Added layer4 payload length bins.

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2022-09-19 10:14:37 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-19 10:14:37 +0200
commit: 015a739efda638737adeed521ca5ba43708949f0 (patch)
tree: e4da6a2f5afc6f451911bd34369d6ef334a66153 /test/results/wireguard.pcap.out
parent: 31715295d9c2ec580483c089a33f660b21e5539b (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out
index eccd26e32..9377e93ca 100644
--- a/test/results/wireguard.pcap.out
+++ b/test/results/wireguard.pcap.out
@@ -5,7 +5,7 @@
 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1563973554628780,"flow_dst_last_pkt_time":1563973554628757,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1563973554628780,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"}
 00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1563973554628780,"flow_dst_last_pkt_time":1563973554628915,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_usec":1563973554628915,"pkt":"ABAY3q0FOCxKuzMdCABFAAB8LYcAAEARP\/TAqAAOi6LAnY0UymwAaNyeBAAAAG2mYV5wAAAAAAAAAAo35XrmOHswcilnP2QelKUcrUyMt+9zQAFDeYSUJyyw9BNkc7uq5jhjxm51P1MBuT08PEWRrzriFSk+BrqayZkHU3Oi+bUZJb76bMmarQhF"}
 00874{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973554628780,"flow_dst_last_pkt_time":1563973554642219,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":144,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":944,"flow_dst_tot_l4_payload_len":368,"midstream":0,"thread_ts_usec":1563973554642219,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
-01357{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973564026392,"flow_dst_last_pkt_time":1563973564026499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":4816,"flow_dst_tot_l4_payload_len":2160,"midstream":0,"thread_ts_usec":1563973564026499,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":23,"flow_avg":606302.4,"flow_max":5525882,"flow_stddev":1489465.9,"c_to_s_min":23,"c_to_s_avg":522090.8,"c_to_s_max":5525873,"c_to_s_stddev":1395886.9,"s_to_c_min":158,"s_to_c_avg":722903.2,"s_to_c_max":5525882,"s_to_c_stddev":1602794.9},"pktlen": {"c_to_s_min":138,"c_to_s_avg":295.5,"c_to_s_max":842,"c_to_s_stddev":218.5,"s_to_c_min":138,"s_to_c_avg":208.2,"s_to_c_max":314,"s_to_c_stddev":79.8}},"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
+01583{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973564026392,"flow_dst_last_pkt_time":1563973564026499,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":96,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":800,"flow_dst_max_l4_payload_len":272,"flow_src_tot_l4_payload_len":4816,"flow_dst_tot_l4_payload_len":2160,"midstream":0,"thread_ts_usec":1563973564026499,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":23,"flow_avg":606302.4,"flow_max":5525882,"flow_stddev":1489465.9,"c_to_s_min":23,"c_to_s_avg":522090.8,"c_to_s_max":5525873,"c_to_s_stddev":1395886.9,"s_to_c_min":158,"s_to_c_avg":722903.2,"s_to_c_max":5525882,"s_to_c_stddev":1602794.9},"pktlen": {"c_to_s_min":138,"c_to_s_avg":295.5,"c_to_s_max":842,"c_to_s_stddev":218.5,"s_to_c_min":138,"s_to_c_avg":208.2,"s_to_c_max":314,"s_to_c_stddev":79.8},"bins": {"c_to_s": [0,0,0,6,7,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,7,1,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]}},"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00929{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1654,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":949,"flow_dst_packets_processed":704,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973742644251,"flow_dst_last_pkt_time":1563973742495194,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1362,"flow_dst_max_l4_payload_len":1362,"flow_src_tot_l4_payload_len":356036,"flow_dst_tot_l4_payload_len":108870,"midstream":0,"thread_ts_usec":1563973742644251,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00931{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2391,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1358,"flow_dst_packets_processed":1032,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973930443496,"flow_dst_last_pkt_time":1563973930443700,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1362,"flow_dst_max_l4_payload_len":1362,"flow_src_tot_l4_payload_len":460922,"flow_dst_tot_l4_payload_len":171590,"midstream":0,"thread_ts_usec":1563973930443700,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
 00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":1362,"flow_dst_packets_processed":1037,"flow_first_seen":1563973554628757,"flow_src_last_pkt_time":1563973935842428,"flow_dst_last_pkt_time":1563973935624796,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":32,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1362,"flow_dst_max_l4_payload_len":1362,"flow_src_tot_l4_payload_len":461322,"flow_dst_tot_l4_payload_len":172102,"midstream":0,"thread_ts_usec":1563973935842428,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"WireGuard","proto_id":"206","encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
@@ -18,9 +18,9 @@
 ~~ total active/idle flows...: 1/1
 ~~ total timeout flows.......: 0
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6105552 bytes
-~~ total memory freed........: 6105552 bytes
-~~ total allocations/frees...: 123886/123886
+~~ total memory allocated....: 6105680 bytes
+~~ total memory freed........: 6105680 bytes
+~~ total allocations/frees...: 123888/123888
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 ~~ json string min len.......: 480 chars
 ~~ json string max len.......: 1592 chars
author	Toni Uhlig <matzeton@googlemail.com>	2022-09-19 10:14:37 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-19 10:14:37 +0200
commit	015a739efda638737adeed521ca5ba43708949f0 (patch)
tree	e4da6a2f5afc6f451911bd34369d6ef334a66153 /test/results/wireguard.pcap.out
parent	31715295d9c2ec580483c089a33f660b21e5539b (diff)