diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2021-12-15 23:25:32 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-01-20 00:50:38 +0100 |
| commit | 9e07a57566cc45bf92a845d8cee968d72e0f314e (patch) | |
| tree | 8f1a6bfd08bd68a5253fadf3a01beecda77b1c95 /test/results/zcash.pcap.out | |
| parent | a35fc1d5ea8570609cc0c8cf6edadc81f8f5bb76 (diff) | |
Major nDPId extension. Sorry for the huge commit.
- nDPId: fixed invalid IP4/IP6 tuple compare
- nDPIsrvd: fixed caching issue (finally)
- added tiny c example (can be used to check flow manager sanity)
- c-captured: use flow_last_seen timestamp from `struct nDPIsrvd_flow`
- README.md update: added example JSON sequence
- nDPId: added new flow event `update` necessary for correct
timeout handling (and other future use-cases)
- nDPIsrvd.h and nDPIsrvd.py: switched to an instance
(consists of an alias/source tuple) based flow manager
- every flow related event **must** now serialize `alias`, `source`,
`flow_id`, `flow_last_seen` and `flow_idle_time` to make the timeout
handling and verification process work correctly
- nDPIsrvd.h: ability to profile any dynamic memory (de-)allocation
- nDPIsrvd.py: removed PcapPacket class (unused)
- py-flow-dashboard and py-flow-multiprocess: fixed race condition
- py-flow-info: print statusbar with probably useful information
- nDPId/nDPIsrvd.h: switched from packet-flow only timestamps (`pkt_*sec`)
to a generic flow event timestamp `ts_msec`
- nDPId-test: added additional checks
- nDPId: increased ICMP flow timeout
- nDPId: using event based i/o if capturing packets from a device
- nDPIsrvd: fixed memory leak on shutdown if remote descriptors
were still connected
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test/results/zcash.pcap.out')
| -rw-r--r-- | test/results/zcash.pcap.out | 41 |
1 files changed, 15 insertions, 26 deletions
diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out index f689615be..0dadf62c1 100644 --- a/test/results/zcash.pcap.out +++ b/test/results/zcash.pcap.out @@ -1,34 +1,23 @@ -00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":10000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255} -00492{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1514196094240,"flow_last_seen":1514196094240,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00433{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":240063,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} -00435{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322725,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} -00422{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322778,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"} -00773{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":322947,"pkt_caplen":326,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":326,"pkt_l4_len":292,"pkt":"fmgbW\/gUcIXCQA64CABFAAE4ux9AAEAGRKLAqAJcsiDE2deWI1qAnf86I+a9J4AYAOWIhgAAAQEICk+Ou8XshW\/8eyJtZXRob2QiOiJsb2dpbiIsInBhcmFtcyI6eyJsb2dpbiI6IjRCQ2VFUGhvZGdQTWJQV0ZOMWRQd2hXWGRSWDhxNG1oaGRaZEExZHRTTUxUTENFWXZBajlRWGpYQWZGN0N1Z0VibWZCaGdrcUhiZGdLOWIyd0tBNm5xUlpRQ2d2Q0RtLmNiMmI3MzQxNWM0ZmFmMjE0MDM1YTczYjlkOTQ3YzIwMjM0MmYzYmYzYmRmNjMyMTMyYmQ2ZDdhZjk4Y2IyNTcucnl6ZW4iLCJwYXNzIjoieCIsImFnZW50IjoieG1yLXN0YWstY3B1LzEuMy4wLTEuNS4wIn0sImlkIjoxfQo="} -00606{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00421{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":405351,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"cIXCQA64fmgbW\/gUCABFAAA0zTZAADMGQI+yIMTZwKgCXCNa15Yj5r0ngJ4APoAQADl3vwAAAQEICuyFcBFPjrvF"} -00828{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":406828,"pkt_caplen":369,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":369,"pkt_l4_len":335,"pkt":"cIXCQA64fmgbW\/gUCABFAAFjzTdAADMGP1+yIMTZwKgCXCNa15Yj5r0ngJ4APoAYADnxwAAAAQEICuyFcBFPjrvFeyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2IiOnsiYmxvYiI6IjA2MDZlODk4ODNkMjA1YTY1ZDhlZTc4OTkxODM4YTFjZjNlYzJlYmJjNWZiMWZhNDNkZWM1ZmExY2QyYmVlNDA2OTIxMmE1NDljZDczMTAwMDAwMDAwNWE4ODIzNTY1MzA5N2FhM2U5N2VmMmNlZWY0YWVlNjEwNzUxYTgyOGY5YmUxYTA3NThhNzgzNjVmYjBhNGM4YzA1Iiwiam9iX2lkIjoiNzIyMTM0MTc0MTI3MTMxIiwidGFyZ2V0IjoiZGM0NjAzMDAifSwic3RhdHVzIjoiT0sifX0K"} -00421{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196094,"pkt_ts_usec":406901,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyBAAEAGRaXAqAJcsiDE2deWI1qAngA+I+a+VoAQAO11xwAAAQEICk+Ou9rshXAR"} -00668{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196106,"pkt_ts_usec":556737,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"fmgbW\/gUcIXCQA64CABFAADruyFAAEAGRO3AqAJcsiDE2deWI1qAngA+I+a+VoAYAO27KwAAAQEICk+Ox7jshXAReyJtZXRob2QiOiJzdWJtaXQiLCJwYXJhbXMiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2JfaWQiOiI3MjIxMzQxNzQxMjcxMzEiLCJub25jZSI6Ijk4MDI0MDAxIiwicmVzdWx0IjoiYzliZTkzODFhNjhkNTMzYzA1OWQ2MTRkOTYxZTA1MzRkN2Q4Nzg1ZGQ1YzMzOWMyZjk1OTZlYjk1ZjMyMDEwMCJ9LCJpZCI6MX0K"} -00507{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196106,"pkt_ts_usec":668425,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"cIXCQA64fmgbW\/gUCABFAABzzThAADMGQE6yIMTZwKgCXCNa15Yj5r5WgJ4A9YAYADmdhwAAAQEICuyFfApPjse4eyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsic3RhdHVzIjoiT0sifX0K"} -00423{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196106,"pkt_ts_usec":668470,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyJAAEAGRaPAqAJcsiDE2deWI1qAngD1I+a+lYAQAO1c3gAAAQEICk+Ox9TshXwK"} -00670{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196109,"pkt_ts_usec":287307,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"fmgbW\/gUcIXCQA64CABFAADruyNAAEAGROvAqAJcsiDE2deWI1qAngD1I+a+lYAYAO0qZAAAAQEICk+OymLshXwKeyJtZXRob2QiOiJzdWJtaXQiLCJwYXJhbXMiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2JfaWQiOiI3MjIxMzQxNzQxMjcxMzEiLCJub25jZSI6ImIxMDM4MDAxIiwicmVzdWx0IjoiZjg0NTk2YTQ4ZTU3NjgzZjZiNTYwOGNjNWQzNGY0ZWExZjY0ZGJmYTJiYTM5N2I5MTQyNjI2YjlkOWI5MDEwMCJ9LCJpZCI6MX0K"} -00509{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196109,"pkt_ts_usec":400817,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"cIXCQA64fmgbW\/gUCABFAABzzTlAADMGQE2yIMTZwKgCXCNa15Yj5r6VgJ4BrIAYADmXOwAAAQEICuyFfrZPjspieyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsic3RhdHVzIjoiT0sifX0K"} -00424{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196109,"pkt_ts_usec":400850,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0uyRAAEAGRaHAqAJcsiDE2deWI1qAngGsI+a+1IAQAO1WkQAAAQEICk+Oyn\/shX62"} -00670{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196116,"pkt_ts_usec":332032,"pkt_caplen":249,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":249,"pkt_l4_len":215,"pkt":"fmgbW\/gUcIXCQA64CABFAADruyVAAEAGROnAqAJcsiDE2deWI1qAngGsI+a+1IAYAO2rlwAAAQEICk+O0UPshX62eyJtZXRob2QiOiJzdWJtaXQiLCJwYXJhbXMiOnsiaWQiOiI0NzkwNTk1NDY4ODMyMTgiLCJqb2JfaWQiOiI3MjIxMzQxNzQxMjcxMzEiLCJub25jZSI6IjYzMDU4MDAwIiwicmVzdWx0IjoiYzgxMTEzMWE2Yjk3N2M3MmYwYjBmOWNkYzg0ODk3M2NlNGJlOGZiZDI4NmYzNTgzZmRlMGVhZWZhOGY3MDAwMCJ9LCJpZCI6MX0K"} -00509{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"zcash.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1514196116,"pkt_ts_usec":444796,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":129,"pkt_l4_len":95,"pkt":"cIXCQA64fmgbW\/gUCABFAABzzTpAADMGQEyyIMTZwKgCXCNa15Yj5r7UgJ4CY4AYADmIgwAAAQEICuyFhZdPjtFDeyJpZCI6MSwianNvbnJwYyI6IjIuMCIsImVycm9yIjpudWxsLCJyZXN1bHQiOnsic3RhdHVzIjoiT0sifX0K"} -00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15} -00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test"} +00439{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7460000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255} +00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1514196094240,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1514196094240,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196094240,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} +00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"ts_msec":1514196094322,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} +00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"ts_msec":1514196094322,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"} +00663{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","22":"Unsafe Protocol"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} +00560{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} +00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","total-events-serialized":8} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 145/145 ~~ skipped flows.............: 0 -~~ total layer4 data length..: 15714 bytes +~~ total layer4 data length..: 11022 bytes ~~ total detected protocols..: 1 ~~ total active/idle flows...: 1/1 +~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 1942529 bytes -~~ total memory freed........: 1942529 bytes +~~ total memory allocated....: 1942585 bytes +~~ total memory freed........: 1942585 bytes ~~ total allocations/frees...: 35486/35486 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 131 chars -~~ json string max len.......: 833 chars -~~ json string avg len.......: 555 chars +~~ json string min len.......: 159 chars +~~ json string max len.......: 668 chars +~~ json string avg len.......: 475 chars |