg":55957004.0,"c_to_s_max":612411195,"c_to_s_stddev":151358432.0,"s_to_c_min":155168,"s_to_c_avg":67407088.0,"s_to_c_max":452627740,"s_to_c_stddev":126642552.0},"pktlen": {"c_to_s_min":697,"c_to_s_avg":723.0,"c_to_s_max":745,"c_to_s_stddev":21.9,"s_to_c_min":179,"s_to_c_avg":227.4,"s_to_c_max":318,"s_to_c_stddev":45.2},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+01853{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1528996068129675,"flow_src_last_pkt_time":1528997019398709,"flow_dst_last_pkt_time":1528997011828903,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":655,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":703,"flow_dst_max_l4_payload_len":276,"flow_src_tot_l4_payload_len":12258,"flow_dst_tot_l4_payload_len":2595,"midstream":0,"thread_ts_usec":1528997019398709,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":155168,"avg":61128012.0,"max":612411195,"stddev":140850256.0,"var":19838793242640384.0,"ent":2.7,"data": [155168,452627740,595449,114837328,612411195,44261470,205164,4046522,4037802,201918,4553249,187053,43562433,202627,48502104,3244519,3442366,3335821,3536360,209147,201397,255983176,256164296,599645,6262990,492548,7309633,8000538,8015324,522347,7260933,0]},"pktlen": {"min":179,"avg":506.2,"max":745,"stddev":248.2,"var":61618.1,"ent":4.8,"data": [697,257,239,318,239,745,179,697,179,697,206,745,697,745,697,206,179,697,745,179,697,206,745,239,725,745,725,318,745,239,725,745]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0]},"ndpi": {"confidence": {"6":"DPI"},"proto":"Radius","proto_id":"146","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
 00199{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":1,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_usec":1528997023243075}
 01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_usec":1528997020091114,"pkt":"AAAMB6xAABRP+4rqCAAHAALbIOZAAP8RAAAKDEAexuIZNXIQBxQC1gAAASoCn1lLG5tNeGgoWBAiZw18BtkaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICVZXSVNQUjEwGgkAADghDQMyNwZbIqSfATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
 00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1528997023501287,"flow_src_last_pkt_time":1528997023501287,"flow_dst_last_pkt_time":1528997023501287,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":164,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":164,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":164,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1528997023501287,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -609,10 +609,10 @@
 ~~ total active/idle flows...: 79/79
 ~~ total timeout flows.......: 13
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6207930 bytes
-~~ total memory freed........: 6207930 bytes
-~~ total allocations/frees...: 122723/122723
+~~ total memory allocated....: 6171274 bytes
+~~ total memory freed........: 6171274 bytes
+~~ total allocations/frees...: 122565/122565
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 204 chars
-~~ json string max len.......: 1629 chars
-~~ json string avg len.......: 916 chars
+~~ json string max len.......: 1858 chars
+~~ json string avg len.......: 1031 chars
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-22 19:07:08 +0200
commit	9a28475bba88b711b7075b58473b7e5b5df1f393 (patch)
tree	73cdf56320f14b5fe0fbfb2e930cf7ea025f9117 /test/results/fuzz-2020-02-16-11740.pcap.out
parent	28971cd7647a79253000fb33e52b5d2129e5ba62 (diff)