diff options
| author | lns <matzeton@googlemail.com> | 2022-06-06 00:31:59 +0200 |
|---|---|---|
| committer | lns <matzeton@googlemail.com> | 2022-06-06 00:34:13 +0200 |
| commit | 3caf7727fd65e32e88d6e9153824b2dde68ade91 (patch) | |
| tree | 952a939fd2ebc6252621719882d851e6b297114c /test/results/malware.pcap.out | |
| parent | f5b002141300df8fcfe48ebcbd697c9227815559 (diff) | |
bump libnDPI to 0b3f8ed849cdf9971224c49a3958f0904a2bbbb5
* README/nDPId: fixed typ0
Signed-off-by: lns <matzeton@googlemail.com>
Diffstat (limited to 'test/results/malware.pcap.out')
| -rw-r--r-- | test/results/malware.pcap.out | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out index 6ce832bd6..ba8942e10 100644 --- a/test/results/malware.pcap.out +++ b/test/results/malware.pcap.out @@ -21,10 +21,10 @@ 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1569579416828,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1569579416828,"pkt":"CGoKOl4eMFLLbJwbCABFAAAoxe9AAEAGDIjAqAcHQ9dc0omkAbvdSlrsHWnKP1AQAfZocwAA"} 00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569579416636,"flow_last_seen":1569579416830,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569579416830,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00968{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569579416636,"flow_last_seen":1569579417029,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1977,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1569579417029,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} -02469{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}} +02462{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1569579416636,"flow_last_seen":1569579417030,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4897,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1569579417030,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.internetbadguys.com","server_names":"api.opendns.com,branded-login.opendns.com,cachecheck.opendns.com,community.opendns.com,dashboard2.opendns.com,dashboard.opendns.com,dashboard-ipv4.opendns.com,msp-login.opendns.com,api-ipv4.opendns.com,api-ipv6.opendns.com,authz.api.opendns.com,domain.opendns.com,help.vpn.opendns.com,ideabank.opendns.com,login.opendns.com,netgear.opendns.com,reseller-login.opendns.com,images.opendns.com,images-using.opendns.com,store.opendns.com,signup.opendns.com,twilio.opendns.com,updates.opendns.com,shared.opendns.com,tools.opendns.com,cache.opendns.com,api.umbrella.com,branded-login.umbrella.com,cachecheck.umbrella.com,community.umbrella.com,dashboard2.umbrella.com,dashboard.umbrella.com,dashboard-ipv4.umbrella.com,msp-login.umbrella.com,api-ipv4.umbrella.com,api-ipv6.umbrella.com,authz.api.umbrella.com,domain.umbrella.com,help.vpn.umbrella.com,ideabank.umbrella.com,login.umbrella.com,netgear.umbrella.com,reseller-login.umbrella.com,images.umbrella.com,images-using.umbrella.com,store.umbrella.com,signup.umbrella.com,twilio.umbrella.com,updates.umbrella.com,shared.umbrella.com,tools.umbrella.com,cache.umbrella.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"0c0aff9ccea5e7e1de5c3a0069d103f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=OpenDNS, Inc., CN=api.opendns.com","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"21:B4:CF:84:13:3A:21:A4:B0:02:63:76:39:84:EA:ED:27:EE:51:7C"}} 00651{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00577{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00816{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Certificate Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}} +00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1569579416636,"flow_last_seen":1569579417280,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6018,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":35236,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"10": {"risk":"TLS Cert Mismatch","severity":"High","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"TLS.OpenDNS","breed":"Acceptable","category":"Network"}} 00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":140000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7580000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":200000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} @@ -37,10 +37,10 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5144227 bytes -~~ total memory freed........: 5144227 bytes -~~ total allocations/frees...: 113413/113413 +~~ total memory allocated....: 5910175 bytes +~~ total memory freed........: 5910175 bytes +~~ total allocations/frees...: 118186/118186 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars -~~ json string max len.......: 2474 chars -~~ json string avg len.......: 1460 chars +~~ json string max len.......: 2467 chars +~~ json string avg len.......: 1457 chars |