diff options
| author | Toni <matzeton@googlemail.com> | 2024-08-19 18:33:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-19 18:33:18 +0200 |
| commit | 5e4005162b804c5501fccf4d066c5b1b99c38b89 (patch) | |
| tree | 73a090e6c0fd79de4a2d5fc950be8d52185bf905 /test/results/stun_extra_dissection | |
| parent | a230eaf061e4c570acfa3e2d494baa6c604acc22 (diff) | |
Add PF_RING support. (#38)
Diffstat (limited to 'test/results/stun_extra_dissection')
2 files changed, 4 insertions, 4 deletions
diff --git a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out index ae31ca9f2..5dd7f8deb 100644 --- a/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out +++ b/test/results/stun_extra_dissection/stun_dtls_rtp_unidir.pcapng.out @@ -1,5 +1,5 @@ 00591{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00744{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} +00815{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1449812497255265} 00798{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1449812497255265,"pkt":"ACZsuc\/8ACZsCyRcCABFAABAL58AAIAR9v8KCgABCgEAA\/7K4YIALFAqAAMAECESpELECsSOsFxxIrqIIMwAGQAEEQAAAIAoAATGrBhE"} 01093{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812497255265,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812497255265,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} @@ -18,7 +18,7 @@ 00777{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1449812497496479,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_usec":1449812497496479,"pkt":"ACZs0wdDACZsIyatCABFAADMboRAAEARt44KAQADCgoAARbdCvgAuIfMABcAnCESpEKabwkxCgNoKDFqLpgAEwBsAAEAWCESpEJ+6j0VqO37x7qvJhcABgAZZWEydnJwQzRKd2NqQ0YwZToyNzBlMzkzZgAAAAAlAAAAJAAEbn4A\/4AqAAgAAAAAAAAAAQAIABSRSix2Wt+JeRYEja3Dcq7w4OuHlYAoAARIzREHABIACAABzHArEqTRgCIAGkNvdHVybi00LjUuMC4zICdkYW4gRWlkZXInICc="} 01233{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255265,"flow_src_last_pkt_time":1449812504413713,"flow_dst_last_pkt_time":1449812497255265,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":436,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3924,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.10.0.1","dst_ip":"10.1.0.3","src_port":65226,"dst_port":57730,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01231{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1449812497255723,"flow_src_last_pkt_time":1449812504427110,"flow_dst_last_pkt_time":1449812497255723,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":60,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":708,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4628,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1449812504427110,"l3_proto":"ip4","src_ip":"10.1.0.3","dst_ip":"10.10.0.1","src_port":5853,"dst_port":2808,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00753{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":43,"packets-processed":43,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} +00824{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp_unidir.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":43,"packets-processed":43,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":8552,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1449812504427110} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 43/43 ~~ skipped flows.............: 0 diff --git a/test/results/stun_extra_dissection/stun_zoom.pcapng.out b/test/results/stun_extra_dissection/stun_zoom.pcapng.out index 9949b852b..5fbaf76e6 100644 --- a/test/results/stun_extra_dissection/stun_zoom.pcapng.out +++ b/test/results/stun_extra_dissection/stun_zoom.pcapng.out @@ -1,5 +1,5 @@ 00580{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} -00733{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} +00804{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091} 00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5} 00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"} 01094{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}} @@ -24,7 +24,7 @@ 02332{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} 01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}} 01128{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00743{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1661169536805680} +00814{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4628-142c8f5","packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1661169536805680} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 |