diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2025-03-05 19:00:23 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2025-03-06 19:00:23 +0100 |
| commit | ae95c95617d3716abcfbcc93742f6652e44d151c (patch) | |
| tree | fb07186390ebc402a34aa212986ee4a0d0e44ea1 /test/results/ndpireader_conf_file | |
| parent | 42c54d3755a84dfaf741157fe83c94b0b15fb296 (diff) | |
* fix API issue with a changed function signature
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/ndpireader_conf_file')
3 files changed, 19 insertions, 19 deletions
diff --git a/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out b/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out index f6e8c8c99..42bac41d5 100644 --- a/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out +++ b/test/results/ndpireader_conf_file/openvpn_obfuscated.pcapng.out @@ -1,5 +1,5 @@ -00638{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} +00638{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00859{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1722427237865123} 00801{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722427237865123,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237865123,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237865123,"pkt":"CL6sCxduJjb1W8R1CABFAAA8G7tAAEAGftnAqAycuYAZY5RYAdHRRTx5AAAAAKAC\/\/8WmQAAAgQFtAQCCApRg5vRAAAAAAEDAwk="} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1722427237865123,"flow_dst_last_pkt_time":1722427237885149,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722427237885149,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADEGqZS5gBljwKgMnAHRlFgui1zd0UU8eqAS\/\/\/GVwAAAgQFtAQCCApg+GPPUYOb0QEDAwk="} @@ -14,7 +14,7 @@ 01047{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401921409,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":417,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":417,"pkt_l4_len":383,"thread_ts_usec":1722427401924227,"pkt":"CL6sCxduJjb1W8R1CABFAAGT2SFAAEARDyHAqAyclWbubLgYBL4Bf+BaVEX2eYIGWZW97B\/uBFKid6MSV9\/02W2\/W+o36cuQNVtmMhAJHTAcbDg7XCMFAl0xHCYeGhojEQ07YGRoa2JiGBURHRlLEx04EAUBFg8EBB4VCR8QQxUVFBYoJyUjKnU9F0geFD5NHRwpDR0JMwQHEBgXGRgREREWHu32uP3s3BELEBsZDBEMEQcEDlgJDwQeFxCIEBhHyxRzBjPkcOAZKQXaF+N3ATvcOcpmAyzAL96OHmPUM\/K30LS6xKT6al3NNNxMChsDEA8uCd46WfS1aCsMHMuFvhUjOGTIBxpU3v\/Hxw6s\/CgKCqKhIJpNENIN2+tGFOfxS7QuGoPC52Q7v9u+NPw8b3vfvXXBBwc5DBYQNxUEGwYXFhEnO2pMT+yE7o8cNhkQEQM5pmcMCREEcDf7xzLpHLLsNx\/zRQ7DT7GnNBoJH96PWo0gzSL9g2Dar\/34qx5dEYO9\/DG3QzVndkG9w4jcVbkhUFWSERwvvUItAJ\/89A5z"} 00666{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":64,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934060,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_usec":1722427401934060,"pkt":"Jjb1W8R1CL6sCxduCABFAAB6OL1AADURu56VZu5swKgMnAS+uBgAZvhOXG8GfZrUgA1YMzkxNWQxAbNSOT0tNIAP9idCl\/rehm7YfSBAKj59k9UPRPKVaW0LUqQgzFOtLHumhFDN1Y5hbY3tlOPyWvfVkw6K7l+x6eqyqyRV8MQse1pU+6KRqg=="} 02048{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1722427401924227,"flow_dst_last_pkt_time":1722427401934161,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1158,"pkt_l4_len":1124,"thread_ts_usec":1722427401934161,"pkt":"Jjb1W8R1CL6sCxduCABFAAR4OL5AADURt5+VZu5swKgMnAS+uBgEZLQzVLAa0ZHTWfav3aQ6aDiNoVBwHdfIrsumF\/Xi771+6seFvgsgbkxRKAqi+llZx7z81zilj97CxWRsx93kXlTmVZH1P80KGnxXlR7BiJM18BLjNISj+gZaL0RMsbZ\/\/0UWwTMg0BMD+RgWYRcd61hmbZABZnpzMi\/LZRSE50mWCxH9dHqopm4Rzi4Sn7KxkjSWm8BiRUowB\/370WD0qx\/g9JW5UIxB92Ud6V1iTPjtmCgTxngrFqv4udp8FTsD8KNaHIzqNRUDWeNKhdBfywJxLoo8\/p1OGrSOuC\/yUWCOVPBEG0DdNlHBPyeW8SDwcnP4DcidmrJfxLHUg1HGh4+RWLkSFQsr+4W5z29yC41XpvCOCfc\/hn+EAz73kSY1DzJL59r2AXH8G5Rea\/RbEUrobun9NGOeVKCIzmD8Trl96OaqJhX8xal6pdV0sAV5Vo9xPebYVgEG80YaI0ek\/7yknL8W9IBQ2aLOpnFDXpCbdgYsosJ1y5dt6ib8aNJ+M\/xKRCussfhzl6cYKdrj1skMpL6bcbwUuhNt0cz28hf9enP7WBDH0Fxp5kwD+hH3G30EyEpxKuMziqSt\/e4UQR1duSa5VhMDOC98xMmGl0fj5OxMkG6xFP+PlFxbfRIMxgHsORiw87u6+g8HDPXiXIvJH4NZ7GvAgKGx6vPzRzY1kJ62bLlLPsnFFe6u5Lu3S820EMsOgXAFuSfj3yV3Evd+WLk737aUMZpoycfdzpgL1pvr4w3GxN\/TLg48jWGBKotX5zgnS6rvI88rGnHjRpaeOQ9CGYvCXVgO6n0MG2pCKs14CRjfcLqndxUDz5CE0mpW+jUfNJ4ux57J42zD3C+R4ZvY0UqADXZgvIZieAaKP2Qftw4pNwvuYOvK1OYGPbD+e89LxaNtpqyRB1MKVrBbdwgLG5kjU0ZoQUZJ2JOassNku+llFLRYPlNIJdOPFe8lNwX6hfJGdRMMmb4N9pCq8zoPySjjHjxjcpVsIj21jIi6qDUjUIvYwHaz3y0G7hXahyVVr7iDXUaXJGHIL0N4eAIJwH2sxv5+E4rQX5KXSJTnQN0IUM9\/AywsX9qhuZUo9Ozj\/8opy6hdWDTnxIrSvYZ63LEWGZ6GbZq9Um2Ln9uD7D+\/BgaPsoCfTlvt4+mz8wj6pNzsVkxsrWn6iEtKp70qWQsP\/gFGe2Df51awxTQYITw6LzU6Lndgr4Qxly7lJIUUP46pn4P+TJ+8+3QoYuNOQEyg9SneVXtmcVB8Vnt2enN1DntXWXR5brdGfJSMHDslO+anlwsJFXTtGhgL4dS2wSKBjgYjFobKFroyEjVAyw7y9kntCrZphbXffdx2X4Zb1huMN30p83ks9\/SzOTk5Tj82bgcyZR09O24Tj2g3MTAMKUrvJnigQgCd7TGqBAQ2acAFhpTV62J2y9r8nx3tIE\/jhWhChZNaqTMjhHxlENJxKzeOMmtRIMpACoJ6fPzVRSJ+VFr38ZOo"} -00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} +00867{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":91,"packets-processed":90,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":22584,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":17,"global_ts_usec":1722705590754656} 00803{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1722705590754656,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1722705590754656,"l3_proto":"ip4","src_ip":"107.161.86.131","dst_ip":"192.168.12.156","src_port":443,"dst_port":48072,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590754656,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1722705590754656,"pkt":"Jjb1W8R1CL6sCxduCABFAAA8AABAADMGuFNroVaDwKgMnAG7u8glbqt9M+JifKAS\/\/9LzQAAAgQFtAQCCApqqi2Uyg3lpAEDAwI="} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1722705590754656,"flow_dst_last_pkt_time":1722705590856725,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1722705590856725,"pkt":"CL6sCxduJjb1W8R1CABFAAA0KexAAEAGgW\/AqAyca6FWg7vIAbsz4mJ8JW6rfoAQAKx48wAAAQEICsoN5plqqi2U"} @@ -27,7 +27,7 @@ 01136{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":29,"flow_dst_packets_processed":31,"flow_first_seen":1722427237865123,"flow_src_last_pkt_time":1722427239577895,"flow_dst_last_pkt_time":1722427239598141,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1024,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":5488,"flow_dst_tot_l4_payload_len":7758,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"185.128.25.99","src_port":37976,"dst_port":465,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"51": {"risk":"Fully Encrypted Flow","severity":"Medium","risk_score": {"total":360,"client":240,"server":120}}},"confidence": {"1":"Match by port"},"proto":"SMTPS","proto_id":"29","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Safe","category_id":3,"category":"Email"}} 01091{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"7":"Match by IP"},"proto":"NordVPN","proto_id":"426","proto_by_ip":"NordVPN","proto_by_ip_id":426,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":11,"flow_first_seen":1722427401914491,"flow_src_last_pkt_time":1722427403179824,"flow_dst_last_pkt_time":1722427403133860,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":73,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":740,"flow_dst_max_l4_payload_len":1116,"flow_src_tot_l4_payload_len":2831,"flow_dst_tot_l4_payload_len":6507,"midstream":0,"thread_ts_usec":1722705593900158,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"149.102.238.108","src_port":47128,"dst_port":1214,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} -00872{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} +00872{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":177,"source":"cfgs\/ndpireader_conf_file\/pcap\/openvpn_obfuscated.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":177,"packets-processed":177,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":42211,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1722705593900158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 177/177 ~~ skipped flows.............: 0 @@ -36,9 +36,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7499251 bytes -~~ total memory freed........: 7499251 bytes -~~ total allocations/frees...: 126071/126071 +~~ total memory allocated....: 8436514 bytes +~~ total memory freed........: 8436514 bytes +~~ total allocations/frees...: 144933/144933 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 571 chars ~~ json message max len.......: 2053 chars diff --git a/test/results/ndpireader_conf_file/signal_videocall.pcapng.out b/test/results/ndpireader_conf_file/signal_videocall.pcapng.out index dd3b938cc..5cfdfa330 100644 --- a/test/results/ndpireader_conf_file/signal_videocall.pcapng.out +++ b/test/results/ndpireader_conf_file/signal_videocall.pcapng.out @@ -1,5 +1,5 @@ -00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} +00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1732024431954625} 00802{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1732024431954625,"pkt":"dNo47VMyYhO2esBpCABFAAAwZxZAAEAR9\/jAqAxDI9jq6rs2DZYAHHvlAAEAACESpEJQQm9QWFIrVWRPcnY="} 01030{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024431954625,"flow_dst_last_pkt_time":1732024431954625,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1732024431954625,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"multimedia_flow_types":"Unknown"}}} @@ -31,7 +31,7 @@ 01166{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":167,"flow_dst_packets_processed":131,"flow_first_seen":1732024434112285,"flow_src_last_pkt_time":1732024444819796,"flow_dst_last_pkt_time":1732024444862357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1181,"flow_dst_max_l4_payload_len":858,"flow_src_tot_l4_payload_len":80551,"flow_dst_tot_l4_payload_len":26428,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":56377,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1732024431954625,"flow_src_last_pkt_time":1732024441970315,"flow_dst_last_pkt_time":1732024441977780,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":300,"flow_dst_tot_l4_payload_len":332,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.216.234.234","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"5":"DPI (cache)"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01041{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":13,"flow_first_seen":1732024431955912,"flow_src_last_pkt_time":1732024441965798,"flow_dst_last_pkt_time":1732024441969357,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":712,"flow_dst_tot_l4_payload_len":908,"midstream":0,"thread_ts_usec":1732024444862357,"l3_proto":"ip4","src_ip":"192.168.12.67","dst_ip":"35.219.252.146","src_port":47926,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1732024444862357} +00871{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":334,"source":"cfgs\/ndpireader_conf_file\/pcap\/signal_videocall.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":334,"packets-processed":334,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":109231,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":34,"global_ts_usec":1732024444862357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 334/334 ~~ skipped flows.............: 0 @@ -40,9 +40,9 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7499733 bytes -~~ total memory freed........: 7499733 bytes -~~ total allocations/frees...: 126227/126227 +~~ total memory allocated....: 8436996 bytes +~~ total memory freed........: 8436996 bytes +~~ total allocations/frees...: 145089/145089 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 564 chars ~~ json message max len.......: 2400 chars diff --git a/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out b/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out index 00382fa03..70f4b14b4 100644 --- a/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out +++ b/test/results/ndpireader_conf_file/stun_signal_tcp.pcapng.out @@ -1,5 +1,5 @@ -00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} +00635{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} +00856{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1733247378288841} 00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1733247378288841,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378288841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378288841,"pkt":"ILAB4IZiSKRyNpegCABFAAA0B4lAAIAGELDAqAF1I9v8kshgAFBbKS1nAAAAAIAC+vBAUwAAAgQFtAEDAwgBAQQC"} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1733247378288841,"flow_dst_last_pkt_time":1733247378293937,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1733247378293937,"pkt":"SKRyNpegILAB4IZiCABFAAA0AABAADoGXjkj2\/ySwKgBdQBQyGCXmzc3WyktaIASf5Ts8QAAAgQFjAEBBAIBAwMK"} @@ -10,7 +10,7 @@ 01069{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378295356,"flow_dst_last_pkt_time":1733247378307859,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":84,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":84,"midstream":0,"thread_ts_usec":1733247378307859,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org","domainame":"signal.org","stun": {"multimedia_flow_types":"Unknown"}}} 02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247378757373,"flow_dst_last_pkt_time":1733247378756881,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":132,"flow_dst_max_l4_payload_len":248,"flow_src_tot_l4_payload_len":1352,"flow_dst_tot_l4_payload_len":880,"midstream":0,"thread_ts_usec":1733247378757373,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":30212.0,"max":286751,"stddev":67983.4,"var":4621743104.0,"ent":3.1,"data": [5096,5226,1289,6488,7434,14695,6967,5300,207,220,218,169,5360,2561,0,6632,276631,286751,49627,44757,3676,9298,19816,40131,25233,48588,51212,0,2689,9892,409]},"pktlen": {"min":40,"avg":111.6,"max":288,"stddev":62.1,"var":3852.6,"ent":4.8,"data": [52,52,40,68,46,124,156,124,40,160,160,160,160,92,92,144,40,172,46,172,46,288,140,46,172,46,172,148,46,188,40,140]},"bins": {"c_to_s": [6,0,0,7,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [7,2,2,2,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,1,0,0,0,0,0,1,1,1,0,0,1,0,1,1,0,1,0,1,0,1,1,1,0,0],"entropies": [4.662476063,4.931210041,4.834183693,5.192451000,4.390829086,5.849559307,5.878578663,5.821106911,4.611769199,5.746960163,5.817604542,5.914802551,5.855510235,5.723954678,5.775637627,6.138474941,4.834183693,6.134611607,4.772925377,6.067693710,4.729446888,6.405649662,5.903401375,4.816403389,6.032229424,4.772924900,6.072082520,5.918906689,4.756514549,5.916465759,4.784183979,5.873402596]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} 01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":226,"flow_dst_packets_processed":274,"flow_first_seen":1733247378288841,"flow_src_last_pkt_time":1733247395709690,"flow_dst_last_pkt_time":1733247395702394,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1188,"flow_dst_max_l4_payload_len":1420,"flow_src_tot_l4_payload_len":58588,"flow_dst_tot_l4_payload_len":27476,"midstream":0,"thread_ts_usec":1733247395709690,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.219.252.146","src_port":51296,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.SignalVoip","proto_id":"78.269","proto_by_ip":"GoogleCloud","proto_by_ip_id":284,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"signal.org"}} -00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} +00869{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"cfgs\/ndpireader_conf_file\/pcap\/stun_signal_tcp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":500,"packets-processed":500,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":86064,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1733247395709690} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/500 ~~ skipped flows.............: 0 @@ -19,9 +19,9 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 7501782 bytes -~~ total memory freed........: 7501782 bytes -~~ total allocations/frees...: 126370/126370 +~~ total memory allocated....: 8439029 bytes +~~ total memory freed........: 8439029 bytes +~~ total allocations/frees...: 145232/145232 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json message min len.......: 552 chars ~~ json message max len.......: 2230 chars |