diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-12-15 23:25:32 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-01-20 00:50:38 +0100 |
| commit | 9e07a57566cc45bf92a845d8cee968d72e0f314e (patch) | |
| tree | 8f1a6bfd08bd68a5253fadf3a01beecda77b1c95 /test/results/reasm_crash_anon.pcapng.out | |
| parent | a35fc1d5ea8570609cc0c8cf6edadc81f8f5bb76 (diff) | |
Major nDPId extension. Sorry for the huge commit.
- nDPId: fixed invalid IP4/IP6 tuple compare
- nDPIsrvd: fixed caching issue (finally)
- added tiny c example (can be used to check flow manager sanity)
- c-captured: use flow_last_seen timestamp from `struct nDPIsrvd_flow`
- README.md update: added example JSON sequence
- nDPId: added new flow event `update` necessary for correct
timeout handling (and other future use-cases)
- nDPIsrvd.h and nDPIsrvd.py: switched to an instance
(consists of an alias/source tuple) based flow manager
- every flow related event **must** now serialize `alias`, `source`,
`flow_id`, `flow_last_seen` and `flow_idle_time` to make the timeout
handling and verification process work correctly
- nDPIsrvd.h: ability to profile any dynamic memory (de-)allocation
- nDPIsrvd.py: removed PcapPacket class (unused)
- py-flow-dashboard and py-flow-multiprocess: fixed race condition
- py-flow-info: print statusbar with probably useful information
- nDPId/nDPIsrvd.h: switched from packet-flow only timestamps (`pkt_*sec`)
to a generic flow event timestamp `ts_msec`
- nDPId-test: added additional checks
- nDPId: increased ICMP flow timeout
- nDPId: using event based i/o if capturing packets from a device
- nDPIsrvd: fixed memory leak on shutdown if remote descriptors
were still connected
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/reasm_crash_anon.pcapng.out')
| -rw-r--r-- | test/results/reasm_crash_anon.pcapng.out | 87 |
1 files changed, 50 insertions, 37 deletions
diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out index 566b27164..dd6a45ea1 100644 --- a/test/results/reasm_crash_anon.pcapng.out +++ b/test/results/reasm_crash_anon.pcapng.out @@ -1,52 +1,65 @@ -00486{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255} -00513{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00455{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":717955,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} -00455{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":717964,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} -00541{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":719465,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00437{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":719491,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EJAAABAQgKPplWLTphWIQ="} -00437{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":719495,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBjkAAQAbTlcCokZMK0QiUyBJV7zv7ZAzdkduQgBAhO1EYAAABAQgKPplWLTphWHY="} -01409{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":720713,"pkt_caplen":793,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":793,"pkt_l4_len":757,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAwmlH0AAQAYtLwrRCJTAqJGTVe\/IEt2R25A7+2QMgBgBxW5tAAABAQgKPmFYhT6ZVi08ZGV0YWlsczZpZD0iIiA+Cgk8bXNfdmVyc2lvbj4xMC4zLjFfPC9tc192ZXJzaW9uPgo8L2RldGFpbHM+CjxkZXRhaXNzIGlkPSIiID4KCTxzc19yZXJzaW9uPjExLjMuMV88L3NzX3ZlcnNpb24+CjwvZGV0YWlscz4KPGRldGFpbHMgaWQ9IiIgPgoJPGxvYWQxPjAuMDAwMDAwPC9sb2FkMT4KPC9kZXRhaWxzPgo8ZGV0YWlscyBpZD0iIiA+Cgk8bG9hZDI+MC4wMDAwMDA8L2xvIWQyPgo8L2RldGFIbHM+CjxkZXRhaWNzIGlkPSIiID4KCTxsb2FkMz4wLjAwMDAwMDwvbG9hZDM+CjwvZGV0YWlscz4KPGRldGFpbHMgaWQ9IiIgPgoJPFRvdGFsUkFNPjQxMTA2MzUwMDg8L1QlAGFsUkFNPgo8L2RHdGFpbHM+CjxkZXRhaWwlAGlkPSIiID4KCTxGcmVlUkFNPjEyNzc2Mjg1ETY8L0ZyZWVSQU0+CjwvZGV0YWlscz4KPGRldGFpbHMgaWQ9IiIgPgoJPFNoYSUAZFJBTT4wPC9TaGElAGRSQU0+CjwvZGV0YWlscz4KPGRldGFpbHMgaWQ9IiIgPgoJPEJ1ZmZlclJBTT4yOTYyGDgyNTY8L0J1ZmZlclJBTT4KPC9kZXRhaWxzPgo8ZGV0YWlscyBpZD0iIiA+Cgk8VG90YWxTd2FwU3BhY2U+NDI2MDQwNDY3MjwvVG90YWxTd2FwU3BhY2U+CjwvZGV0YWlscz4KPGRldGFpbHMgaWQ9IiIgPgoJPEZyZWVTd2FwU3BhY2U+NDI2MTQwNG03MjwvRnJlZVN3YXBTcGFjZT4KPC9kZXRhaWxzPgo8ZGV0YWlscyBpZD2IIiA+Cgk8UHJvY2Vzc0NvdW50PjIxNzwvUHJvY2Vzc0NvdW50Pgo8LmRldGFpbHM+Cg=="} -00437{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":720732,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBj0AAQAbTlMCokZMK0QiUyBJV71P7ZAzdkd5lUBAhO2YzAAABAQgKPplWLjphWIU="} -00437{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865705,"pkt_ts_usec":720736,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQDjplhDEt95AAAIAEUAADQBj0AAJgbtlcCokZMK0QiUyBJV7zv7ZCzdkd5lgBAhO39BAAABAQgKPpklADphWIU="} -00453{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865735,"pkt_ts_usec":818447,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAAAAQAGplhD8kgGAAAIAEUAAEEBkEAAQAbThsCokZMK0QiUyBJV7zv7ZAzdkd5lgBghOwCbAAABAQgKPpnLvzphWIU8ZGV0YWlscyAvPg0K"} -00514{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865735,"pkt_ts_usec":820186,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAGqlIEAAQAYvzQrRCJTAqJGTVe\/IEt2R3mU7+2QZgBgBxY15AAABAQgKOmHOGT6Z7b88ZGV0YWlscyBpZD0iIiA+Cgl5dXBvaW1lPjUyNzQ3NRw8L3VwdGltZT4KPC9kZXRhaWxzPgo="} -00439{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865735,"pkt_ts_usec":820212,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBkUAAQAbTksCokZMK0QiUyBJV7zv7ZBndkd6bgBAhO52OAAABCAo+mcvBOmHOGQA="} -00439{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865735,"pkt_ts_usec":820215,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBkUAAQAbTksCokZMK0QiUyBJV7zv7ZBndkd6bgBAhO2LHAAABAQgKPpnLwTphzhk="} -01395{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865735,"pkt_ts_usec":821432,"pkt_caplen":781,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":781,"pkt_l4_len":745,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAv2lIUAAQAYtOQrRCJTAqJGTVe\/IEt2R3ps7+2QZgBgBxZtOAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} -00440{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865735,"pkt_ts_usec":821451,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"pkt":"AAQAAQAGplhDbuEZAAAIAEUAADQBkkAAQAbTkcCokZMK0QiUyBJV7zv7ZBndkeFwgBAhO1\/wAAABAQgKPpnLwjphzho="} -00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865765,"pkt_ts_usec":918969,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"} +00452{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410865705717,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} +00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} +00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410865765918,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45} -00455{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865765,"pkt_ts_usec":918977,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"pkt":"AAAAAQAGplhD8kgGAAAIAEUAAEEBk0AAQAbTg8CokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"} -00475{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865765,"pkt_ts_usec":920759,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="} +00454{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"ts_msec":1410865765920,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86} -00400{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410865916,"pkt_ts_usec":424087,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="} +00588{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1410865886320,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00574{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"ts_msec":1410865886320,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1410865886320,"flow_last_seen":1410865886320,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410865886320,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1410865886320,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410865886320,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBn0AAQAbTd8CokZMK0QiUyBJV7zv7ZE3dke2cgBghO1lPAAABAQgKPpwXpjpjpG08ZGV0YWlscyAvPg0K"} +00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1410865886322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":122,"pkt_l4_len":86,"ts_msec":1410865886322,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAGqlKkAAQAYvwwrRCJTAqJGTVe\/IEt2R7Zw7+2RagBgBxSgtAAABAQgKOmQaAT6cF6Y8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lPjUyNzQ5MDc8L3VwdGltZT4KPC9kZXRhaWxzPgo="} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1410865886322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410865886322,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBoEAAQAbTg8CokZMK0QiUyBJV7zv7ZFrdke3SgBAhO7t8AAABAQgKPpwXpzpkGgE="} +00379{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} -00399{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410866097,"pkt_ts_usec":27447,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="} +00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":17,"flow_first_seen":1410865886320,"flow_last_seen":1410865976625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":885,"flow_avg_l4_payload_len":52,"midstream":1,"ts_msec":1410866006722,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":2,"flow_packets_processed":17,"flow_first_seen":1410865886320,"flow_last_seen":1410865976625,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":885,"flow_avg_l4_payload_len":52,"midstream":1,"ts_msec":1410866006722,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1410866006722,"flow_last_seen":1410866006722,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410866006722,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1410866006722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866006722,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBq0AAQAbTa8CokZMK0QiUyBJV7zv7ZIHdkfnIgBghO6BGAAABAQgKPp3t+DplesA8ZGV0YWlscyAvPg0K"} +00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":54,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1410866006722,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866006722,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBq0AAQAbTa8CokZMK0QiUyBJV7zv7ZIGnkfnIgBghO9ZGAAABAQgKPp3t+DplesA8ZGV0YWlscyAvPg0K"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1410866006724,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866006724,"pkt":"AAAAAQAGplhD8kgGAAAIAEUAADQBT0AAQAbT1cCokZMK0QiUyBJV7zv7ZI7dkfn+gBAhOwJ0AAABAQgKPp3t+Tpl8FQ="} +00379{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410866097027,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} -00416{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410866217,"pkt_ts_usec":426443,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"} +00584{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":24,"flow_first_seen":1410866006722,"flow_last_seen":1410866157228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410866187325,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00570{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":3,"flow_packets_processed":24,"flow_first_seen":1410866006722,"flow_last_seen":1410866157228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410866187325,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1410866187325,"flow_last_seen":1410866187325,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"ts_msec":1410866187325,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1410866187325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866187325,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBvUAAQAbTWcCokZMK0QiUyBJV7zv7ZM\/dkgwKgBghOwq6AAABAQgKPqCvczpoPDw8ZGV0YWlscyAvPg0K"} +00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1410866187325,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866187325,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBvUAAQAbTWcCokZMK0QiUyBJV7zv7ZM\/dkgwKgBghO8q5AAABAQgKPqCvczpoPDw8ZGV0YWlscyAvfg0K"} +00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1410866187327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866187327,"pkt":"AAQAAQAGplhD2wS3AAAIAEUAADQBvkAAQAbTZcCokZMK0QiUyBJV7zv7ZNzdkgxAgBAhO2zmAAABAQgKPqCvdTposdA="} +00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410866217426,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45} -00384{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410866247,"pkt_ts_usec":530070,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="} +00363{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"ts_msec":1410866247530,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="} 00183{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20} -00417{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410866428,"pkt_ts_usec":129926,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"} +00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":19,"flow_first_seen":1410866187325,"flow_last_seen":1410866307731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":867,"flow_avg_l4_payload_len":45,"midstream":1,"ts_msec":1410866337831,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00572{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":4,"flow_packets_processed":19,"flow_first_seen":1410866187325,"flow_last_seen":1410866307731,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":867,"flow_avg_l4_payload_len":45,"midstream":1,"ts_msec":1410866337831,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":1,"flow_first_seen":1410866337831,"flow_last_seen":1410866337831,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"ts_msec":1410866337831,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1410866337831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866337831,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBzkAAQAbTVcCokZMK0QiUyBJV7zv7ZR3dkh5MgBAhO7jGAAABAQgKPqL7XERq\/bg="} +00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1410866337831,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"ts_msec":1410866337831,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBzkAAQAbTVcCokZMK0QiUyBJV7zv7ZR3dkh5MgBB6O2mDAAABAQgKPqL7XDqt\/bg="} +00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1410866367928,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"ts_msec":1410866367928,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBz0AAQAbTR8CokZMK0QiUyBJV7zv7ZR3dkh5MgBghO3RyAAABAQgKPqNw7jpq\/bg8ZGV0YWlscyDqPg0K"} +00396{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"ts_msec":1410866428129,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"} 00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45} -00403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410866578,"pkt_ts_usec":634330,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="} +00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="} 00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} -00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1410867060,"pkt_ts_usec":242182,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="} +00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="} 00184{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32} -00532{"flow_event_id":7,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} -00519{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":15} -00139{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test"} +00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":108,"flow_first_seen":1410866337831,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} +00573{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":5,"flow_packets_processed":108,"flow_first_seen":1410866337831,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":513,"flow_avg_l4_payload_len":4,"midstream":1,"ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} +00168{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","total-events-serialized":50} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/200 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 12867 bytes +~~ total layer4 data length..: 6327 bytes ~~ total detected protocols..: 0 -~~ total active/idle flows...: 1/1 +~~ total active/idle flows...: 5/5 +~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 1942927 bytes -~~ total memory freed........: 1942927 bytes -~~ total allocations/frees...: 35542/35542 +~~ total memory allocated....: 1957639 bytes +~~ total memory freed........: 1957639 bytes +~~ total allocations/frees...: 35558/35558 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 144 chars -~~ json string max len.......: 1414 chars -~~ json string avg len.......: 790 chars +~~ json string min len.......: 173 chars +~~ json string max len.......: 593 chars +~~ json string avg len.......: 386 chars |