diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-09-19 19:31:21 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-09-19 19:39:49 +0200 |
| commit | 08f263e40981483e96fab9d7c864722abe45df0d (patch) | |
| tree | 939dfce1c2f18a37cb355de5413f8b9852a220e7 /test/results/icmp-tunnel.pcap.out | |
| parent | 015a739efda638737adeed521ca5ba43708949f0 (diff) | |
nDPId: Reduced flow-updates for TCP flows to 1/4 of the timeout value.
* nDPId: Fixed broken validation tests.
* nDPId: Removed TICK_RESOLUTION, not required anymore.
* c-collectd: Improved total layer4 payload calculation/update handling.
* c-collectd: Updated RRD Graph script according to total layer4 payload changes.
* py-flow-info.py: Fixed several bugs and syntax errors.
* Python scripts: Added dirname(argv[0]) as search path for nDPIsrvd.py.
* nDPIsrvd&nDPId-test: Fixed missing EPOLLERR check.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/icmp-tunnel.pcap.out')
| -rw-r--r-- | test/results/icmp-tunnel.pcap.out | 40 |
1 files changed, 29 insertions, 11 deletions
diff --git a/test/results/icmp-tunnel.pcap.out b/test/results/icmp-tunnel.pcap.out index 4964f5268..f5051bba3 100644 --- a/test/results/icmp-tunnel.pcap.out +++ b/test/results/icmp-tunnel.pcap.out @@ -1,4 +1,4 @@ -00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"icmp-tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_usec":0} +00491{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"icmp-tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1360227866458898} 00732{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":92,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1360227866459330,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1360227866459330,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1360227866459330,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAFvrPQgAAS1uE1EtSQYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} @@ -6,17 +6,35 @@ 00609{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1360227867458100,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1360227867458100,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAH3tPQgAAi5uE1EKRgYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00610{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1360227868458136,"flow_dst_last_pkt_time":1360227866459330,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":92,"thread_ts_usec":1360227868458136,"pkt":"AAwpy+OCAAwpzwzBCABFAABwAABAAEABhDTAqJqDwKiahAgAAAD+\/wAARQAAVAAAQABAASPpCl8BAQpfAQIIAD\/sPQgAAy9uE1FHRgYACAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 01681{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":36,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":9,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227888466859,"flow_dst_last_pkt_time":1360227888466987,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":92,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":92,"flow_dst_max_l4_payload_len":92,"flow_src_tot_l4_payload_len":2116,"flow_dst_tot_l4_payload_len":828,"midstream":0,"thread_ts_usec":1360227888466987,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":998770,"flow_avg":1419844.6,"flow_max":13999352,"flow_stddev":2296693.5,"c_to_s_min":998770,"c_to_s_avg":1000342.2,"c_to_s_max":1001250,"c_to_s_stddev":690.4,"s_to_c_min":1000921,"s_to_c_avg":2445295.0,"s_to_c_max":13999352,"s_to_c_stddev":4084976.0},"pktlen": {"c_to_s_min":126,"c_to_s_avg":126.0,"c_to_s_max":126,"c_to_s_stddev":0.0,"s_to_c_min":126,"s_to_c_avg":126.0,"s_to_c_max":126,"s_to_c_stddev":0.0},"bins": {"c_to_s": [0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":104,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":59,"flow_dst_packets_processed":38,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360227908233821,"flow_dst_last_pkt_time":1360227908233520,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":852,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":6481,"flow_dst_tot_l4_payload_len":5677,"midstream":0,"thread_ts_usec":1360227908233821,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01011{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":160,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":87,"flow_dst_packets_processed":60,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228057029534,"flow_dst_last_pkt_time":1360228057029101,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":852,"flow_dst_max_l4_payload_len":844,"flow_src_tot_l4_payload_len":9088,"flow_dst_tot_l4_payload_len":8105,"midstream":0,"thread_ts_usec":1360228057029534,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":214,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":107,"flow_dst_packets_processed":80,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228178094744,"flow_dst_last_pkt_time":1360228178094295,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":15614,"flow_dst_tot_l4_payload_len":14635,"midstream":0,"thread_ts_usec":1360228178094744,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":257,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":125,"flow_dst_packets_processed":95,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228298215269,"flow_dst_last_pkt_time":1360228298215435,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":20754,"flow_dst_tot_l4_payload_len":16362,"midstream":0,"thread_ts_usec":1360228298215435,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":294,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":139,"flow_dst_packets_processed":108,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228422618863,"flow_dst_last_pkt_time":1360228422618457,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22250,"flow_dst_tot_l4_payload_len":17990,"midstream":0,"thread_ts_usec":1360228422618863,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":4,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1360228467662193} -01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":216,"flow_dst_packets_processed":184,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228543914452,"flow_dst_last_pkt_time":1360228543914949,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":32219,"flow_dst_tot_l4_payload_len":27667,"midstream":0,"thread_ts_usec":1360228543914949,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":525,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":247,"flow_dst_packets_processed":213,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228682488933,"flow_dst_last_pkt_time":1360228682488473,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":36155,"flow_dst_tot_l4_payload_len":31097,"midstream":0,"thread_ts_usec":1360228682488933,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":569,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":262,"flow_dst_packets_processed":228,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228816210073,"flow_dst_last_pkt_time":1360228816209678,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":37588,"flow_dst_tot_l4_payload_len":32500,"midstream":0,"thread_ts_usec":1360228816210073,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01015{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":99,"flow_dst_packets_processed":72,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228087392773,"flow_dst_last_pkt_time":1360228087392391,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":14860,"flow_dst_tot_l4_payload_len":13877,"midstream":0,"thread_ts_usec":1360228087392773,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":198,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":103,"flow_dst_packets_processed":76,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228122245209,"flow_dst_last_pkt_time":1360228122245788,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":15216,"flow_dst_tot_l4_payload_len":14233,"midstream":0,"thread_ts_usec":1360228122245788,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":208,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":106,"flow_dst_packets_processed":79,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228158089597,"flow_dst_last_pkt_time":1360228158090071,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":15574,"flow_dst_tot_l4_payload_len":14595,"midstream":0,"thread_ts_usec":1360228158090071,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":216,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":108,"flow_dst_packets_processed":81,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228198115302,"flow_dst_last_pkt_time":1360228198114821,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":15654,"flow_dst_tot_l4_payload_len":14675,"midstream":0,"thread_ts_usec":1360228198115302,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":224,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":110,"flow_dst_packets_processed":83,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228238155844,"flow_dst_last_pkt_time":1360228238155402,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":15734,"flow_dst_tot_l4_payload_len":14755,"midstream":0,"thread_ts_usec":1360228238155844,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":232,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":112,"flow_dst_packets_processed":85,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228278197849,"flow_dst_last_pkt_time":1360228278197225,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1036,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":15814,"flow_dst_tot_l4_payload_len":14835,"midstream":0,"thread_ts_usec":1360228278197849,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":259,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":126,"flow_dst_packets_processed":96,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228318236831,"flow_dst_last_pkt_time":1360228318236422,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":20794,"flow_dst_tot_l4_payload_len":16402,"midstream":0,"thread_ts_usec":1360228318236831,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01016{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":267,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":128,"flow_dst_packets_processed":98,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228358273374,"flow_dst_last_pkt_time":1360228358272926,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":20874,"flow_dst_tot_l4_payload_len":16482,"midstream":0,"thread_ts_usec":1360228358273374,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":290,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":138,"flow_dst_packets_processed":107,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228402597860,"flow_dst_last_pkt_time":1360228402596581,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22210,"flow_dst_tot_l4_payload_len":17950,"midstream":0,"thread_ts_usec":1360228402597860,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":296,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":140,"flow_dst_packets_processed":109,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228442640689,"flow_dst_last_pkt_time":1360228442640274,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22290,"flow_dst_tot_l4_payload_len":18030,"midstream":0,"thread_ts_usec":1360228442640689,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":298,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":251,"total-skipped-flows":0,"total-l4-payload-len":40400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":12,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1360228467662193} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":311,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":146,"flow_dst_packets_processed":114,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228485957206,"flow_dst_last_pkt_time":1360228485957682,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":22995,"flow_dst_tot_l4_payload_len":18623,"midstream":0,"thread_ts_usec":1360228485957682,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":393,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":186,"flow_dst_packets_processed":154,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228522817624,"flow_dst_last_pkt_time":1360228522818134,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":28272,"flow_dst_tot_l4_payload_len":23795,"midstream":0,"thread_ts_usec":1360228522818134,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":471,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":224,"flow_dst_packets_processed":192,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228557159010,"flow_dst_last_pkt_time":1360228557159568,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":33486,"flow_dst_tot_l4_payload_len":28699,"midstream":0,"thread_ts_usec":1360228557159568,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":479,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":194,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228597202572,"flow_dst_last_pkt_time":1360228597202143,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":33566,"flow_dst_tot_l4_payload_len":28779,"midstream":0,"thread_ts_usec":1360228597202572,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":512,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":242,"flow_dst_packets_processed":209,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228629406689,"flow_dst_last_pkt_time":1360228629405969,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":35679,"flow_dst_tot_l4_payload_len":30721,"midstream":0,"thread_ts_usec":1360228629406689,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":523,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":246,"flow_dst_packets_processed":212,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228662467491,"flow_dst_last_pkt_time":1360228662466861,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":36115,"flow_dst_tot_l4_payload_len":31057,"midstream":0,"thread_ts_usec":1360228662467491,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":531,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":248,"flow_dst_packets_processed":214,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228702510651,"flow_dst_last_pkt_time":1360228702510229,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":36195,"flow_dst_tot_l4_payload_len":31137,"midstream":0,"thread_ts_usec":1360228702510651,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":537,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":250,"flow_dst_packets_processed":216,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228742554324,"flow_dst_last_pkt_time":1360228742553776,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":36275,"flow_dst_tot_l4_payload_len":31217,"midstream":0,"thread_ts_usec":1360228742554324,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":547,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":253,"flow_dst_packets_processed":219,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228790336190,"flow_dst_last_pkt_time":1360228790336955,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":36492,"flow_dst_tot_l4_payload_len":31426,"midstream":0,"thread_ts_usec":1360228790336955,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":573,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":263,"flow_dst_packets_processed":229,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228836231795,"flow_dst_last_pkt_time":1360228836231372,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":37628,"flow_dst_tot_l4_payload_len":32540,"midstream":0,"thread_ts_usec":1360228836231795,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":669,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":310,"flow_dst_packets_processed":276,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228868681013,"flow_dst_last_pkt_time":1360228868681515,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":43830,"flow_dst_tot_l4_payload_len":38703,"midstream":0,"thread_ts_usec":1360228868681515,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":777,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":361,"flow_dst_packets_processed":327,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228907631744,"flow_dst_last_pkt_time":1360228907632279,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":50585,"flow_dst_tot_l4_payload_len":45375,"midstream":0,"thread_ts_usec":1360228907632279,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":801,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":371,"flow_dst_packets_processed":337,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228942890883,"flow_dst_last_pkt_time":1360228942891404,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":51973,"flow_dst_tot_l4_payload_len":46675,"midstream":0,"thread_ts_usec":1360228942891404,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} +01017{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":910,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":423,"flow_dst_packets_processed":390,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228984799284,"flow_dst_last_pkt_time":1360228984799441,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":57434,"flow_dst_tot_l4_payload_len":52234,"midstream":0,"thread_ts_usec":1360228984799441,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":961,"source":"icmp-tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":448,"flow_dst_packets_processed":415,"flow_first_seen":1360227866459330,"flow_src_last_pkt_time":1360228988973603,"flow_dst_last_pkt_time":1360228988973740,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":40,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1041,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":83334,"flow_dst_tot_l4_payload_len":78134,"midstream":0,"thread_ts_usec":1360228988973740,"l3_proto":"ip4","src_ip":"192.168.154.131","dst_ip":"192.168.154.132","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":961,"packets-processed":863,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":8,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1360228988973740} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":961,"source":"icmp-tunnel.pcap","alias":"nDPId-test","packets-captured":961,"packets-processed":863,"total-skipped-flows":0,"total-l4-payload-len":161468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":26,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_usec":1360228988973740} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 961/863 ~~ skipped flows.............: 0 @@ -29,6 +47,6 @@ ~~ total memory freed........: 6061136 bytes ~~ total allocations/frees...: 122352/122352 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 482 chars +~~ json string min len.......: 496 chars ~~ json string max len.......: 1686 chars -~~ json string avg len.......: 1083 chars +~~ json string avg len.......: 1090 chars |