diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-07-01 13:50:53 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-07-01 13:50:53 +0200 |
| commit | b5d4da879364da01df075937a27ec86573a1a08b (patch) | |
| tree | cbfcdfe8ec98da21aafd8a44cfe6140c4c9925ac /test/results/nest_log_sink.pcap.out | |
| parent | a80b6d727186a59d745b001ad43cfb7a2c0b53d0 (diff) | |
bump libnDPI to 8f6a006e36eef0ae386f7e663d3ebecfad6a2dc9
* try to use same wording wherever possible e.g.
renamed workflow->total_l4_data_len to workflow->total_l4_payload_len
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/nest_log_sink.pcap.out')
| -rw-r--r-- | test/results/nest_log_sink.pcap.out | 32 |
1 files changed, 16 insertions, 16 deletions
diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out index 6384f945c..291faeba7 100644 --- a/test/results/nest_log_sink.pcap.out +++ b/test/results/nest_log_sink.pcap.out @@ -1,13 +1,13 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nest_log_sink.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1536712992228} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1536712992228} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536712992228,"flow_last_seen":1536712992228,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536712992228,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1536712992228,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536712992228,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1536712992289,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1536712992289,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1536713052295,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536713052295,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} -00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1536713593921} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1536713593921} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1536714195599} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1536714195599} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1536714602587,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536714602587,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -32,10 +32,10 @@ 00710{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1536714800447} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1536714800447} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536714795433,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1536715402175} -00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1536716003807} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1536715402175} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-payload-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1536716003807} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1536716402804,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536716402804,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -61,8 +61,8 @@ 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536716592575,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1536716652586} -00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1536717254253} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1536716652586} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-payload-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1536717254253} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1536717427961,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536717427961,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -82,7 +82,7 @@ 00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536717632764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-data-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_msec":1536717873194} +00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-payload-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_msec":1536717873194} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718052990,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1536718052990,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718052990,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1536718053059,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718053059,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} @@ -113,11 +113,11 @@ 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":200000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718392405,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1536718512170} -00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_msec":1536719113902} -00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_msec":1536719715232} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1536718512170} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_msec":1536719113902} +00570{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_msec":1536719715232} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_msec":1536719715232} +00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-payload-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_msec":1536719715232} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/774 ~~ skipped flows.............: 0 @@ -126,9 +126,9 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5932870 bytes -~~ total memory freed........: 5932870 bytes -~~ total allocations/frees...: 118943/118943 +~~ total memory allocated....: 5933425 bytes +~~ total memory freed........: 5933425 bytes +~~ total allocations/frees...: 118964/118964 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 805 chars |