summaryrefslogtreecommitdiff
path: root/test/results/tftp.pcap.out
diff options
context:
space:
mode:
authorToni Uhlig <matzeton@googlemail.com>2021-08-03 11:26:44 +0200
committerToni Uhlig <matzeton@googlemail.com>2021-08-03 12:37:59 +0200
commit3a760355705761f46d57a70cca3a34834225ae97 (patch)
tree273a6ac4a44af6bb33df0a36c7cd9b5b969c3bed /test/results/tftp.pcap.out
parentc32461b032fd2fec74821f3bd5c9bcc2c9689de2 (diff)
bump libnDPI to 6b7e5fa8d251f11c1bae16ea892a43a92b098480
* fixed linking issue by using CMake to check if explicit link against libm required * make nDPIsrvd collectd exit if parent pid changed, meaning that collectd died somehow * nDPId-test restores SIGPIPE to the default handler (termination), so abnormal connection drop's do now have consequences Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/tftp.pcap.out')
-rw-r--r--test/results/tftp.pcap.out46
1 files changed, 46 insertions, 0 deletions
diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out
new file mode 100644
index 000000000..b96c2e758
--- /dev/null
+++ b/test/results/tftp.pcap.out
@@ -0,0 +1,46 @@
+00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00415{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411051,"pkt_ts_usec":972852,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00486{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_first_seen":1367411052077,"flow_last_seen":0,"flow_min_l4_payload_len":516,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":516,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+01078{"flow_id":2,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":77243,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyUAAIARI1DAqAAKwKgA\/Q11xboCDNSjAAMAAQoKCgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSy4gU29sbGlucwpSZXF1ZXN0IEZvciBDb21tZW50czogMTM1MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNSVQKU1REOiAzMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSAxOTkyCk9ic29sZXRlczogUkZDIDc4MwoKCiAgICAgICAgICAgICAgICAgICAgIFRIRSBURlRQIFBST1RPQ09MIChSRVZJU0lPTiAyKQoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBSRkMgc3BlY2lmaWVzIGFuIElBQiBzdGFuZGFyZHMgdHJhY2sgcHJvdG9jb2wgZm9yIHRoZSBJbnRlcm5ldAogICBjb21tdW5pdHksIGFuZCByZXF1ZXN0cyBkaXNjdXNzaW9uIGFuZCBzdWdnZXN0aW9ucyBmb3IgaW1wcm92ZW1lbnRzLgogICBQbGVhc2UgcmVmZXIgdG8gdGhlIGN1cnJlbnQgZWRpdGlvbiBvZiB0aGUgIklB"}
+00410{"flow_id":2,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":81790,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"}
+01078{"flow_id":2,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":86300,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"}
+00410{"flow_id":2,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":88961,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAIAAP8ROXPAqAD9wKgACsW6DXUADKpIAAQAAgAAAAAAAAAAAAAAAAAA"}
+00591{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+01079{"flow_id":2,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":88995,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkygAAIARI03AqAAKwKgA\/Q11xboCDFT\/AAMAA3Byb3RvY29sIHdhcyBvcmlnaW5hbGx5IGRlc2lnbmVkIGJ5IE5vZWwgQ2hpYXBwYSwgYW5kIHdhcwogICByZWRlc2lnbmVkIGJ5IGhpbSwgQm9iIEJhbGR3aW4gYW5kIERhdmUgQ2xhcmssIHdpdGggY29tbWVudHMgZnJvbQogICBTdGV2ZSBTenltYW5za2kuICBUaGUgY3VycmVudCByZXZpc2lvbiBvZiB0aGUgZG9jdW1lbnQgaW5jbHVkZXMKICAgbW9kaWZpY2F0aW9ucyBzdGVtbWluZyBmcm9tIGRpc2N1c3Npb25zIHdpdGggYW5kIHN1Z2dlc3Rpb25zIGZyb20KICAgTGFycnkgQWxsZW4sIE5vZWwgQ2hpYXBwYSwgRGF2ZSBDbGFyaywgR2VvZmYgQ29vcGVyLCBNaWtlIEdyZWVud2FsZCwKICAgTGl6YSBNYXJ0aW4sIERhdmlkIFJlZWQsIENyYWlnIE1pbG8gUm9nZXJzIChvZiBVU0MtSVNJKSwgS2F0aHkKICAgWWVsbGljaywgYW5kIHRoZSBhdXRob3IuICBUaGUgYWNrbm93bGVkZ2VtZW50IGFuZCByZXRyYW5zbWlzc2lvbgogICBzY2hlbWUgd2FzIGluc3BpcmVkIGJ5IFRDUCwgYW5kIHRoZSBlcnJv"}
+00410{"flow_id":2,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":91646,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAMAAP8ROXLAqAD9wKgACsW6DXUADKpHAAQAAwAAAAAAAAAAAAAAAAAA"}
+01078{"flow_id":2,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":91675,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkykAAIARI0zAqAAKwKgA\/Q11xboCDB5BAAMABHIgbWVjaGFuaXNtIHdhcyBzdWdnZXN0ZWQgYnkKICAgUEFSQydzIEVGVFAgYWJvcnQgbWVzc2FnZS4KCiAgIFRoZSBNYXksIDE5OTIgcmV2aXNpb24gdG8gZml4IHRoZSAiU29yY2VyZXIncyBBcHByZW50aWNlIiBwcm90b2NvbAogICBidWcgWzRdIGFuZCBvdGhlciBtaW5vciBkb2N1bWVudCBwcm9ibGVtcyB3YXMgZG9uZSBieSBOb2VsIENoaWFwcGEuCgogICBUaGlzIHJlc2VhcmNoIHdhcyBzdXBwb3J0ZWQgYnkgdGhlIEFkdmFuY2VkIFJlc2VhcmNoIFByb2plY3RzIEFnZW5jeQogICBvZiB0aGUgRGVwYXJ0bWVudCBvZiBEZWZlbnNlIGFuZCB3YXMgbW9uaXRvcmVkIGJ5IHRoZSBPZmZpY2Ugb2YgTmF2YWwKICAgUmVzZWFyY2ggdW5kZXIgY29udHJhY3QgbnVtYmVyIE4wMDAxNC03NS1DLTA2NjEuCgoxLiBQdXJwb3NlCgogICBURlRQIGlzIGEgc2ltcGxlIHByb3RvY29sIHRvIHRyYW5zZmVyIGZpbGVzLCBhbmQgdGhlcmVmb3JlIHdhcyBuYW1lZAogICB0aGUgVHJpdmlhbCBGaWxlIFRyYW5zZmVy"}
+00410{"flow_id":2,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":94383,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAQAAP8ROXHAqAD9wKgACsW6DXUADKpGAAQABAAAAAAAAAAAAAAAAAAA"}
+01079{"flow_id":2,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":94416,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyoAAIARI0vAqAAKwKgA\/Q11xboCDGdMAAMABSBQcm90b2NvbCBvciBURlRQLiAgSXQgaGFzIGJlZW4gaW1wbGVtZW50ZWQKICAgb24gdG9wIG9mIHRoZSBJbnRlcm5ldCBVc2VyIERhdGFncmFtIHByb3RvY29sIChVRFAgb3IgRGF0YWdyYW0pIFsyXQoKCgpTb2xsaW5zICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgW1BhZ2UgMV0KDApSRkMgMTM1MCAgICAgICAgICAgICAgICAgICAgVEZUUCBSZXZpc2lvbiAyICAgICAgICAgICAgICAgICAgICBKdWx5IDE5OTIKCgogICBzbyBpdCBtYXkgYmUgdXNlZCB0byBtb3ZlIGZpbGVzIGJldHdlZW4gbWFjaGluZXMgb24gZGlmZmVyZW50CiAgIG5ldHdvcmtzIGltcGxlbWVudGluZyBVRFAuICAoVGhpcyBzaG91bGQgbm90IGV4Y2x1ZGUgdGhlIHBvc3NpYmlsaXR5CiAgIG9mIGltcGxlbWVudGluZyBURlRQIG9uIHRvcCBvZiBvdGhlciBkYXRhZ3JhbSBwcm90b2NvbHMuKSAgSXQgaXMKICAgZGVzaWduZWQgdG8gYmUgc21hbGwgYW5kIGVhc3kgdG8gaW1w"}
+00412{"flow_id":2,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":96993,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAUAAP8ROXDAqAD9wKgACsW6DXUADKpFAAQABQAAAAAAAAAAAAAAAAAA"}
+01080{"flow_id":2,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":97021,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkysAAIARI0rAqAAKwKgA\/Q11xboCDBLwAAMABmxlbWVudC4gIFRoZXJlZm9yZSwgaXQgbGFja3MgbW9zdAogICBvZiB0aGUgZmVhdHVyZXMgb2YgYSByZWd1bGFyIEZUUC4gIFRoZSBvbmx5IHRoaW5nIGl0IGNhbiBkbyBpcyByZWFkCiAgIGFuZCB3cml0ZSBmaWxlcyAob3IgbWFpbCkgZnJvbS90byBhIHJlbW90ZSBzZXJ2ZXIuICBJdCBjYW5ub3QgbGlzdAogICBkaXJlY3RvcmllcywgYW5kIGN1cnJlbnRseSBoYXMgbm8gcHJvdmlzaW9ucyBmb3IgdXNlciBhdXRoZW50aWNhdGlvbi4KICAgSW4gY29tbW9uIHdpdGggb3RoZXIgSW50ZXJuZXQgcHJvdG9jb2xzLCBpdCBwYXNzZXMgOCBiaXQgYnl0ZXMgb2YKICAgZGF0YS4KCiAgIFRocmVlIG1vZGVzIG9mIHRyYW5zZmVyIGFyZSBjdXJyZW50bHkgc3VwcG9ydGVkOiBuZXRhc2NpaSAoVGhpcyBpcwogICBhc2NpaSBhcyBkZWZpbmVkIGluICJVU0EgU3RhbmRhcmQgQ29kZSBmb3IgSW5mb3JtYXRpb24gSW50ZXJjaGFuZ2UiCiAgIFsxXSB3aXRoIHRoZSBtb2RpZmljYXRpb25zIHNwZWNpZmllZCBpbiAi"}
+00413{"flow_id":2,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":99703,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAYAAP8ROW\/AqAD9wKgACsW6DXUADKpEAAQABgAAAAAAAAAAAAAAAAAA"}
+01082{"flow_id":2,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":104726,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkzAAAIARI0XAqAAKwKgA\/Q11xboCDA\/KAAMAB1RlbG5ldCBQcm90b2NvbAogICBTcGVjaWZpY2F0aW9uIiBbM10uKSAgTm90ZSB0aGF0IGl0IGlzIDggYml0IGFzY2lpLiAgVGhlIHRlcm0KICAgIm5ldGFzY2lpIiB3aWxsIGJlIHVzZWQgdGhyb3VnaG91dCB0aGlzIGRvY3VtZW50IHRvIG1lYW4gdGhpcwogICBwYXJ0aWN1bGFyIHZlcnNpb24gb2YgYXNjaWkuKTsgb2N0ZXQgKFRoaXMgcmVwbGFjZXMgdGhlICJiaW5hcnkiIG1vZGUKICAgb2YgcHJldmlvdXMgdmVyc2lvbnMgb2YgdGhpcyBkb2N1bWVudC4pIHJhdyA4IGJpdCBieXRlczsgbWFpbCwKICAgbmV0YXNjaWkgY2hhcmFjdGVycyBzZW50IHRvIGEgdXNlciByYXRoZXIgdGhhbiBhIGZpbGUuICAoVGhlIG1haWwKICAgbW9kZSBpcyBvYnNvbGV0ZSBhbmQgc2hvdWxkIG5vdCBiZSBpbXBsZW1lbnRlZCBvciB1c2VkLikgIEFkZGl0aW9uYWwKICAgbW9kZXMgY2FuIGJlIGRlZmluZWQgYnkgcGFpcnMgb2YgY29vcGVyYXRpbmcgaG9zdHMuCgogICBSZWZlcmVuY2UgWzRdIChzZWN0aW9uIDQuMikg"}
+00413{"flow_id":2,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":107183,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAcAAP8ROW7AqAD9wKgACsW6DXUADKpDAAQABwAAAAAAAAAAAAAAAAAA"}
+01081{"flow_id":2,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1367411052,"pkt_ts_usec":107258,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkzEAAIARI0TAqAAKwKgA\/Q11xboCDBNwAAMACHNob3VsZCBiZSBjb25zdWx0ZWQgZm9yIGZ1cnRoZXIgdmFsdWFibGUKICAgZGlyZWN0aXZlcyBhbmQgc3VnZ2VzdGlvbnMgb24gVEZUUC4KCjIuIE92ZXJ2aWV3IG9mIHRoZSBQcm90b2NvbAoKICAgQW55IHRyYW5zZmVyIGJlZ2lucyB3aXRoIGEgcmVxdWVzdCB0byByZWFkIG9yIHdyaXRlIGEgZmlsZSwgd2hpY2gKICAgYWxzbyBzZXJ2ZXMgdG8gcmVxdWVzdCBhIGNvbm5lY3Rpb24uICBJZiB0aGUgc2VydmVyIGdyYW50cyB0aGUKICAgcmVxdWVzdCwgdGhlIGNvbm5lY3Rpb24gaXMgb3BlbmVkIGFuZCB0aGUgZmlsZSBpcyBzZW50IGluIGZpeGVkCiAgIGxlbmd0aCBibG9ja3Mgb2YgNTEyIGJ5dGVzLiAgRWFjaCBkYXRhIHBhY2tldCBjb250YWlucyBvbmUgYmxvY2sgb2YKICAgZGF0YSwgYW5kIG11c3QgYmUgYWNrbm93bGVkZ2VkIGJ5IGFuIGFja25vd2xlZGdtZW50IHBhY2tldCBiZWZvcmUgdGhlCiAgIG5leHQgcGFja2V0IGNhbiBiZSBzZW50LiAgQSBkYXRhIHBhY2tldCBvZiBsZXNzIHRoYW4g"}
+00502{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00483{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1367411051972,"flow_last_seen":0,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00480{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1626968644630,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00413{"flow_id":3,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1626968644,"pkt_ts_usec":630728,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"}
+00517{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1626968644630,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00479{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_first_seen":1626968644631,"flow_last_seen":0,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00398{"flow_id":4,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1626968644,"pkt_ts_usec":631726,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgqt8AAEARbLCsHAWqrBwFW\/JqrkoADPveAAQAAA=="}
+01167{"flow_id":4,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1626968644,"pkt_ts_usec":632006,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYuhAAEARcqesHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
+01167{"flow_id":4,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1626968644,"pkt_ts_usec":632149,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYulAAEARcqasHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
+00398{"flow_id":4,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1626968644,"pkt_ts_usec":632198,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgquAAAEARbK+sHAWqrBwFW\/JqrkoADPvdAAQAAQ=="}
+00592{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00499{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00481{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_first_seen":1626968644630,"flow_last_seen":0,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
+00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test"}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 104/104
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 26901 bytes
+~~ total detected protocols..: 4
+~~ total active/idle flows...: 4/4
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 1939202 bytes
+~~ total memory freed........: 1939202 bytes
+~~ total allocations/frees...: 35437/35437
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Powered by cgit, Themed by Ted Yin.