diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2022-03-21 15:56:01 +0100 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2022-03-21 15:56:01 +0100 |
| commit | c0b7bdacbc15c1cf5eaeb9faefc088aa698e94ba (patch) | |
| tree | 90fcd8d0b791133082987af4aacbd24041e63bf3 /test | |
| parent | daaaa615197d8551457ecf926f6df30c6482a70a (diff) | |
Reworked nDPIsrvd.h C-API.
* nDPIsrvd.h: Provide nDPId thread storage.
* nDPIsrvd.py: Fixed instance cleanup bug.
* nDPIsrvd.h: Support for instance/thread user data and cleanup callback.
* nDPIsrvd.h: Most recent flow time stored in thread ht instead of instance ht.
* nDPId: Moved flow logger out the memory profilier into SIGUSR1 signal handling.
* nDPId: Added signal fd to be usable within epoll's event handling (live-capture only!)
* nDPId: Added information about ZLib compressions to daemon status/shutdown events.
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
Diffstat (limited to 'test')
264 files changed, 1203 insertions, 1203 deletions
diff --git a/test/results/1kxun.pcap.out b/test/results/1kxun.pcap.out index 1350ca85d..c13097ee2 100644 --- a/test/results/1kxun.pcap.out +++ b/test/results/1kxun.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"1kxun.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1470104373025} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1470104373025} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1470104373025,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":68,"pkt_l4_len":34,"thread_ts_msec":1470104373025,"pkt":"AQBeAAD8SNIkYzEACABFAAA2OooAAAER2FzAqAUs4AAA\/OizFOsAIin75qEAAAABAAAAAAAACGphc29uLVBDAAD\/AAE="} 00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104373025,"flow_last_seen":1470104373025,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1470104373025,"l3_proto":"ip4","src_ip":"192.168.5.44","dst_ip":"224.0.0.252","src_port":59571,"dst_port":5355,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} @@ -692,7 +692,7 @@ 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":86,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470104401904,"flow_last_seen":1470104401904,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"59.120.208.212","dst_ip":"255.255.255.255","src_port":32768,"dst_port":1947,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1470104420541,"flow_last_seen":1470104420541,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip4","src_ip":"192.168.3.236","dst_ip":"224.0.0.252","src_port":59730,"dst_port":5355,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"LLMNR","breed":"Acceptable","category":"Network"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","flow_id":84,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1470104400162,"flow_last_seen":1470104408559,"flow_idle_time":180000,"flow_min_l4_payload_len":448,"flow_max_l4_payload_len":528,"flow_tot_l4_payload_len":7929,"flow_avg_l4_payload_len":495,"midstream":0,"thread_ts_msec":1470104433789,"l3_proto":"ip6","src_ip":"fe80::9bd:81dd:2fdc:5750","dst_ip":"ff02::c","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00489{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1439,"packets-processed":1439,"total-skipped-flows":0,"total-l4-data-len":552863,"total-not-detected-flows":14,"total-guessed-flows":8,"total-detected-flows":107,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":129,"total-idle-flows":129,"total-events-serialized":695,"global_ts_msec":1470104433789} +00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1439,"source":"1kxun.pcap","alias":"nDPId-test","packets-captured":1439,"packets-processed":1439,"total-skipped-flows":0,"total-l4-data-len":552863,"total-not-detected-flows":14,"total-guessed-flows":8,"total-detected-flows":107,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":129,"total-idle-flows":129,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":695,"global_ts_msec":1470104433789} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1439/1439 ~~ skipped flows.............: 0 @@ -701,8 +701,8 @@ ~~ total active/idle flows...: 129/129 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4905674 bytes -~~ total memory freed........: 4905674 bytes +~~ total memory allocated....: 4905698 bytes +~~ total memory freed........: 4905698 bytes ~~ total allocations/frees...: 103044/103044 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars diff --git a/test/results/443-chrome.pcap.out b/test/results/443-chrome.pcap.out index 335f626a1..23f327549 100644 --- a/test/results/443-chrome.pcap.out +++ b/test/results/443-chrome.pcap.out @@ -1,10 +1,10 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1581109434258} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109434258} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1506,"pkt_l4_len":1472,"thread_ts_msec":1581109434258,"pkt":"KDc3AG3IEBMx8Tl2CABFAAXUL9xAADQG19GyPsWCwKgBDQG7z0OMwKr+Oj0RjoAQAfVXrQAAAQEICiUvy0seKwePAbBkhQkGDSwXAwMFJB7ULkZYT314CXk9r8PlYJygP344H6B+ItT1QydBOUTT\/6D31GPVzKtOQjSVxhbT8njy8fnLCF03csGz4\/Y1RkgUVmI84ERVBP7zbdzqFVMxHmkRU4146\/GYpGt09JudxRaBFBE6RH99GaIPOIBgIxL+lVzyEaqTle8b2ooKlmYXANwIghY6MzW7vfR0m2NAd4\/mImO8\/LyUCeGK0r\/puyNRW7lwQQMAmHKJdbXl9VyEWyHoVGg2V7UztPOOS9FaOf7PI0qXcHmQjpNhC3tUdKXBoA5lr9L4gV9TtzI0jsGqvB9N6GFz+qcMvQNu9oMflyIYBhNXeC+wMS3iHkbmb6YjZ1BITgZEep9Fizk45i3xCMymSmOsda0ujEX4jtgvxVvAdOobavQSODmvW7nF0r5t9e88tMuzTz7+vTqoOaJn4Q5qSGioRtcVHnLq2LNPOuGgbZaLvf8nOa3F\/fTzsfVgOnrof2PK7x6zJRR4iLtFUyiyV0abVTIHELfIYnSCf71pFYSlMWF1kbosbMAxw+8gDHb28maLs7wPXvpNMwUQmC5zWPLwG8e+Pf\/3nur0wrn5EOul2L1tr2PBCGM7nQJnzz+Ftab4qAnCKKMUrufRAVhXA6Ue6CMSRLYliOxzGRgmHVxorbbpx87m7XMCx1xGrv\/+sMpgjOYFPN80vjeb9Ar4xkocVQgWuuKpaWdNDznMzFzG0+H1ekKy8mE\/Y4uj8aty0rTxx\/RK0gYF2CUtsmGNskEzCWUbq5MAqcp05SHkAJHGGJeLVJYaWPvGXbFa5QHn9poomy6DBa+Zu\/J+olJwYCoT+frN77wk+XmgZEGX8LeovmjP4s1R+UbEFUsUMksh6m15XB\/oDSc43HBC0ZN2fBl+EVSpfPjbG\/eOyIfLCt5fbBfnhNgvommX5LE+2Hk1er+ly1V3Bk3SksoPHjYC3atFWwOW8i0ksy3cnSr3r7urFNldk3MU3+jnEXfTimw+aCW1vRMowhmfm8PlgjcufRfy+KbXvWvcglQ5SIZzkHbMTgRIVTH0rnzAvQa5V3qwPK10Uoz7qDIouhn\/mb\/ZISHF6mBR\/IXvmgdDxCQjDF0pzdpHGlijQnscX9IYmuALydf\/N95pDI1Ksot3SwlV+ToeoAcOu03ffeX9ZWtpGReoSSLBreVK2S9eOKb7ts0O5zIIo7KsqQiv\/vBgScz8WXOWpxQ\/yJVR5ay52w6EYcainLIU7Xbc\/tjzrhulig3U\/8LJroIUx7FTN+1M\/XXQgxU1xPwXfZVd2BCyLjPf3LnCxXwnRvsKpAN+jMhuodhLSF7CgHqc20YiiLhRoKoX9HTNFjjp4NCVuyybqoR14grCEsHZOU2qhA+8BZe5VlL7unSunUXcr1PeN9gM5Jq4MVqPdpyzDhvJpSxU3Hx+L1u56H6J0VrRo\/R6fO225uB9ZADFU\/E9+rLvS3XjVihQI4Xj3oV8Yz2DHOUB7myCSIfri88nrYevcoAQbwAgIH3ZuvMVV+F7spgWZOgjijLQs9AFYfhIg77XK7GhiJW4kT1GNIqN\/59u+gIdPmDuGurVucPbruilLRCDIsr+53Us+irmCwo\/E2YPbk4a0f3NX0k+rNo92g1D9wTfG3QFRXLoBVDcr2q9BeW0PVJsavNUQM+jFbQkjfp93AvyPnmEBcWXIT002jYiClr1Y1\/emkCZ90t5YN1lLX5fUvWWgwvQ8NqFZ2zWMZciPkbKDA3g3Y+AskVzW3FFBLqR77\/aXs+9FwMDBSQUQnjU3ptBoEOyx5s5g6C1C+gxkfWLgzLDV66R77tBk395nAfOwKbaxf02lWN9Kl7ER9qk1HP5doNJPo83hbomHGy3aIU4qtqfnGI\/DWje6wuZoh6zDMTlo3NI6IL\/slMBsWm6kBIHkYOp"} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109434258,"flow_last_seen":1581109434258,"flow_idle_time":7440000,"flow_min_l4_payload_len":1440,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":1440,"midstream":1,"thread_ts_msec":1581109434258,"l3_proto":"ip4","src_ip":"178.62.197.130","dst_ip":"192.168.1.13","src_port":443,"dst_port":53059,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1581109434258} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"443-chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1440,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1581109434258} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,8 +13,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681875 bytes -~~ total memory freed........: 4681875 bytes +~~ total memory allocated....: 4681899 bytes +~~ total memory freed........: 4681899 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/443-curl.pcap.out b/test/results/443-curl.pcap.out index 75775a5f2..0e3045040 100644 --- a/test/results/443-curl.pcap.out +++ b/test/results/443-curl.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-curl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1581113120474} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113120474} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113120474,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113120474,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113120474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113120474,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7FgtjjAbvMd3aVAAAAALAC\/\/97wQAAAgQFtAEDAwUBAQgKHmJFtwAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113120512,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113120512,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG72OOPktF9zHd2lqAS\/oj9JgAAAgQFrAQCCAolaAqTHmJFtwEDAwc="} @@ -8,7 +8,7 @@ 00897{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581113120474,"flow_last_seen":1581113120563,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581113120563,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 01099{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113120474,"flow_last_seen":1581113120564,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581113120564,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} 00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":109,"flow_first_seen":1581113120474,"flow_last_seen":1581113121570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":66816,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1581113121570,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":55523,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-data-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1581113121570} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":109,"source":"443-curl.pcap","alias":"nDPId-test","packets-captured":109,"packets-processed":109,"total-skipped-flows":0,"total-l4-data-len":66816,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113121570} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 109/109 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4687875 bytes -~~ total memory freed........: 4687875 bytes +~~ total memory allocated....: 4687899 bytes +~~ total memory freed........: 4687899 bytes ~~ total allocations/frees...: 101258/101258 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/443-firefox.pcap.out b/test/results/443-firefox.pcap.out index e491506ba..1be70a3ea 100644 --- a/test/results/443-firefox.pcap.out +++ b/test/results/443-firefox.pcap.out @@ -1,5 +1,5 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1581109488041} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109488041} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109488041,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109488041,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109488041,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109488041,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs9oAbstYO2oAAAAALAC\/\/8dyQAAAgQFtAEDAwUBAQgKHivVZQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109488079,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109488079,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7z2h4KhDzLWDtqaAS\/ojkXQAAAgQFrAQCCAolMJ2OHivVZQEDAwc="} @@ -8,7 +8,7 @@ 00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 01165{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109488041,"flow_last_seen":1581109488123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3397,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1581109488123,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"3653a20186a5b490426131a611e01992","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} 00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":667,"flow_first_seen":1581109488041,"flow_last_seen":1581109496480,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":414073,"flow_avg_l4_payload_len":620,"midstream":0,"thread_ts_msec":1581109496480,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53096,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-data-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1581109496480} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":667,"source":"443-firefox.pcap","alias":"nDPId-test","packets-captured":667,"packets-processed":667,"total-skipped-flows":0,"total-l4-data-len":414073,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109496480} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 667/667 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4704111 bytes -~~ total memory freed........: 4704111 bytes +~~ total memory allocated....: 4704135 bytes +~~ total memory freed........: 4704135 bytes ~~ total allocations/frees...: 101817/101817 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars diff --git a/test/results/443-git.pcap.out b/test/results/443-git.pcap.out index f2d225d59..426d07f10 100644 --- a/test/results/443-git.pcap.out +++ b/test/results/443-git.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1581113657633} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581113657633} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581113657633,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581113657633,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581113657633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581113657633,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGeqzAqAENjFJyBNnAAbv0\/p5\/AAAAALAC\/\/+NzAAAAgQFtAEDAwUBAQgKHmpbwAAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581113657744,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581113657744,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADIGiLCMUnIEwKgBDQG72cCAzdDM9P6egKASb0C\/0wAAAgQFnAQCCAoOCxAaHmpbwAEDAwo="} @@ -8,7 +8,7 @@ 00903{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1941,"flow_avg_l4_payload_len":388,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} 01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581113657633,"flow_last_seen":1581113657863,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":4067,"flow_avg_l4_payload_len":581,"midstream":0,"thread_ts_msec":1581113657863,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"github.com","server_names":"github.com,www.github.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA","subjectDN":"C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com","alpn":"http\/1.1","fingerprint":"CA:06:F5:6B:25:8B:7A:0D:4F:2B:05:47:09:39:47:86:51:15:19:84"}} 00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":70,"flow_first_seen":1581113657633,"flow_last_seen":1581113658456,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":32585,"flow_avg_l4_payload_len":465,"midstream":0,"thread_ts_msec":1581113658456,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"140.82.114.4","src_port":55744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Github","breed":"Acceptable","category":"Collaborative"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-data-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1581113658456} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"443-git.pcap","alias":"nDPId-test","packets-captured":70,"packets-processed":70,"total-skipped-flows":0,"total-l4-data-len":32585,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581113658456} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 70/70 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4690254 bytes -~~ total memory freed........: 4690254 bytes +~~ total memory allocated....: 4690278 bytes +~~ total memory freed........: 4690278 bytes ~~ total allocations/frees...: 101221/101221 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/443-opvn.pcap.out b/test/results/443-opvn.pcap.out index 4cab7d513..2afc51725 100644 --- a/test/results/443-opvn.pcap.out +++ b/test/results/443-opvn.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-opvn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1581153175528} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581153175528} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581153175528,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581153175528,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581153175528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581153175528,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+EfAqAFUwAzAZ87tBKpga1quAAAAALAC\/\/\/PlAAAAgQFtAEDAwUBAQgKFg2AOQAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581153175550,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGAkzADMBnwKgBVASqzu1gWZU1YGtar6AScSBwigAAAgQFrAQCCAocQO0VFg2AOQEDAwY="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1581153175550,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1581153175550,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+FPAqAFUwAzAZ87tBKpga1qvYFmVNoAQECwALgAAAQEIChYNgE0cQO0V"} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581153175528,"flow_last_seen":1581153176626,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1581153176626,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00684{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1581153175528,"flow_last_seen":1581153184491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":8517,"flow_avg_l4_payload_len":185,"midstream":0,"thread_ts_msec":1581153184491,"l3_proto":"ip4","src_ip":"192.168.1.84","dst_ip":"192.12.192.103","src_port":52973,"dst_port":1194,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-data-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1581153184491} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":46,"source":"443-opvn.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":46,"total-skipped-flows":0,"total-l4-data-len":8517,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1581153184491} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 46/46 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4683180 bytes -~~ total memory freed........: 4683180 bytes +~~ total memory allocated....: 4683204 bytes +~~ total memory freed........: 4683204 bytes ~~ total allocations/frees...: 101190/101190 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/443-safari.pcap.out b/test/results/443-safari.pcap.out index 2139342f1..e7794792a 100644 --- a/test/results/443-safari.pcap.out +++ b/test/results/443-safari.pcap.out @@ -1,5 +1,5 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"443-safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1581109359601} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1581109359601} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1581109359601,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1581109359601,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1581109359601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1581109359601,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGAULAqAENsj7Fgs8nAbvmgoUNAAAAALAC\/\/+6MQAAAgQFtAEDAwUBAQgKHinouAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1581109359639,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1581109359639,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGDUayPsWCwKgBDQG7zyeqmyMX5oKFDqAS\/ogx6QAAAgQFrAQCCAolLqfYHinouAEDAwc="} @@ -8,7 +8,7 @@ 00941{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1673,"flow_avg_l4_payload_len":278,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 01143{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1581109359601,"flow_last_seen":1581109359683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3113,"flow_avg_l4_payload_len":444,"midstream":0,"thread_ts_msec":1581109359683,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.ntop.org","server_names":"www.ntop.org","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"f9fcb52580329fb6a9b61d7542087b90","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=www.ntop.org","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"DB:A7:E4:3E:6D:BB:21:AB:68:47:35:E8:0B:8F:15:DF:DB:C7:C9:6F"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1581109359601,"flow_last_seen":1581109360696,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17203,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1581109360696,"l3_proto":"ip4","src_ip":"192.168.1.13","dst_ip":"178.62.197.130","src_port":53031,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-data-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1581109360696} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":41,"source":"443-safari.pcap","alias":"nDPId-test","packets-captured":41,"packets-processed":41,"total-skipped-flows":0,"total-l4-data-len":17203,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1581109360696} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 41/41 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685933 bytes -~~ total memory freed........: 4685933 bytes +~~ total memory allocated....: 4685957 bytes +~~ total memory freed........: 4685957 bytes ~~ total allocations/frees...: 101190/101190 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/4in4tunnel.pcap.out b/test/results/4in4tunnel.pcap.out index 7b442c6d2..290d2c04b 100644 --- a/test/results/4in4tunnel.pcap.out +++ b/test/results/4in4tunnel.pcap.out @@ -1,20 +1,20 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1537044271794} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1537044271794} 00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537044271794} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1537058551803} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_msec":1537058551803} 00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537058551803} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1537082929816} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1537082929816} 00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537082929816} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":11,"global_ts_msec":1537138237839} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1537138237839} 00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537138237839} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":14,"global_ts_msec":1537165843864} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1537165843864} 00187{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537165843864} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":17,"global_ts_msec":1537165843864} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1537165843864} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/0 ~~ skipped flows.............: 0 @@ -23,10 +23,10 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 192 chars -~~ json string max len.......: 496 chars -~~ json string avg len.......: 343 chars +~~ json string max len.......: 555 chars +~~ json string avg len.......: 372 chars diff --git a/test/results/4in6tunnel.pcap.out b/test/results/4in6tunnel.pcap.out index bc53b3ab7..7690fd5dd 100644 --- a/test/results/4in6tunnel.pcap.out +++ b/test/results/4in6tunnel.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1543235434019} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1543235434019} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1543235434019,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQAANHvwQAB\/BqsfwKgAAQoKCgH7xwG73+E+ggAAAACAAv\/\/fqUAAAIEBYQBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1543235434019,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":154,"pkt_l4_len":52,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAADQEPTRKupQVKqw0AAAAAAAAACoi4BaF7ac4zFi98\/GqPyLYRQAANEufQABhBvlwCgoKAcCoAAEBu\/vHAwzKjt\/hPoOAEv\/\/sQUAAAIEBXgBAwMIAQEEAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00874{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1543235434019,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":366,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":366,"pkt_l4_len":264,"thread_ts_msec":1543235434019,"pkt":"AAECunaOAAAASfSHht1gAAAAAQgEPyLgFoXtpzjMWL3z8ao\/Itg0SrqUFSqsNAAAAAAAAAAqRQABCHv3QAB\/BqpEwKgAAQoKCgH7xwG73+E+gwMMyo9QGAQA0icAABYDAwDbAQAA1wMDW5uXE0\/QFYUpkWO+HpgF5MI5wT9TQj14SroSH1Zl8oggjz8AALXLO9H2rxfCGsjqy7cU6\/NXDrPxEswgEUGVcfAAJsAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwAKAQAAaAAAABEADwAADHd3dy5iaW5nLmNvbQAKAAgABgAdABcAGAALAAIBAAANABQAEgQBBQECAQQDBQMCAwICBgEGAwAjAAAAEAAOAAwCaDIIaHR0cC8xLjEAFwAAABgABgAKAwIBAP8BAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1543235434019,"flow_last_seen":1543235434019,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":1780,"flow_avg_l4_payload_len":445,"midstream":0,"thread_ts_msec":1543235434019,"l3_proto":"ip6","src_ip":"22e0:1685:eda7:38cc:58bd:f3f1:aa3f:22d8","dst_ip":"344a:ba94:152a:ac34::2a","l4_proto":4,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IP_in_IP","breed":"Acceptable","category":"Network"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1543235434019} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"4in6tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":1780,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1543235434019} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679914 bytes -~~ total memory freed........: 4679914 bytes +~~ total memory allocated....: 4679938 bytes +~~ total memory freed........: 4679938 bytes ~~ total allocations/frees...: 101147/101147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/6in4tunnel.pcap.out b/test/results/6in4tunnel.pcap.out index 8f23e835f..44bf13c48 100644 --- a/test/results/6in4tunnel.pcap.out +++ b/test/results/6in4tunnel.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1444236893450} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1444236893450} 00550{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444236893450,"flow_last_seen":1444236893450,"flow_idle_time":600000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1444236893450,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444236893450,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1444236893450,"pkt":"ACKQ3jvZAAAkzoE0CABFAAB8tYFAAP8pFzeuA0kYuGn\/GmAAAAAAQDo\/IAEEcB8XAT8+lw7\/\/nNN7CYEqIAAAQAgAAAAAAIksAGAAOC9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444236893555,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1444236893555,"pkt":"AAAkzoE0ACKQ3jvZCABFAAB8xlZAAPgpDWK4af8argNJGGAAAAAAQDo3JgSogAABACAAAAAAAiSwASABBHAfFwE\/PpcO\/\/5zTeyBAN+9XY8BWl1OFVYAAAAAqN0GAAAAAAAQERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3"} 00652{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1444236894230,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":200,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":200,"pkt_l4_len":166,"thread_ts_msec":1444236894230,"pkt":"ACKQ3jvZAAAkzoE0CABFAAC6tdFAAP8pFqmuA0kYuGn\/GmAAAAAAfjpAIAEEcB8WAT8AAAAAAAAAAiYEqIAAAQAgAAAAAAIksAEBA9KAAAAAAGAAAAAATgY2JgSogAABACAAAAAAAiSwASABBHAfFwE\/JaMykhb5LOAD4exLUvt9fRlwFpiAGABJEPkAAAEBCAq0MT0ACHX6xhcDAwApoxPniAjxmmXGKxqxVV6nOvla9FPS7Dtl2rRDlmVhpOKK9OFyB\/XihP8="} 00569{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":32,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1444236893450,"flow_last_seen":1444236901127,"flow_idle_time":600000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1877,"flow_tot_l4_payload_len":6924,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1444236901127,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":127,"flow_first_seen":1444236893450,"flow_last_seen":1444236915586,"flow_idle_time":600000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":1877,"flow_tot_l4_payload_len":35975,"flow_avg_l4_payload_len":283,"midstream":0,"thread_ts_msec":1444236915586,"l3_proto":"ip4","src_ip":"174.3.73.24","dst_ip":"184.105.255.26","l4_proto":41,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00480{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-data-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1444236915586} +00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"6in4tunnel.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-data-len":35975,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1444236915586} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4683481 bytes -~~ total memory freed........: 4683481 bytes +~~ total memory allocated....: 4683505 bytes +~~ total memory freed........: 4683505 bytes ~~ total allocations/frees...: 101270/101270 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/6in6tunnel.pcap.out b/test/results/6in6tunnel.pcap.out index 89b2ed392..79e88fd77 100644 --- a/test/results/6in6tunnel.pcap.out +++ b/test/results/6in6tunnel.pcap.out @@ -1,5 +1,5 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"6in6tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1335197872162} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1335197872162} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872162,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1335197872162,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1335197872162,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAAht1gAAAAADQpQCABBPgABAAHAuCB\/\/5S\/\/8gAQT4AAQABwLggf\/+UpprYAAAAAAMEUDerQAAAAAAAAAAAAAAAL7vyv4AAAAAAAAAAAAAAAC6vnUwMsgADIPSWFhYWA=="} 00541{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} @@ -8,7 +8,7 @@ 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872162,"flow_last_seen":1335197872162,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"2001:4f8:4:7:2e0:81ff:fe52:ffff","dst_ip":"2001:4f8:4:7:2e0:81ff:fe52:9a6b","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00542{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1335197872164,"flow_last_seen":1335197872164,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1335197872164,"l3_proto":"ip6","src_ip":"feed::beef","dst_ip":"feed::cafe","l4_proto":41,"flow_datalink":1,"flow_max_packets":3} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":11,"global_ts_msec":1335197872164} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"6in6tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":104,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1335197872164} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680728 bytes -~~ total memory freed........: 4680728 bytes +~~ total memory allocated....: 4680752 bytes +~~ total memory freed........: 4680752 bytes ~~ total allocations/frees...: 101148/101148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/BGP_Cisco_hdlc_slarp.pcap.out index 115348268..16b9a3923 100644 --- a/test/results/BGP_Cisco_hdlc_slarp.pcap.out +++ b/test/results/BGP_Cisco_hdlc_slarp.pcap.out @@ -1,12 +1,12 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1445156939131} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1445156939131} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1445156939131,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1445156939131,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1445156939131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939131,"pkt":"DwAIAEXAACz4kkAAAQa2VmQQAQJkEAEBR5QAs7zqddEAAAAAYAJAABMAAAACBAW0"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1445156939145,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":48,"pkt_l4_len":24,"thread_ts_msec":1445156939145,"pkt":"DwAIAEXAACyvfwAAAQY\/amQQAQFkEAECALNHlBlZ03+86nXSYBJAACYWAAACBAW0"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1445156939152,"pkt":"DwAIAEXAACj4k0AAAQa2WWQQAQJkEAEBR5QAs7zqddIZWdOAUBBAAD3TAAA="} 00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1445156939131,"flow_last_seen":1445156939152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1445156939152,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1445156939131,"flow_last_seen":1445156989230,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1445156989230,"l3_proto":"ip4","src_ip":"100.16.1.2","dst_ip":"100.16.1.1","src_port":18324,"dst_port":179,"l4_proto":"tcp","flow_datalink":9,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1445156989230} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"BGP_Cisco_hdlc_slarp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1445156989230} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680204 bytes -~~ total memory freed........: 4680204 bytes +~~ total memory allocated....: 4680228 bytes +~~ total memory freed........: 4680228 bytes ~~ total allocations/frees...: 101157/101157 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/BGP_redist.pcap.out b/test/results/BGP_redist.pcap.out index aabdbd41b..45df01e16 100644 --- a/test/results/BGP_redist.pcap.out +++ b/test/results/BGP_redist.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1256636836167} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1256636836167} 00187{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167} 00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} 00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1256636836167} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1256636836167} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/1 ~~ skipped flows.............: 0 @@ -15,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 192 chars ~~ json string max len.......: 679 chars -~~ json string avg len.......: 426 chars +~~ json string avg len.......: 427 chars diff --git a/test/results/EAQ.pcap.out b/test/results/EAQ.pcap.out index 5708c7ba5..f14593b8e 100644 --- a/test/results/EAQ.pcap.out +++ b/test/results/EAQ.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"EAQ.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1432820948562} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432820948562} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820948562,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820948562,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"173.194.119.48","src_port":53497,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820948562,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820948562,"pkt":"ABoRAAACABoRAAABCABFAAA8xb9AAEAGRgEKCAABrcJ3MND5AFA4ezYlAAAAAKACOQisdgAAAgQFtAQCCAoABPOaAAAAAAEDAwQ="} 00446{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820948566,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820948566,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAGO9OtwncwCggAAQBQ0PnHhMnaOHs2JlAS\/\/+vjAAA"} @@ -186,7 +186,7 @@ 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820966101,"flow_last_seen":1432821030791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.149.67","src_port":50175,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820954931,"flow_last_seen":1432821041151,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.129.67","src_port":37985,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1432820970111,"flow_last_seen":1432821034791,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1432821045664,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"200.194.134.67","src_port":40058,"dst_port":6000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EAQ","breed":"Acceptable","category":"Network"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-data-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-events-serialized":189,"global_ts_msec":1432821045664} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":197,"source":"EAQ.pcap","alias":"nDPId-test","packets-captured":197,"packets-processed":197,"total-skipped-flows":0,"total-l4-data-len":13245,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":31,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":189,"global_ts_msec":1432821045664} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 197/197 ~~ skipped flows.............: 0 @@ -195,8 +195,8 @@ ~~ total active/idle flows...: 31/31 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4711772 bytes -~~ total memory freed........: 4711772 bytes +~~ total memory allocated....: 4711796 bytes +~~ total memory freed........: 4711796 bytes ~~ total allocations/frees...: 101436/101436 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 449 chars diff --git a/test/results/IEC104.pcap.out b/test/results/IEC104.pcap.out index c6f8b2bcb..4e0c8f9d8 100644 --- a/test/results/IEC104.pcap.out +++ b/test/results/IEC104.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"IEC104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1317629088495} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1317629088495} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088495,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088495,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1317629088495,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1317629088495,"pkt":"eCvLK7lWABIAxkrACABFAAAoUqRAAH0GWeoKr9MBCndpGglk1fBIoLt3AFkTVVAQ\/elpjgAAAAAAAAAA"} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1317629088520,"flow_last_seen":1317629088520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1317629088520,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -12,7 +12,7 @@ 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1317629088739,"pkt":"AAAMB6wBeCvLK7lWCABFAAAoJ9tAAIAGAAAKd2kaCq\/TA9XxCWTfP\/9mWYD8JFAQAP5RXgAA"} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1317629088495,"flow_last_seen":1317629090498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":603,"flow_avg_l4_payload_len":50,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.1","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54768,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1317629088520,"flow_last_seen":1317629088739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1317629090498,"l3_proto":"ip4","src_ip":"10.175.211.3","dst_ip":"10.119.105.26","src_port":2404,"dst_port":54769,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1317629090498} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"IEC104.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":609,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1317629090498} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681105 bytes -~~ total memory freed........: 4681105 bytes +~~ total memory allocated....: 4681129 bytes +~~ total memory freed........: 4681129 bytes ~~ total allocations/frees...: 101161/101161 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/KakaoTalk_chat.pcap.out b/test/results/KakaoTalk_chat.pcap.out index 3ae357ae8..7f239307d 100644 --- a/test/results/KakaoTalk_chat.pcap.out +++ b/test/results/KakaoTalk_chat.pcap.out @@ -1,5 +1,5 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1430069021959} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430069021959} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069021959,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1430069021959,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAADwAAEAAQBHSIAoYUrwKvAEBljAANQAogKaG7QEAAAEAAAAAAAAEYXV0aAVrYWthbwNjb20AAAEAAQ=="} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069021959,"flow_last_seen":1430069021959,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1430069021959,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":38448,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"},"dns": {"query":"auth.kakao.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -233,7 +233,7 @@ 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1430069044758,"flow_last_seen":1430069069274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":1401,"flow_avg_l4_payload_len":77,"midstream":1,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1430069022104,"flow_last_seen":1430069022234,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":117,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1430069073299,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"10.188.1.1","src_port":9094,"dst_port":53,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.KakaoTalk","breed":"Acceptable","category":"Chat"}} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-data-len":52012,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-events-serialized":236,"global_ts_msec":1430069073299} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":347,"source":"KakaoTalk_chat.pcap","alias":"nDPId-test","packets-captured":347,"packets-processed":347,"total-skipped-flows":0,"total-l4-data-len":52012,"total-not-detected-flows":0,"total-guessed-flows":9,"total-detected-flows":29,"total-detection-updates":32,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":3,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":236,"global_ts_msec":1430069073299} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 347/347 ~~ skipped flows.............: 0 @@ -242,8 +242,8 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4838060 bytes -~~ total memory freed........: 4838060 bytes +~~ total memory allocated....: 4838084 bytes +~~ total memory freed........: 4838084 bytes ~~ total allocations/frees...: 101817/101817 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/KakaoTalk_talk.pcap.out b/test/results/KakaoTalk_talk.pcap.out index 5c3132a97..40175a9b3 100644 --- a/test/results/KakaoTalk_talk.pcap.out +++ b/test/results/KakaoTalk_talk.pcap.out @@ -1,5 +1,5 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1430069140120} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430069140120} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430069140120,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":62,"midstream":1,"thread_ts_msec":1430069140120,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"103.246.57.251","src_port":51021,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00563{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430069140120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":130,"pkt_l4_len":94,"thread_ts_msec":1430069140120,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAHLza0AAPwZJVQoYUrxn9jn7x00fkMsN+RcrPwfugBgApZHwAAABAQgKAAs11Jj3Xso6AAAArVkC\/4gP\/deLY5qAl+gvk5f8xql5QXAwvM9bb5tQyHwtP1GibAaltsw94jGcvj4NNAB8Nc8SXCTCPg=="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430069140453,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1430069140453,"pkt":"AAACEgAAAAAAAAAAAAAIAEUAADRbKkAALgby1Gf2OfsKGFK8H5DHTSs\/B+7LDflVgBAADqYIAAABAQgKmPgkmwALNdQ="} @@ -113,7 +113,7 @@ 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1430069170892,"flow_last_seen":1430069214736,"flow_idle_time":180000,"flow_min_l4_payload_len":78,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":2116,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"10.24.82.188","dst_ip":"1.201.1.174","src_port":11321,"dst_port":23045,"l4_proto":"udp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"KakaoTalk_Voice","breed":"Acceptable","category":"VoIP"}} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1430069164656,"flow_last_seen":1430069216559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":442,"flow_tot_l4_payload_len":918,"flow_avg_l4_payload_len":183,"midstream":1,"thread_ts_msec":1430069216559,"l3_proto":"ip4","src_ip":"139.150.0.125","dst_ip":"10.24.82.188","src_port":443,"dst_port":46947,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00493{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-data-len":291404,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-events-serialized":116,"global_ts_msec":1430069216559} +00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3203,"source":"KakaoTalk_talk.pcap","alias":"nDPId-test","packets-captured":3203,"packets-processed":3203,"total-skipped-flows":0,"total-l4-data-len":291404,"total-not-detected-flows":0,"total-guessed-flows":11,"total-detected-flows":9,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":20,"total-idle-flows":20,"total-compressions":7,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1430069216559} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3203/3203 ~~ skipped flows.............: 0 @@ -122,8 +122,8 @@ ~~ total active/idle flows...: 20/20 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4821133 bytes -~~ total memory freed........: 4821133 bytes +~~ total memory allocated....: 4821157 bytes +~~ total memory freed........: 4821157 bytes ~~ total allocations/frees...: 104436/104436 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/NTPv2.pcap.out b/test/results/NTPv2.pcap.out index 4b68a4f6b..f1049b6c2 100644 --- a/test/results/NTPv2.pcap.out +++ b/test/results/NTPv2.pcap.out @@ -1,10 +1,10 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1436865383632} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865383632} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00924{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865383632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":410,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":410,"pkt_l4_len":376,"thread_ts_msec":1436865383632,"pkt":"RIpbLCrSACaIdf8bCABFAAGMHS4AADERoZDQaF8KTi5MAgB7AFABeH6Xlw4DKgAFAEgAAAAAAAAQOgAAAAAAAAGISO9ZbawQDGUAAAABDAIHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAQZwAAAAAAAADHQLufDawQDGUAAAABuxwHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQxAAAAAAAAAa6UEgp0qwQDGUAAAABKtoHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2AAAAAAAAAWzX1q4C6wQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ2wAAAAAAAAWRR3um9qwQDGUAAAABAFAHAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00672{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":42,"version":42}} 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865383632,"flow_last_seen":1436865383632,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":368,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1436865383632,"l3_proto":"ip4","src_ip":"208.104.95.10","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00467{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1436865383632} +00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":368,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865383632} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 929 chars -~~ json string avg len.......: 678 chars +~~ json string avg len.......: 679 chars diff --git a/test/results/NTPv3.pcap.out b/test/results/NTPv3.pcap.out index 47531ee62..bbb327333 100644 --- a/test/results/NTPv3.pcap.out +++ b/test/results/NTPv3.pcap.out @@ -1,10 +1,10 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1436865405371} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865405371} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865405371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1436865405371,"pkt":"RIpbLCrSACaIdf8bCABFAABMAABAADcRbcOvkIwdTi5MAgB7AFAAOLcYHAAE+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZT08RAAAAANlPTxEAAAAA"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865405371,"flow_last_seen":1436865405371,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865405371,"l3_proto":"ip4","src_ip":"175.144.140.29","dst_ip":"78.46.76.2","src_port":123,"dst_port":80,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00466{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1436865405371} +00545{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865405371} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 673 chars -~~ json string avg len.......: 555 chars +~~ json string avg len.......: 556 chars diff --git a/test/results/NTPv4.pcap.out b/test/results/NTPv4.pcap.out index 08f05bb07..6e88fcddc 100644 --- a/test/results/NTPv4.pcap.out +++ b/test/results/NTPv4.pcap.out @@ -1,10 +1,10 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"NTPv4.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1436865396190} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436865396190} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436865396190,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1436865396190,"pkt":"RIpb2HMEACaIdf8bCABFAABMrX9AADcRaFpVFj54Ti5MCwB7AHsAOKmfIwIH6wAABFAAAAOrg7wD39lPUcMxZbhg2URXVTAzb9DZRFdVMbTpeNlPUfQtJuL0"} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"},"ntp": {"request_code":0,"version":0}} 00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1436865396190,"flow_last_seen":1436865396190,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1436865396190,"l3_proto":"ip4","src_ip":"85.22.62.120","dst_ip":"78.46.76.11","src_port":123,"dst_port":123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NTP","breed":"Acceptable","category":"System"}} -00466{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1436865396190} +00545{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"NTPv4.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1436865396190} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 673 chars -~~ json string avg len.......: 555 chars +~~ json string avg len.......: 556 chars diff --git a/test/results/Oscar.pcap.out b/test/results/Oscar.pcap.out index 64f01ad8d..c9bd7a5f0 100644 --- a/test/results/Oscar.pcap.out +++ b/test/results/Oscar.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"Oscar.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1434606464176} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434606464176} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434606464176,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434606464176,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434606464176,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434606464176,"pkt":"AAxCW5ILDE3pmjdICABFAABAZ9pAAEAGAAAKHh0Dsu0Y+fd9Abu9oGylAAAAALAC\/\/\/zOQAAAgQFtAEDAwUBAQgKFdAS4wAAAAAEAgAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434606464205,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434606464205,"pkt":"DE3pmjdIAAxCW5ILCABFAAAsd\/VAAG8GoM+y7Rj5Ch4dAwG7933\/L+hsvaBspmASQABaVgAAAgQFUAAA"} @@ -7,7 +7,7 @@ 00639{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":32,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1434606464176,"flow_last_seen":1434606524600,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":4185,"flow_avg_l4_payload_len":130,"midstream":0,"thread_ts_msec":1434606524600,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1434606464176,"flow_last_seen":1434606536630,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":5450,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1434606536630,"l3_proto":"ip4","src_ip":"10.30.29.3","dst_ip":"178.237.24.249","src_port":63357,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-data-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1434606536630} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":71,"source":"Oscar.pcap","alias":"nDPId-test","packets-captured":71,"packets-processed":71,"total-skipped-flows":0,"total-l4-data-len":5450,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434606536630} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 71/71 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4714739 bytes -~~ total memory freed........: 4714739 bytes +~~ total memory allocated....: 4714763 bytes +~~ total memory freed........: 4714763 bytes ~~ total allocations/frees...: 101225/101225 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars diff --git a/test/results/WebattackRCE.pcap.out b/test/results/WebattackRCE.pcap.out index 527a821a8..62ecee1dc 100644 --- a/test/results/WebattackRCE.pcap.out +++ b/test/results/WebattackRCE.pcap.out @@ -1,5 +1,5 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackRCE.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1576420276577} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1576420276577} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_msec":1576420276577,"pkt":"AAAAAAAAAAAAAAAACABFAAC5VktAAEAG5fF\/AAABfwAAAcGIH5Al+2Gy82DXQ4AYAED+rQAAAQEICp1m+omdZvqJR0VUIC8gSFRUUC8xLjENClVzZXItQWdlbnQ6IE1vemlsbGEvNS4wMCAoTmlrdG8vMi4xLjYpIChFdmFzaW9uczpOb25lKSAoVGVzdDpQb3J0IENoZWNrKQ0KQ29ubmVjdGlvbjogS2VlcC1BbGl2ZQ0KSG9zdDogMTI3LjAuMC4xDQoNCg=="} 01046{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420276577,"flow_last_seen":1576420276577,"flow_idle_time":7440000,"flow_min_l4_payload_len":133,"flow_max_l4_payload_len":133,"flow_tot_l4_payload_len":133,"flow_avg_l4_payload_len":133,"midstream":1,"thread_ts_msec":1576420276577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":49544,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"127.0.0.1","url":"127.0.0.1\/","code":0,"content_type":"","user_agent":"Mozilla\/5.00 (Nikto\/2.1.6) (Evasions:None) (Test:Port Check)"}} @@ -3188,7 +3188,7 @@ 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":742,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277890,"flow_last_seen":1576420277890,"flow_idle_time":7440000,"flow_min_l4_payload_len":147,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":147,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51046,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":743,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277892,"flow_last_seen":1576420277892,"flow_idle_time":7440000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51048,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","flow_id":744,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576420277893,"flow_last_seen":1576420277893,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":187,"midstream":1,"thread_ts_msec":1576420278014,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51050,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-data-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-events-serialized":3191,"global_ts_msec":1576420278014} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":797,"source":"WebattackRCE.pcap","alias":"nDPId-test","packets-captured":797,"packets-processed":797,"total-skipped-flows":0,"total-l4-data-len":138401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":797,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":797,"total-idle-flows":797,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3191,"global_ts_msec":1576420278014} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 797/797 ~~ skipped flows.............: 0 @@ -3197,8 +3197,8 @@ ~~ total active/idle flows...: 797/797 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5486875 bytes -~~ total memory freed........: 5486875 bytes +~~ total memory allocated....: 5486899 bytes +~~ total memory freed........: 5486899 bytes ~~ total allocations/frees...: 106628/106628 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars diff --git a/test/results/WebattackSQLinj.pcap.out b/test/results/WebattackSQLinj.pcap.out index 004cc6d8f..53a327360 100644 --- a/test/results/WebattackSQLinj.pcap.out +++ b/test/results/WebattackSQLinj.pcap.out @@ -1,5 +1,5 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1499348407419} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1499348407419} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499348407419,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348407419,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36196,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"ABm5CmnxAMGxFOsxCABFAAA84aRAAD4G5CusEAABwKgKMo1kAFAWk4RJAAAAAKACchDPRwAAAgQFtAQCCAoBPmXtAAAAAAEDAwc="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499348407419,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499348407419,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQjWS7EzBkFpOESqAScSCpZgAAAgQFtAQCCAoD6DdgAT5l7QEDAwc="} @@ -54,7 +54,7 @@ 00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348494345,"flow_last_seen":1499348499355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1840,"flow_tot_l4_payload_len":2376,"flow_avg_l4_payload_len":237,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36208,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1499348506489,"flow_last_seen":1499348511497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1881,"flow_tot_l4_payload_len":2418,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36210,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1499348514064,"flow_last_seen":1499348519077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2701,"flow_tot_l4_payload_len":4749,"flow_avg_l4_payload_len":395,"midstream":0,"thread_ts_msec":1499348519077,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":36212,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-data-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-events-serialized":57,"global_ts_msec":1499348519077} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":94,"source":"WebattackSQLinj.pcap","alias":"nDPId-test","packets-captured":94,"packets-processed":94,"total-skipped-flows":0,"total-l4-data-len":23660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":57,"global_ts_msec":1499348519077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 94/94 ~~ skipped flows.............: 0 @@ -63,8 +63,8 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4691228 bytes -~~ total memory freed........: 4691228 bytes +~~ total memory allocated....: 4691252 bytes +~~ total memory freed........: 4691252 bytes ~~ total allocations/frees...: 101297/101297 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/WebattackXSS.pcap.out b/test/results/WebattackXSS.pcap.out index e6cf1a91f..67032d580 100644 --- a/test/results/WebattackXSS.pcap.out +++ b/test/results/WebattackXSS.pcap.out @@ -1,5 +1,5 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"WebattackXSS.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1499346935283} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1499346935283} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499346935283,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499346935283,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":52098,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8wadAAD4GBCmsEAABwKgKMsuCAFAodgngAAAAAKACchCXWwAAAgQFtAQCCAoBOMhHAAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1499346935283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499346935283,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQy4I5j3VaKHYJ4aAScSBLsAAAAgQFtAQCCAoD4pm+ATjIRwEDAwc="} @@ -1849,7 +1849,7 @@ 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4734,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":1,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8vMpAAD4GCQasEAABwKgKMuNwAFAre67MAAAAAKACchCNugAAAgQFtAQCCAoBOxIGAAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4735,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":2,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347535081,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ43Bd+kT3K3uuzaAScSAESAAAAgQFtAQCCAoD5ON7ATsSBgEDAwc="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4736,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":334,"flow_packet_id":3,"flow_last_seen":1499347535081,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1499347535081,"pkt":"ABm5CmnxAMGxFOsxCABFAAA0vMtAAD4GCQ2sEAABwKgKMuNwAFAre67NXfpE+IAQAOWjTwAAAQEICgE7EgYD5ON7"} -00496{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-data-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":245,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":79,"total-active-flows":334,"total-idle-flows":255,"total-events-serialized":1852,"global_ts_msec":1499347536104} +00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4740,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":4740,"packets-processed":4739,"total-skipped-flows":0,"total-l4-data-len":2075670,"total-not-detected-flows":0,"total-guessed-flows":245,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":79,"total-active-flows":334,"total-idle-flows":255,"total-compressions":295,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1852,"global_ts_msec":1499347536104} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1499347536332,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499347536332,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":58238,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4743,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":1,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"ABm5CmnxAMGxFOsxCABFAAA8iGJAAD4GPW6sEAABwKgKMuN+AFBSPZtdAAAAAKACchB5IAAAAgQFtAQCCAoBOxM\/AAAAAAEDAwc="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4744,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":335,"flow_packet_id":2,"flow_last_seen":1499347536332,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1499347536332,"pkt":"AMGxFOsxABm5CmnxCABFAAA8AABAAEAGw9DAqAoyrBAAAQBQ434l0Xf0Uj2bXqAScSDzoAAAAgQFtAQCCAoD5OS0ATsTPwEDAwc="} @@ -3967,7 +3967,7 @@ 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":661,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1499348099359,"flow_last_seen":1499348099360,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":35950,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00813{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","flow_id":569,"flow_state":"finished","flow_packets_processed":311,"flow_first_seen":1499347939286,"flow_last_seen":1499348006339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1870,"flow_tot_l4_payload_len":232672,"flow_avg_l4_payload_len":748,"midstream":0,"thread_ts_msec":1499348099366,"l3_proto":"ip4","src_ip":"172.16.0.1","dst_ip":"192.168.10.50","src_port":34278,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00497{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-data-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-events-serialized":3970,"global_ts_msec":1499348099366} +00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9374,"source":"WebattackXSS.pcap","alias":"nDPId-test","packets-captured":9374,"packets-processed":9374,"total-skipped-flows":0,"total-l4-data-len":4091888,"total-not-detected-flows":0,"total-guessed-flows":639,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":661,"total-idle-flows":661,"total-compressions":609,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":3970,"global_ts_msec":1499348099366} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9374/9374 ~~ skipped flows.............: 0 @@ -3976,8 +3976,8 @@ ~~ total active/idle flows...: 661/661 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5960136 bytes -~~ total memory freed........: 5960136 bytes +~~ total memory allocated....: 5960160 bytes +~~ total memory freed........: 5960160 bytes ~~ total allocations/frees...: 113803/113803 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars diff --git a/test/results/aimini-http.pcap.out b/test/results/aimini-http.pcap.out index e95e56a7d..074e9369a 100644 --- a/test/results/aimini-http.pcap.out +++ b/test/results/aimini-http.pcap.out @@ -1,5 +1,5 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"aimini-http.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1614860228394} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614860228394} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614860229383,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614860229383,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28501,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"5kBKB+riApXG95NLCABFAAAwBPkAAIAGAAAKZQACCmYAAm9VAFCbu4XRAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614860229383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614860229383,"pkt":"ApXG95WRWgXZu6TVCABFAAAwBPkAAH8GIgEKZQACCmYAAm9VAFCbu4XRAAAAAHACgAFeHQAAAgQFtAMDAQA="} @@ -24,7 +24,7 @@ 00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1614860229385,"flow_last_seen":1614860229388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":531,"flow_tot_l4_payload_len":3194,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28502,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1614860229388,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":13568,"flow_avg_l4_payload_len":452,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28503,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1614860229389,"flow_last_seen":1614860229390,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":542,"flow_tot_l4_payload_len":1654,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1614860229390,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":28504,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":139,"packets-processed":133,"total-skipped-flows":0,"total-l4-data-len":79130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":27,"global_ts_msec":1614860229390} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":139,"source":"aimini-http.pcap","alias":"nDPId-test","packets-captured":139,"packets-processed":133,"total-skipped-flows":0,"total-l4-data-len":79130,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1614860229390} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 139/133 ~~ skipped flows.............: 0 @@ -33,8 +33,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686995 bytes -~~ total memory freed........: 4686995 bytes +~~ total memory allocated....: 4687019 bytes +~~ total memory freed........: 4687019 bytes ~~ total allocations/frees...: 101297/101297 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars diff --git a/test/results/ajp.pcap.out b/test/results/ajp.pcap.out index c4d0f8a4b..cee3ec30a 100644 --- a/test/results/ajp.pcap.out +++ b/test/results/ajp.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ajp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1505154584447} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1505154584447} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} @@ -36,7 +36,7 @@ 00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":39,"global_ts_msec":1505154584618} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_msec":1505154584618} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/26 ~~ skipped flows.............: 0 @@ -45,8 +45,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681424 bytes -~~ total memory freed........: 4681424 bytes +~~ total memory allocated....: 4681448 bytes +~~ total memory freed........: 4681448 bytes ~~ total allocations/frees...: 101172/101172 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 202 chars diff --git a/test/results/alexa-app.pcapng.out b/test/results/alexa-app.pcapng.out index 3e5b0890c..3e7947faf 100644 --- a/test/results/alexa-app.pcapng.out +++ b/test/results/alexa-app.pcapng.out @@ -1,5 +1,5 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"alexa-app.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1490976022526} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1490976022526} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526} 00294{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00184{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526} @@ -1070,7 +1070,7 @@ 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":150,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976195545,"flow_last_seen":1490976195628,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":40425,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.PlayStore","breed":"Safe","category":"SoftwareUpdate"}} 00697{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1490976080485,"flow_last_seen":1490976081484,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7640,"flow_avg_l4_payload_len":282,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"34.199.52.240","src_port":38404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1490976029669,"flow_last_seen":1490976029753,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1490976198776,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":19967,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"}} -00498{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3435,"packets-processed":3406,"total-skipped-flows":0,"total-l4-data-len":1226087,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":141,"total-updates":0,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-events-serialized":1073,"global_ts_msec":1490976198776} +00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3435,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":3435,"packets-processed":3406,"total-skipped-flows":0,"total-l4-data-len":1226087,"total-not-detected-flows":0,"total-guessed-flows":14,"total-detected-flows":146,"total-detection-updates":141,"total-updates":0,"current-active-flows":0,"total-active-flows":160,"total-idle-flows":160,"total-compressions":64,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1073,"global_ts_msec":1490976198776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3435/3406 ~~ skipped flows.............: 0 @@ -1079,8 +1079,8 @@ ~~ total active/idle flows...: 160/160 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5413232 bytes -~~ total memory freed........: 5413232 bytes +~~ total memory allocated....: 5413256 bytes +~~ total memory freed........: 5413256 bytes ~~ total allocations/frees...: 105819/105819 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 189 chars diff --git a/test/results/among_us.pcap.out b/test/results/among_us.pcap.out index dc09014f4..74dcfe304 100644 --- a/test/results/among_us.pcap.out +++ b/test/results/among_us.pcap.out @@ -1,10 +1,10 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"among_us.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946681200000} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":57,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":57,"pkt_l4_len":23,"thread_ts_msec":946681200000,"pkt":"eJS0JASgYDjgxTWgCABFAAArJhEAAH8RqpAKAAABrGn7qvsEVgcAF2toCAABAIDZAgMGQUFBQUFB"} 00628{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}} 00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":180000,"flow_min_l4_payload_len":15,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"172.105.251.170","src_port":64260,"dst_port":22023,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AmongUs","breed":"Fun","category":"Game"}} -00468{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":946681200000} +00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"among_us.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":15,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":946681200000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars ~~ json string max len.......: 672 chars -~~ json string avg len.......: 549 chars +~~ json string avg len.......: 550 chars diff --git a/test/results/amqp.pcap.out b/test/results/amqp.pcap.out index 2e7dee80e..788dc5adf 100644 --- a/test/results/amqp.pcap.out +++ b/test/results/amqp.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"amqp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1490904166118} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1490904166118} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1490904166118,"pkt":"AAAAAAAAAAAAAAAACABFAABdxi1AAEAGdWt\/AAABfwABAaytFihPdGXjNxAmEoAYAV7\/UQAAAQEICgC+1cIAvtPNAQABAAAAIQA8ACgAAAhjZWxlcnlldhB3b3JrZXIuaGVhcnRiZWF0AM4="} 00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490904166118,"flow_last_seen":1490904166118,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1490904166118,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} @@ -18,7 +18,7 @@ 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1490904166119,"flow_last_seen":1490904170242,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":448,"flow_tot_l4_payload_len":3574,"flow_avg_l4_payload_len":162,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.1.1","dst_ip":"127.0.0.1","src_port":5672,"dst_port":44204,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":108,"flow_first_seen":1490904166118,"flow_last_seen":1490904170243,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":7295,"flow_avg_l4_payload_len":67,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44205,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1490904169152,"flow_last_seen":1490904170195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":246,"flow_tot_l4_payload_len":2085,"flow_avg_l4_payload_len":69,"midstream":1,"thread_ts_msec":1490904170243,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.1.1","src_port":44206,"dst_port":5672,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AMQP","breed":"Acceptable","category":"RPC"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-data-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":21,"global_ts_msec":1490904170243} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":160,"source":"amqp.pcap","alias":"nDPId-test","packets-captured":160,"packets-processed":160,"total-skipped-flows":0,"total-l4-data-len":12954,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1490904170243} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 160/160 ~~ skipped flows.............: 0 @@ -27,8 +27,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4692326 bytes -~~ total memory freed........: 4692326 bytes +~~ total memory allocated....: 4692350 bytes +~~ total memory freed........: 4692350 bytes ~~ total allocations/frees...: 101312/101312 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/android.pcap.out b/test/results/android.pcap.out index f4e11b743..c0ae6e3f1 100644 --- a/test/results/android.pcap.out +++ b/test/results/android.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"android.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1582454769772} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1582454769772} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454769772,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1582454769772,"l3_proto":"ip4","src_ip":"95.101.24.53","dst_ip":"192.168.2.17","src_port":443,"dst_port":50677,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"android.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454769772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1582454769772,"pkt":"xGGLNYKpxiwDYGpkCABFAABMMy4AADUGGCtfZRg1wKgCEQG7xfVNnd4qbhnKg4AYAUXNDgAAAQEICmx+XigR4ZkoFwMDABMwxZA0Xbk6ucnG2OFNZYAG8R1y"} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"android.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454779631,"flow_last_seen":1582454779631,"flow_idle_time":7440000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1582454779631,"l3_proto":"ip4","src_ip":"17.248.176.75","dst_ip":"192.168.2.17","src_port":443,"dst_port":50584,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -378,7 +378,7 @@ 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871061,"flow_last_seen":1582454871100,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":7660,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.DataSaver","breed":"Fun","category":"Web"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454871600,"flow_last_seen":1582454871601,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":58892,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454867723,"flow_last_seen":1582454867761,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":53,"flow_tot_l4_payload_len":90,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1582454872047,"l3_proto":"ip4","src_ip":"192.168.2.16","dst_ip":"192.168.2.1","src_port":54837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-data-len":101980,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":56,"total-detection-updates":42,"total-updates":0,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-events-serialized":381,"global_ts_msec":1582454872047} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"android.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":475,"total-skipped-flows":0,"total-l4-data-len":101980,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":56,"total-detection-updates":42,"total-updates":0,"current-active-flows":0,"total-active-flows":63,"total-idle-flows":63,"total-compressions":6,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":381,"global_ts_msec":1582454872047} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/475 ~~ skipped flows.............: 0 @@ -387,8 +387,8 @@ ~~ total active/idle flows...: 63/63 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4912195 bytes -~~ total memory freed........: 4912195 bytes +~~ total memory allocated....: 4912219 bytes +~~ total memory freed........: 4912219 bytes ~~ total allocations/frees...: 102065/102065 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/anyconnect-vpn.pcap.out b/test/results/anyconnect-vpn.pcap.out index 18d419222..dbb616ec0 100644 --- a/test/results/anyconnect-vpn.pcap.out +++ b/test/results/anyconnect-vpn.pcap.out @@ -1,5 +1,5 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1569687240992} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569687240992} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569687240992,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1569687240992,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"184.25.56.53","src_port":56885,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569687240992,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687240992,"pkt":"LH6BsEqhNDY7z3UoCABFAAA0AABAAEAGP5MKAADjuBk4Nd41AFDGVya80\/P93YAREABFkgAAAQEIChwNaWayL1Dq"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569687241009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569687241009,"pkt":"NDY7z3UoLH6BsEqhCABFAAA0BhtAADcGQni4GTg1CgAA4wBQ3jXT8\/3dxlcmvYARAOurFAAAAQEICrIv+nscDWlm"} @@ -395,7 +395,7 @@ 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569687267481,"flow_last_seen":1569687267500,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":200,"flow_tot_l4_payload_len":242,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.227","dst_ip":"75.75.75.75","src_port":62427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"}} 00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242476,"flow_last_seen":1569687242476,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.255.250","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} 00643{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569687242271,"flow_last_seen":1569687242271,"flow_idle_time":600000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1569687289262,"l3_proto":"ip4","src_ip":"10.0.0.149","dst_ip":"239.255.3.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} -00495{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":3001,"packets-processed":2997,"total-skipped-flows":0,"total-l4-data-len":880499,"total-not-detected-flows":2,"total-guessed-flows":10,"total-detected-flows":57,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-events-serialized":398,"global_ts_msec":1569687289262} +00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3001,"source":"anyconnect-vpn.pcap","alias":"nDPId-test","packets-captured":3001,"packets-processed":2997,"total-skipped-flows":0,"total-l4-data-len":880499,"total-not-detected-flows":2,"total-guessed-flows":10,"total-detected-flows":57,"total-detection-updates":33,"total-updates":0,"current-active-flows":0,"total-active-flows":69,"total-idle-flows":69,"total-compressions":2,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":398,"global_ts_msec":1569687289262} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3001/2997 ~~ skipped flows.............: 0 @@ -404,8 +404,8 @@ ~~ total active/idle flows...: 69/69 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4891975 bytes -~~ total memory freed........: 4891975 bytes +~~ total memory allocated....: 4891999 bytes +~~ total memory freed........: 4891999 bytes ~~ total allocations/frees...: 104399/104399 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars diff --git a/test/results/anydesk-2.pcap.out b/test/results/anydesk-2.pcap.out index f201510cd..50a397012 100644 --- a/test/results/anydesk-2.pcap.out +++ b/test/results/anydesk-2.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk-2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1613977585247} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1613977585247} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613977585247,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1613977585247,"pkt":"EBMx8Tl22MuK4S0uCABFAABM5C0AAIARAADAqAG7wKgBAeh3ADUAOIRW7CIBAAABAAAAAAAADnJlbGF5LTMxODVhODQ3A25ldAdhbnlkZXNrA2NvbQAAAQAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613977585247,"flow_last_seen":1613977585247,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1613977585247,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"dns": {"query":"relay-3185a847.net.anydesk.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -902,7 +902,7 @@ 01202{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2064,"flow_first_seen":1613977595379,"flow_last_seen":1613977618224,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":223587,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.178","src_port":54164,"dst_port":7070,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585542,"flow_last_seen":1613977585553,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":55376,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613977585247,"flow_last_seen":1613977585260,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1613977618224,"l3_proto":"ip4","src_ip":"192.168.1.187","dst_ip":"192.168.1.1","src_port":59511,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":2521,"packets-processed":2083,"total-skipped-flows":0,"total-l4-data-len":227127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":905,"global_ts_msec":1613977618224} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2521,"source":"anydesk-2.pcap","alias":"nDPId-test","packets-captured":2521,"packets-processed":2083,"total-skipped-flows":0,"total-l4-data-len":227127,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":905,"global_ts_msec":1613977618224} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2521/2083 ~~ skipped flows.............: 0 @@ -911,8 +911,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4755199 bytes -~~ total memory freed........: 4755199 bytes +~~ total memory allocated....: 4755223 bytes +~~ total memory freed........: 4755223 bytes ~~ total allocations/frees...: 103241/103241 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 211 chars diff --git a/test/results/anydesk.pcap.out b/test/results/anydesk.pcap.out index d11affd7e..a90936b4b 100644 --- a/test/results/anydesk.pcap.out +++ b/test/results/anydesk.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"anydesk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1591342198821} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591342198821} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591342198821,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":1,"thread_ts_msec":1591342198821,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1591342198821,"pkt":"AFBW5dKtAAwplUdeCABFAABbtopAAEAGCwXAqJWBM1PvkI3\/AFB7i54qMVwSUlAY+DR5WwAAFwMDAC7mz9mv7V5op8uDzrVlyYzGPOa22i4SIRv\/ctzVUMWyqJzhwIdSdK\/Qd7DJrcKc"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591342198821,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1591342198821,"pkt":"AAwplUdeAFBW5dKtCABFAAAoe1AAAIAGRnIzU++QwKiVgQBQjf8xXBJSe4ueXVAQ+vBP7wAAAAAAAAAA"} @@ -14,7 +14,7 @@ 00810{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"2":"Match by IP"},"proto":"HTTP.AnyDesk","breed":"Acceptable","category":"RemoteAccess"},"http": {}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1591342198821,"flow_last_seen":1591342244652,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":159,"flow_tot_l4_payload_len":607,"flow_avg_l4_payload_len":30,"midstream":1,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.239.144","src_port":36351,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01201{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6943,"flow_first_seen":1591342199201,"flow_last_seen":1591342255171,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2417415,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1591342255171,"l3_proto":"ip4","src_ip":"192.168.149.129","dst_ip":"51.83.238.219","src_port":43535,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"TLS.AnyDesk","breed":"Acceptable","category":"RemoteAccess"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":6963,"packets-processed":6963,"total-skipped-flows":0,"total-l4-data-len":2418022,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":17,"global_ts_msec":1591342255171} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6963,"source":"anydesk.pcap","alias":"nDPId-test","packets-captured":6963,"packets-processed":6963,"total-skipped-flows":0,"total-l4-data-len":2418022,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1591342255171} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6963/6963 ~~ skipped flows.............: 0 @@ -23,8 +23,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4889302 bytes -~~ total memory freed........: 4889302 bytes +~~ total memory allocated....: 4889326 bytes +~~ total memory freed........: 4889326 bytes ~~ total allocations/frees...: 108114/108114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 454 chars diff --git a/test/results/avast_securedns.pcapng.out b/test/results/avast_securedns.pcapng.out index d44cf9b2b..d5a3e96da 100644 --- a/test/results/avast_securedns.pcapng.out +++ b/test/results/avast_securedns.pcapng.out @@ -1,10 +1,10 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"avast_securedns.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1625215624443} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625215624443} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625215624443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625215624443,"pkt":"eJS0JASgYDjgxTWgCABFAABDZa4AAH8ROYTAqAJktdYjleJyAbsAL0mrSMQBAAABAAAAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAAB"} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625215624443,"flow_last_seen":1625215624443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625215624443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":57970,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625215624563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625215624563,"pkt":"YDjgxTWgeJS0JASgCABFAADM0kQAADIRGWW11iOVwKgCZAG74nIAuMIZSMSBgAABAAEAAAAAATIJU2VDVVJlZG5TBWFWYXNUA0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":1625241699450} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":215,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625241699450} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625241699450,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241699450,"pkt":"eJS0JASgYDjgxTWgCABFAABDEeYAAH8RjUzAqAJktdYjle8RAbsAL9I803MBAAABAAAAAAAAATIJU0VjdVJlRE5zBUF2YXNUA0NPbQAAEAAB"} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241699450,"flow_last_seen":1625241699450,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241699450,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -18,7 +18,7 @@ 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1625241714666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625241714666,"pkt":"eJS0JASgYDjgxTWgCABFAABDXeQAAH8RQU7AqAJktdYjlfU3AbsAL3hGRwQBAAABAAAAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAAB"} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625241714666,"flow_last_seen":1625241714666,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625241714666,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00684{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1625241714787,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625241714787,"pkt":"YDjgxTWgeJS0JASgCABFAADMRgkAADERpqC11iOVwKgCZAG79TcAuPC0RwSBgAABAAEAAAAAATIJU2VjVVJlZG5zBUFWYVN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-events-serialized":21,"global_ts_msec":1625320207133} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":860,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1625320207133} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1625320207133,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625320207133,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9IAAH8RU2DAqAJktdYjld0FAbsALycJUJMBAAABAAAAAAAAATIJc2VjVVJlZG5TBUF2YXNUA2NvTQAAEAAB"} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625320207133,"flow_last_seen":1625320207133,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625320207133,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -30,7 +30,7 @@ 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241699450,"flow_last_seen":1625241699572,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61201,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241714666,"flow_last_seen":1625241714787,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":62775,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625241701462,"flow_last_seen":1625241701583,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625320209184,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":60835,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-events-serialized":33,"global_ts_msec":1625321673727} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":1290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":6,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1625321673727} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1625321673727,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625321673727,"pkt":"eJS0JASgYDjgxTWgCABFAABDS9wAAH8RU1bAqAJktdYjlcWVAbsAL1g+dw4BAAABAAAAAAAAATIJc2VDdXJFRE5TBUFWQXN0A0NvTQAAEAAB"} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625321673727,"flow_last_seen":1625321673727,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625321673727,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -41,7 +41,7 @@ 00685{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1625321675403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625321675403,"pkt":"YDjgxTWgeJS0JASgCABFAADMuxcAADMRL5K11iOVwKgCZAG77rMAuEweEl+BgAABAAEAAAAAATIJU0VDdVJFZE5zBWFWYXNUA0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320207133,"flow_last_seen":1625320207252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625320209063,"flow_last_seen":1625320209184,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625321675403,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56765,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-events-serialized":44,"global_ts_msec":1625395217252} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":1720,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":44,"global_ts_msec":1625395217252} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1625395217252,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625395217252,"pkt":"eJS0JASgYDjgxTWgCABFAABDKckAAH8RdWnAqAJktdYjlf26AbsAL3dTP5QBAAABAAAAAAAAATIJc0VjdVJlZE5zBUFWQVNUA2NvTQAAEAAB"} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":17,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625395217252,"flow_last_seen":1625395217252,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625395217252,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -52,7 +52,7 @@ 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1625395217373,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625395217373,"pkt":"YDjgxTWgeJS0JASgCABFAADMf00AADMRa1y11iOVwKgCZAG76OUAuMImoeSBgAABAAEAAAAAATIJc0VjVXJlRE5TBWF2QVNUA2NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321673727,"flow_last_seen":1625321673848,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":50581,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625321675283,"flow_last_seen":1625321675403,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625395217373,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":61107,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00484{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-events-serialized":55,"global_ts_msec":1625401091063} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":2150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":10,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1625401091063} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1625401091063,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625401091063,"pkt":"eJS0JASgYDjgxTWgCABFAABDKc0AAH8RdWXAqAJktdYjlc0FAbsAL8xY+0MBAAABAAAAAAAAATIJc2VDdVJFZE5TBWF2YXNUA0NPbQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625401091063,"flow_last_seen":1625401091063,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625401091063,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -63,14 +63,14 @@ 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1625401093443,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625401093443,"pkt":"YDjgxTWgeJS0JASgCABFAADMuwEAADIRMKi11iOVwKgCZAG71poAuIigzbWBgAABAAEAAAAAATIJc2VjVVJlRE5zBWFWQVN0A2NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217373,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59621,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625395217252,"flow_last_seen":1625395217373,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625401093443,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64954,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00485{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-events-serialized":66,"global_ts_msec":1625413810414} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":25,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":2580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":12,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_msec":1625413810414} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1625413810414,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625413810414,"pkt":"eJS0JASgYDjgxTWgCABFAABDy3cAAH8R07rAqAJktdYjld4HAbsAL+Cz9gYBAAABAAAAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625413810414,"flow_last_seen":1625413810414,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625413810414,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56839,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1625413810531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625413810531,"pkt":"YDjgxTWgeJS0JASgCABFAADMKHAAADERxDm11iOVwKgCZAG73gcAuFki9gaBgAABAAEAAAAAATIJU0VDdXJlZE5TBUFWQXN0A0NPbQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401091063,"flow_last_seen":1625401091190,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52485,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625401093323,"flow_last_seen":1625401093443,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625413810531,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54938,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00485{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-events-serialized":73,"global_ts_msec":1625477697370} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":27,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2795,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":13,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_msec":1625477697370} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1625477697370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477697370,"pkt":"eJS0JASgYDjgxTWgCABFAABDQqcAAH8RXIvAqAJktdYjleMrAbsAL7nVV2EBAAABAAAAAAAAATIJc0VjVVJFZE5zBWFWQVN0A0NvbQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477697370,"flow_last_seen":1625477697370,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477697370,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":58155,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -92,7 +92,7 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1625477739836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625477739836,"pkt":"eJS0JASgYDjgxTWgCABFAABD1L8AAH8RynLAqAJktdYjldsvAbsAL1UmhCwBAAABAAAAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625477739836,"flow_last_seen":1625477739836,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625477739836,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":56111,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1625477739952,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625477739952,"pkt":"YDjgxTWgeJS0JASgCABFAADMDM8AADIR3tq11iOVwKgCZAG72y8AuM2UhCyBgAABAAEAAAAAATIJc0VjVXJlRG5TBWF2QVN0A2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00485{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-data-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-events-serialized":95,"global_ts_msec":1625482316411} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":37,"packets-processed":36,"total-skipped-flows":0,"total-l4-data-len":3870,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":18,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":18,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":95,"global_ts_msec":1625482316411} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1625482316411,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482316411,"pkt":"eJS0JASgYDjgxTWgCABFAABDyvUAAH8R1DzAqAJktdYjlfvuAbsAL4YFMq4BAAABAAAAAAAAATIJU2VDVVJFZE5zBWFWYXNUA0NvbQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482316411,"flow_last_seen":1625482316411,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482316411,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64494,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -130,7 +130,7 @@ 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1625482486856,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482486856,"pkt":"eJS0JASgYDjgxTWgCABFAABD\/EUAAH8RouzAqAJktdYjldUSAbsAL8JN\/WEBAAABAAAAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":51,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482486856,"flow_last_seen":1625482486856,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482486856,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54546,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1625482486976,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625482486976,"pkt":"YDjgxTWgeJS0JASgCABFAADMt\/IAADMRMre11iOVwKgCZAG71RIAuDq8\/WGBgAABAAEAAAAAATIJc2VDVXJlZG5TBUFWQXN0A0NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-data-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-events-serialized":133,"global_ts_msec":1625482998213} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":53,"packets-processed":52,"total-skipped-flows":0,"total-l4-data-len":5590,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":26,"total-detection-updates":0,"total-updates":0,"current-active-flows":8,"total-active-flows":26,"total-idle-flows":18,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":133,"global_ts_msec":1625482998213} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1625482998213,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625482998213,"pkt":"eJS0JASgYDjgxTWgCABFAABDf48AAH8RH6PAqAJktdYjlfuwAbsAL9NLpcUBAAABAAAAAAAAATIJc0VjdVJlZE5TBUF2YXNUA0NvTQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":53,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625482998213,"flow_last_seen":1625482998213,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625482998213,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -159,7 +159,7 @@ 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1625483073457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625483073457,"pkt":"eJS0JASgYDjgxTWgCABFAABDRzoAAH8RV\/jAqAJktdYjlczBAbsAL78\/SIEBAAABAAAAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":61,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625483073457,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1625483073457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625483073457,"pkt":"YDjgxTWgeJS0JASgCABFAADMX7kAADIRi\/C11iOVwKgCZAG7zMEAuDeuSIGBgAABAAEAAAAAATIJc2VDVXJlZE5zBWFWQVNUA2NPTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-data-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-events-serialized":162,"global_ts_msec":1625511643408} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":63,"packets-processed":62,"total-skipped-flows":0,"total-l4-data-len":6665,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":31,"total-idle-flows":26,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":162,"global_ts_msec":1625511643408} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1625511643408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625511643408,"pkt":"eJS0JASgYDjgxTWgCABFAABDhScAAH8RGgvAqAJktdYjlehSAbsAL7NiOO0BAAABAAAAAAAAATIJU2VDVVJFZG5zBUFWYVN0A2NPTQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625511643408,"flow_last_seen":1625511643408,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625511643408,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":59474,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -173,7 +173,7 @@ 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625482998213,"flow_last_seen":1625482998333,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64432,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073457,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":52417,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625483073336,"flow_last_seen":1625483073457,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625511645546,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":65063,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-data-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-events-serialized":176,"global_ts_msec":1625556065479} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":67,"packets-processed":66,"total-skipped-flows":0,"total-l4-data-len":7095,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":33,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":33,"total-idle-flows":31,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":176,"global_ts_msec":1625556065479} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1625556065479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556065479,"pkt":"eJS0JASgYDjgxTWgCABFAABDHAQAAH8Rgy7AqAJktdYjldqMAbsAL9sh3zMBAAABAAAAAAAAATIJU2VDVXJlRG5zBUF2QVNUA0NPbQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":67,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556065479,"flow_last_seen":1625556065479,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556065479,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":55948,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -191,7 +191,7 @@ 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1625556102196,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625556102196,"pkt":"eJS0JASgYDjgxTWgCABFAABDGwgAAH8RhCrAqAJktdYjldUVAbsAL6kdFo8BAAABAAAAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625556102196,"flow_last_seen":1625556102196,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625556102196,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00686{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_packet_id":2,"flow_last_seen":1625556102314,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":218,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":218,"pkt_l4_len":184,"thread_ts_msec":1625556102314,"pkt":"YDjgxTWgeJS0JASgCABFAADMmGEAADMRUki11iOVwKgCZAG71RUAuCGMFo+BgAABAAEAAAAAATIJU0VjVXJlRG5TBUFWYXN0A0NvTQAAEAABwAwAEAABAAAAAAB9fEROU0MAAQAAdbGG79HauHsEle6YB50xeKMwK8SYUwo5qiWilpDIHq4IRyPqRT3IPG5jxpboE0lko1AuVkiWEeUR9\/u646E\/BRo\/+UHxjIi4wlQScksPLarZO+PfTGW44OCbGa1Eo85vGj\/5QfGMiLgwMDAxXpWkwXFhp8E="} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-data-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-events-serialized":194,"global_ts_msec":1625558730271} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-data-len":7779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":37,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":37,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_msec":1625558730271} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1625558730271,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1625558730271,"pkt":"eJS0JASgYDjgxTWgCABFAABDLFIAAH8RcuDAqAJktdYjldXoAbsALw4O0KsBAAABAAAAAAAAATIJU0VDdXJlZE5zBUFWYVNUA2NvTQAAEAAB"} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625558730271,"flow_last_seen":1625558730271,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1625558730271,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} @@ -206,7 +206,7 @@ 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556100118,"flow_last_seen":1625556100236,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":64700,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625556102196,"flow_last_seen":1625556102314,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54549,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} 00837{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625558730271,"flow_last_seen":1625558730389,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":176,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1625558735164,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"181.214.35.149","src_port":54760,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"AVASTSecureDNS","breed":"Safe","category":"Network"}} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-data-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-events-serialized":209,"global_ts_msec":1625558735164} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"avast_securedns.pcapng","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-data-len":8209,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":39,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":39,"total-idle-flows":39,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":209,"global_ts_msec":1625558735164} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -215,8 +215,8 @@ ~~ total active/idle flows...: 39/39 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4715167 bytes -~~ total memory freed........: 4715167 bytes +~~ total memory allocated....: 4715191 bytes +~~ total memory freed........: 4715191 bytes ~~ total allocations/frees...: 101334/101334 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars diff --git a/test/results/bad-dns-traffic.pcap.out b/test/results/bad-dns-traffic.pcap.out index f81310b45..8af111764 100644 --- a/test/results/bad-dns-traffic.pcap.out +++ b/test/results/bad-dns-traffic.pcap.out @@ -1,5 +1,5 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1486012623234} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1486012623234} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486012623234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_msec":1486012623234,"pkt":"AhoR+f4q5LMYS\/DDCABFAAB3821AAEARVP\/AqCtbBAICBIx+ADUAYyoIa68BAAABAAAAAAAAODA1ZTEwMGE2MjFjMzYyMDAwMTYzNmY2ZTczNmY2YzY1MjAyODczNjk3Mjc2Njk2ZDY1NzMyOTAwDHNrdWxsc2VjbGFicwNvcmcAAA8AAQ=="} 00959{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486012623234,"flow_last_seen":1486012623234,"flow_idle_time":180000,"flow_min_l4_payload_len":91,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":91,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1486012623234,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"05e100a621c3620001636f6e736f6c65202873697276696d65732900.skullseclabs.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -26,7 +26,7 @@ 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1486012730177,"flow_last_seen":1486012733669,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":281,"flow_tot_l4_payload_len":1495,"flow_avg_l4_payload_len":106,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":46961,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":349,"flow_first_seen":1486012635073,"flow_last_seen":1486012727540,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":80215,"flow_avg_l4_payload_len":229,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":56354,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1486012623234,"flow_last_seen":1486012630741,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":187,"flow_tot_l4_payload_len":1620,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1486012733669,"l3_proto":"ip4","src_ip":"192.168.43.91","dst_ip":"4.2.2.4","src_port":35966,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-data-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":29,"global_ts_msec":1486012733669} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":382,"source":"bad-dns-traffic.pcap","alias":"nDPId-test","packets-captured":382,"packets-processed":382,"total-skipped-flows":0,"total-l4-data-len":83330,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1486012733669} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 382/382 ~~ skipped flows.............: 0 @@ -35,8 +35,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4692620 bytes -~~ total memory freed........: 4692620 bytes +~~ total memory allocated....: 4692644 bytes +~~ total memory freed........: 4692644 bytes ~~ total allocations/frees...: 101531/101531 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/badpackets.pcap.out b/test/results/badpackets.pcap.out index 11888f120..3724afdac 100644 --- a/test/results/badpackets.pcap.out +++ b/test/results/badpackets.pcap.out @@ -1,5 +1,5 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1495451029466} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1495451029466} 00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_msec":1495451029466} 00627{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00205{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451030401} @@ -132,7 +132,7 @@ 00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} 00204{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_msec":1495451620868} 00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":135,"global_ts_msec":1495451632004} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":135,"global_ts_msec":1495451632004} 00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_msec":1495451632004} 01119{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"} 00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451636457} @@ -201,7 +201,7 @@ 00917{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"} 00206{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451915752} 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":204,"global_ts_msec":1495451915752} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":204,"global_ts_msec":1495451915752} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/0 ~~ skipped flows.............: 0 @@ -210,8 +210,8 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 209 chars diff --git a/test/results/bitcoin.pcap.out b/test/results/bitcoin.pcap.out index edce9d123..80530e7e6 100644 --- a/test/results/bitcoin.pcap.out +++ b/test/results/bitcoin.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bitcoin.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1301327937725} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1301327937725} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301327937725,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301327937725,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1301327937725,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937725,"pkt":"ACPrIpS0ACNshovhCABFAACdb3BAAEAGdmXAqAGOvKXVqdgVII1UFpaF9ORId4AY\/\/\/XwQAAAQEICicy22Mwkrss+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABBsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/vKXVqSCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/\/AqAGOII3ZMDrPGxAeDAD6vQEA"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1301327937800,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301327937800,"pkt":"ACNshovhACPrIpS0CABFAACd8zJAADQG\/qK8pdWpwKgBjiCN2BX05Eh3VBaWhYAYAC7fMwAAAQEICjCSu0gnMttj+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABqsJBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHtgVAQAAAAAAAAAAAAAAAAAAAAAA\/\/+8pdWpII1MLcnArv8XlgAGwwEA"} @@ -20,7 +20,7 @@ 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":201,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1301328472925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472925,"pkt":"ACPrIpS0ACNshovhCABFAACde+1AAEAGZt3AqAGOQkRTFthXII0tj7Vf9ZidkYAY\/\/+IsAAAAQEICicy8EYAAAAA+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAABYspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/QkRTFiCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII21Dgd4gTLgpgDgvgEA"} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":202,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1301328472987,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301328472987,"pkt":"ACNshovhACPrIpS0CABFAACdMqtAAG8GgR9CRFMWwKgBjiCN2Ff1mJ2RLY+1yIAY\/5aM3QAAAQEICgBK7W0nMvBG+b602XZlcnNpb24AAAAAAFUAAACcfAAAAQAAAAAAAABZspBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHthXAQAAAAAAAAAAAAAAAAAAAAAA\/\/9CRFMWII0z3Rs+AfeDdwAHwwEA"} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":203,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1301328473077,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328473077,"pkt":"ACNshovhACPrIpS0CABFAABIMqxAAG8GgXNCRFMWwKgBjiCN2Ff1mJ36LY+1yIAY\/5avrAAAAQEICgBK7W4nMvBG+b602XZlcmFjawAAAAAAAAAAAAA="} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-data-len":260266,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-events-serialized":23,"global_ts_msec":1301328538215} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":215,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":215,"packets-processed":214,"total-skipped-flows":0,"total-l4-data-len":260266,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1301328538215} 00773{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"thread_ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328472925,"flow_last_seen":1301328616076,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":32755,"flow_avg_l4_payload_len":1023,"midstream":1,"thread_ts_msec":1301328616076,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"66.68.83.22","src_port":55383,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":348,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301328699728,"flow_last_seen":1301328699728,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301328699728,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -29,12 +29,12 @@ 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":350,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1301328699969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1301328699969,"pkt":"ACNshovhACPrIpS0CABFAABIBdlAAHUGaRTD2hCywKgBjiCN2GjjI7N8QQ13l4AYAQRZWQAAAQEICgAAIignMvkg+b602XZlcmFjawAAAAAAAAAAAAA="} 00776{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"thread_ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1301328699728,"flow_last_seen":1301328743741,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":33744,"flow_avg_l4_payload_len":1054,"midstream":1,"thread_ts_msec":1301328743741,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-data-len":520135,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-events-serialized":32,"global_ts_msec":1301329138452} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":495,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":495,"packets-processed":494,"total-skipped-flows":0,"total-l4-data-len":520135,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1301329138452} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1301329304767,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":1,"thread_ts_msec":1301329304767,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00616{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1301329304767,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304767,"pkt":"ACPrIpS0ACNshovhCABFAACdDAhAAEAGDmvAqAGOuDqld9i\/II0stRatNDMFDIAY\/\/9S8AAAAQEICiczELoAVdzf+b602XZlcnNpb24AAAAAAFUAAAABfQAAAQAAAAAAAACYtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/uDqldyCNAQAAAAAAAAAAAAAAAAAAAAAA\/\/8mYIQeII0b7ZMAlkQ1dwALwwEA"} 00614{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1301329304813,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1301329304813,"pkt":"ACNshovhACPrIpS0CABFAACdBMxAAHQG4aa4OqV3wKgBjiCN2L80MwUMLLUWrYAYAQTgGAAAAQEICgBV3OcnMxC6+b602XZlcnNpb24AAAAAAFUAAAACfQAAAQAAAAAAAACQtZBNAAAAAAEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHti\/AQAAAAAAAAAAAAAAAAAAAAAA\/\/+4OqV3II2BHa1kLxLeCgCuwgEA"} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":523,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1301329305005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1301329305005,"pkt":"ACPrIpS0ACNshovhCABFAACX6RJAAEAGMWbAqAGOuDqld9i\/II0stRcWNDMFdYAY\/\/+hogAAAQEICiczEL0AVdz7+b602XZlcmFjawAAAAAAAAAAAAD5vrTZZ2V0YWRkcgAAAAAAAAAAAF324OL5vrTZYWRkcgAAAAAAAAAAHwAAAKr+QCYBbLWQTQEAAAAAAAAAAAAAAAAAAAAAAP\/\/JmCEHiCN"} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-data-len":537564,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-events-serialized":37,"global_ts_msec":1301329743430} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":622,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":622,"packets-processed":621,"total-skipped-flows":0,"total-l4-data-len":537564,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1301329743430} 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":172,"flow_first_seen":1301328319392,"flow_last_seen":1301329810648,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":152141,"flow_avg_l4_payload_len":884,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"74.89.181.229","src_port":55348,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":119,"flow_first_seen":1301328699728,"flow_last_seen":1301329807659,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74897,"flow_avg_l4_payload_len":629,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"195.218.16.178","src_port":55400,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00773{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":27,"flow_first_seen":1301329304767,"flow_last_seen":1301329810839,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1061,"flow_tot_l4_payload_len":2684,"flow_avg_l4_payload_len":99,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"184.58.165.119","src_port":55487,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} @@ -43,7 +43,7 @@ 00777{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":19,"flow_first_seen":1301327937725,"flow_last_seen":1301327939000,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":22190,"flow_avg_l4_payload_len":1167,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"188.165.213.169","src_port":55317,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00817{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":139,"flow_first_seen":1301328089970,"flow_last_seen":1301328420526,"flow_idle_time":7440000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":182136,"flow_avg_l4_payload_len":1310,"midstream":1,"thread_ts_msec":1301329810839,"l3_proto":"ip4","src_ip":"192.168.1.142","dst_ip":"69.118.54.122","src_port":55328,"dst_port":8333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":539032,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-events-serialized":46,"global_ts_msec":1301329810839} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"bitcoin.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":539032,"total-not-detected-flows":0,"total-guessed-flows":6,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":46,"global_ts_msec":1301329810839} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 ~~ skipped flows.............: 0 @@ -52,8 +52,8 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5748206 bytes -~~ total memory freed........: 5748206 bytes +~~ total memory allocated....: 5748230 bytes +~~ total memory freed........: 5748230 bytes ~~ total allocations/frees...: 101873/101873 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/bittorrent.pcap.out b/test/results/bittorrent.pcap.out index e083863cf..9bfa77fe7 100644 --- a/test/results/bittorrent.pcap.out +++ b/test/results/bittorrent.pcap.out @@ -1,5 +1,5 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1455469967246} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455469967246} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":134,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":134,"pkt_l4_len":100,"thread_ts_msec":1455469967246,"pkt":"LFbcjDU0xCwDBkn+CABFAAB4eD1AAEAGAADAqAEDUjrYc86YlaHFzANOp3OTAoAY\/\/\/swwAAAQEIChnb8BkAhEMxE0JpdFRvcnJlbnQgcHJvdG9jb2wAAAAAABAABdz83M+55nDMw91Ax4wWHyvqJDEmLVVNMTg2MC1BjhgayboXmHFSZj4="} 00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455469967246,"flow_last_seen":1455469967246,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469967246,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52888,"dst_port":38305,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":"dcfcdccfb9e670ccc3dd40c78c161f2bea243126"}} @@ -131,7 +131,7 @@ 00843{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1455469974358,"flow_last_seen":1455469976244,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":639,"flow_tot_l4_payload_len":1137,"flow_avg_l4_payload_len":284,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"82.58.216.115","src_port":52907,"dst_port":38305,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} 00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469969441,"flow_last_seen":1455469969441,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52894,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} 00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1455469975407,"flow_last_seen":1455469975407,"flow_idle_time":7440000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":1,"thread_ts_msec":1455469982106,"l3_proto":"ip4","src_ip":"192.168.1.3","dst_ip":"120.62.33.241","src_port":52910,"dst_port":39332,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-events-serialized":134,"global_ts_msec":1455469982106} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":299,"source":"bittorrent.pcap","alias":"nDPId-test","packets-captured":299,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":285982,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":24,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":24,"total-idle-flows":24,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":134,"global_ts_msec":1455469982106} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 299/299 ~~ skipped flows.............: 0 @@ -140,8 +140,8 @@ ~~ total active/idle flows...: 24/24 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5015741 bytes -~~ total memory freed........: 5015741 bytes +~~ total memory allocated....: 5015765 bytes +~~ total memory freed........: 5015765 bytes ~~ total allocations/frees...: 101535/101535 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/bittorrent_utp.pcap.out b/test/results/bittorrent_utp.pcap.out index cca8e054e..6e1ac18fe 100644 --- a/test/results/bittorrent_utp.pcap.out +++ b/test/results/bittorrent_utp.pcap.out @@ -1,5 +1,5 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bittorrent_utp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1456385034843} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1456385034843} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1456385034843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1456385034843,"pkt":"xCwDBkn+LFbcjDU0CABFCACEN6IAAHARjPNS83ErwKgBBf3Jn\/8AcJbNZDE6YWQyOmlkMjA69\/YAfOoTUG5RTefsvJTyrlFxFfg5OmluZm9faGFzaDIwOvf2AdimJ292LCw98nSvKCf40fHeZTE6cTk6Z2V0X3BlZXJzMTp0MjoOYTE6djQ6TFQBATE6eTE6cWU="} 00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1456385034843,"flow_last_seen":1456385034843,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1456385034843,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} @@ -7,7 +7,7 @@ 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1456385040274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1456385040274,"pkt":"xCwDBkn+LFbcjDU0CABFCAAwPfxAAHARRu1S83ErwKgBBf3Jn\/8AHJxJQQBTAhDusvAAAAAAAAAAAOf1AAA="} 00842{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1456385034843,"flow_last_seen":1456385041276,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":15014,"flow_avg_l4_payload_len":469,"midstream":0,"thread_ts_msec":1456385041276,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} 00847{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":86,"flow_first_seen":1456385034843,"flow_last_seen":1456385054059,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":37877,"flow_avg_l4_payload_len":440,"midstream":0,"thread_ts_msec":1456385054059,"l3_proto":"ip4","src_ip":"82.243.113.43","dst_ip":"192.168.1.5","src_port":64969,"dst_port":40959,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":86,"packets-processed":86,"total-skipped-flows":0,"total-l4-data-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1456385054059} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":86,"source":"bittorrent_utp.pcap","alias":"nDPId-test","packets-captured":86,"packets-processed":86,"total-skipped-flows":0,"total-l4-data-len":37877,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1456385054059} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 86/86 ~~ skipped flows.............: 0 @@ -16,10 +16,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4944452 bytes -~~ total memory freed........: 4944452 bytes +~~ total memory allocated....: 4944476 bytes +~~ total memory freed........: 4944476 bytes ~~ total allocations/frees...: 101231/101231 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars ~~ json string max len.......: 852 chars -~~ json string avg len.......: 656 chars +~~ json string avg len.......: 657 chars diff --git a/test/results/bot.pcap.out b/test/results/bot.pcap.out index 0ff4c56c8..8d9d77944 100644 --- a/test/results/bot.pcap.out +++ b/test/results/bot.pcap.out @@ -1,12 +1,12 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1645108240233} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645108240233} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645108240233,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1645108240233,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQIAMBFSQABuBooHKE2nJFkfSNz9AABQtwbJ7AAAAABwwvrwl9EAAAIEBaABAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1645108240233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1645108240233,"pkt":"AAAMB6wytJaRl+L8gQAATQgARQAAMAAAQAA\/BspbWR9I3ChNpyQAUP0AWPWTl7cGye1wEnIQNMAAAAIEBbQBAQQC"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":64,"pkt_l4_len":20,"thread_ts_msec":1645108240339,"pkt":"AFBWtlQQQFU5D63CgQAATQgARQAAKBFTQABuBooQKE2nJFkfSNz9AABQtwbJ7Vj1k5hQEPrw2KMAAKqq+vDYow=="} 00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1645108240233,"flow_last_seen":1645108240339,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":316,"flow_tot_l4_payload_len":316,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1645108240339,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"},"http": {"hostname":"atlanteditorino.it","url":"atlanteditorino.it\/quartieri\/img\/S.Donato_M.Vittoria1930_B.jpg","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (compatible; bingbot\/2.0; +http:\/\/www.bing.com\/bingbot.htm)"}} 00685{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":402,"flow_first_seen":1645108240233,"flow_last_seen":1645108245896,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":407096,"flow_avg_l4_payload_len":1012,"midstream":0,"thread_ts_msec":1645108245896,"l3_proto":"ip4","src_ip":"40.77.167.36","dst_ip":"89.31.72.220","src_port":64768,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Azure","breed":"Acceptable","category":"Cloud"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-data-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1645108245896} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":402,"source":"bot.pcap","alias":"nDPId-test","packets-captured":402,"packets-processed":402,"total-skipped-flows":0,"total-l4-data-len":407096,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1645108245896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 402/402 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4691614 bytes -~~ total memory freed........: 4691614 bytes +~~ total memory allocated....: 4691638 bytes +~~ total memory freed........: 4691638 bytes ~~ total allocations/frees...: 101549/101549 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/bt_search.pcap.out b/test/results/bt_search.pcap.out index 26267f5cd..a400f6efb 100644 --- a/test/results/bt_search.pcap.out +++ b/test/results/bt_search.pcap.out @@ -1,11 +1,11 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"bt_search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1430752225251} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1430752225251} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1430752225251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1430752225251,"pkt":"AQBeQJiPABZEH1lmCABFAACTaOEAAP8RCRrAqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00687{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1430752225251,"flow_last_seen":1430752225251,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752225251,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"BitTorrent","breed":"Acceptable","category":"Download"},"bittorrent": {"hash":""}} 00597{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1430752525284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1430752525284,"pkt":"AQBeQJiPABZEH1lmCABFAACTCiwAAP8RZ8\/AqABm78CYjxpzGnMAf8gHQlQtU0VBUkNIICogSFRUUC8xLjENCkhvc3Q6IDIzOS4xOTIuMTUyLjE0Mzo2NzcxDQpQb3J0OiA2MTE5Nw0KSW5mb2hhc2g6IEVENEYxMDg1RTg4NUY5OEY5QTY5QjcwRUU4OUVCOTg4QjhGRDkxMTUNCg0KDQo="} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1430752225251,"flow_last_seen":1430752525284,"flow_idle_time":180000,"flow_min_l4_payload_len":119,"flow_max_l4_payload_len":119,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1430752525284,"l3_proto":"ip4","src_ip":"192.168.0.102","dst_ip":"239.192.152.143","src_port":6771,"dst_port":6771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":1430752525284} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"bt_search.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":238,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1430752525284} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,8 +14,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4942016 bytes -~~ total memory freed........: 4942016 bytes +~~ total memory allocated....: 4942040 bytes +~~ total memory freed........: 4942040 bytes ~~ total allocations/frees...: 101147/101147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/capwap.pcap.out b/test/results/capwap.pcap.out index daaa58968..ba8f3a754 100644 --- a/test/results/capwap.pcap.out +++ b/test/results/capwap.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"capwap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1422328949167} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1422328949167} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1422328949167,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":107,"pkt_l4_len":73,"thread_ts_msec":1422328949167,"pkt":"uDhh8wWsJOmzR64gCABFwABdANlAAH8RZJPAqAoJwKgKChR+MFsASQAAAQAAABX+\/wABAAAAAAABADCRUl3gOBqBz\/u8XElQaHVuhYA4Oyehwv8gEXQ+BVAOU1L6bxnlZCgpb3mFtLC\/ZhI="} 00639{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422328949167,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} @@ -45,7 +45,7 @@ 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":173,"flow_first_seen":1422329017533,"flow_last_seen":1422329175528,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":428,"flow_tot_l4_payload_len":26636,"flow_avg_l4_payload_len":153,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-data-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":48,"global_ts_msec":1422329175528} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","packets-captured":422,"packets-processed":397,"total-skipped-flows":0,"total-l4-data-len":81835,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1422329175528} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 422/397 ~~ skipped flows.............: 0 @@ -54,8 +54,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4695503 bytes -~~ total memory freed........: 4695503 bytes +~~ total memory allocated....: 4695527 bytes +~~ total memory freed........: 4695527 bytes ~~ total allocations/frees...: 101554/101554 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 186 chars diff --git a/test/results/cassandra.pcap.out b/test/results/cassandra.pcap.out index 5fc9541f3..99baf701b 100644 --- a/test/results/cassandra.pcap.out +++ b/test/results/cassandra.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cassandra.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1450889498032} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1450889498032} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1450889498032,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1450889498032,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA86nRAAEAGUkV\/AAABfwAAAbXII1K9tHk3AAAAAKACqqr+MAAAAgT\/1wQCCAon7JNDAAAAAAEDAwc="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1450889498032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1450889498032,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASNStcjswQ7evbR5OKASqqr+MAAAAgT\/1wQCCAon7JNDJ+yTQwEDAwc="} @@ -12,7 +12,7 @@ 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1450889498074,"flow_last_seen":1450889498074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1450889498074,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} 00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":144,"flow_first_seen":1450889498032,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25148,"flow_tot_l4_payload_len":78224,"flow_avg_l4_payload_len":543,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46536,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} 00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1450889498074,"flow_last_seen":1450889698077,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":11446,"flow_tot_l4_payload_len":28884,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1450889698077,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":46537,"dst_port":9042,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Cassandra","breed":"Acceptable","category":"Database"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-data-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1450889698077} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":286,"source":"cassandra.pcap","alias":"nDPId-test","packets-captured":286,"packets-processed":286,"total-skipped-flows":0,"total-l4-data-len":107108,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1450889698077} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 286/286 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688964 bytes -~~ total memory freed........: 4688964 bytes +~~ total memory allocated....: 4688988 bytes +~~ total memory freed........: 4688988 bytes ~~ total allocations/frees...: 101432/101432 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/check_mk_new.pcap.out b/test/results/check_mk_new.pcap.out index 14ee4a81c..71915a822 100644 --- a/test/results/check_mk_new.pcap.out +++ b/test/results/check_mk_new.pcap.out @@ -1,12 +1,12 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"check_mk_new.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1512031663734} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1512031663734} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1512031663734,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1512031663734,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA8gwhAAEAGbgrAqGQWwKhkMuZ2GZzVcug3AAAAAKACchA4TQAAAgQFtAQCCAorDGs\/AAAAAAEDAwc="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1512031663734,"pkt":"8soKyPpERjIA9qTsCABFAAA8AABAAEAG8SLAqGQywKhkFhmc5nZuqQJN1XLoOKAScSBJyAAAAgQFtAQCCAoWUVydKwxrPwEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1512031663734,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1512031663734,"pkt":"RjIA9qTs8soKyPpECABFEAA0gwlAAEAGbhHAqGQWwKhkMuZ2GZzVcug4bqkCToAQAOVJwAAAAQEICisMaz8WUVyd"} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1512031663734,"flow_last_seen":1512031663736,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1512031663736,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} 00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1512031663734,"flow_last_seen":1512031663775,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":4096,"flow_tot_l4_payload_len":13758,"flow_avg_l4_payload_len":140,"midstream":0,"thread_ts_msec":1512031663775,"l3_proto":"ip4","src_ip":"192.168.100.22","dst_ip":"192.168.100.50","src_port":58998,"dst_port":6556,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CHECKMK","breed":"Acceptable","category":"DataTransfer"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-data-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1512031663775} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":98,"source":"check_mk_new.pcap","alias":"nDPId-test","packets-captured":98,"packets-processed":98,"total-skipped-flows":0,"total-l4-data-len":13758,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1512031663775} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 98/98 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682640 bytes -~~ total memory freed........: 4682640 bytes +~~ total memory allocated....: 4682664 bytes +~~ total memory freed........: 4682664 bytes ~~ total allocations/frees...: 101241/101241 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars diff --git a/test/results/chrome.pcap.out b/test/results/chrome.pcap.out index 719d6d3e9..f97bd39ad 100644 --- a/test/results/chrome.pcap.out +++ b/test/results/chrome.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"chrome.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1620902507870} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620902507870} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620902507870,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620902507870,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64393,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620902507870,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620902507870,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EvuJAbsdWbUDAAAAALAC\/\/8TEgAAAgQFtAEDAwUBAQgKM3SSOAAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"chrome.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620902507899,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620902507899,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7+4lEvFS6HVm1BKAS\/og8HwAAAgQFrAQCCAo6mxVSM3SSOAEDAwc="} @@ -42,7 +42,7 @@ 00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":956,"flow_first_seen":1620902509273,"flow_last_seen":1620902515019,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":773272,"flow_avg_l4_payload_len":808,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64409,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00676{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1106,"flow_first_seen":1620902509274,"flow_last_seen":1620902515040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":914291,"flow_avg_l4_payload_len":826,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64410,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00677{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":1199,"flow_first_seen":1620902509276,"flow_last_seen":1620902515049,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1009870,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620902515049,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":64411,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":5633,"packets-processed":5633,"total-skipped-flows":0,"total-l4-data-len":4613247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-events-serialized":45,"global_ts_msec":1620902515049} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5633,"source":"chrome.pcap","alias":"nDPId-test","packets-captured":5633,"packets-processed":5633,"total-skipped-flows":0,"total-l4-data-len":4613247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620902515049} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5633/5633 ~~ skipped flows.............: 0 @@ -51,8 +51,8 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4860097 bytes -~~ total memory freed........: 4860097 bytes +~~ total memory allocated....: 4860121 bytes +~~ total memory freed........: 4860121 bytes ~~ total allocations/frees...: 106809/106809 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/coap_mqtt.pcap.out b/test/results/coap_mqtt.pcap.out index 1bdf00f41..fb41ffc88 100644 --- a/test/results/coap_mqtt.pcap.out +++ b/test/results/coap_mqtt.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"coap_mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1333957710293} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1333957710293} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1333957710293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1333957710293,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACARQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7nMWMwAg\/RpDAQXKchYzKy53ZWxsLWtub3duBGNvcmU="} 00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957710293,"flow_last_seen":1333957710293,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1333957710293,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61043,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} @@ -15,7 +15,7 @@ 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1333957720773,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":90,"pkt_l4_len":36,"thread_ts_msec":1333957720773,"pkt":"ACOJtMwBSF1gwJdKht1gAAAAACQRQCABDagCFRFxoQvLSI+DV\/YgAQYgAAg12QAAAAAAAAAQ7ncWMwAkKH5FAYp0chYzKy53ZWxsLWtub3duBGNvcmUQEj3U"} 00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1333957720773,"flow_last_seen":1333957720773,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1333957720773,"l3_proto":"ip6","src_ip":"2001:da8:215:1171:a10b:cb48:8f83:57f6","dst_ip":"2001:620:8:35d9::10","src_port":61047,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-events-serialized":18,"global_ts_msec":1375090528017} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":124,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":5,"total-active-flows":5,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1375090528017} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1375090528017,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":81,"pkt_l4_len":27,"thread_ts_msec":1375090528017,"pkt":"uCfrprIvACTop0mhht1gAAAAABsRQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADgtsWMwAblIJCAekbB5C4c2VwYXJhdGUQ0SMR"} 00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1375090528017,"flow_last_seen":1375090528017,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":1375090528017,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} @@ -37,7 +37,7 @@ 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1375090935293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":66,"pkt_l4_len":12,"thread_ts_msec":1375090935293,"pkt":"ACTop0mhuCfrprIvht1gAAAAAAwRQLu7AAAAAAAAAAAAAAAAAAO7uwAAAAAAAAAAAAAAAAABFjO24wAMxd1gRJUi"} 00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1375090528017,"flow_last_seen":1375090529165,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":129,"flow_tot_l4_payload_len":156,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1375090935293,"l3_proto":"ip6","src_ip":"bbbb::1","dst_ip":"bbbb::3","src_port":33499,"dst_port":5683,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"COAP","breed":"Safe","category":"RPC"}} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1375091005616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1375091005616,"pkt":"uCfrprIvACTop0mhht1gAAAAAB8RQLu7AAAAAAAAAAAAAAAAAAG7uwAAAAAAAAAAAAAAAAADtuMWMwAfsCNAAZUjt3N0b3JhZ2UKbXlyZXNvdXJjZQ=="} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-events-serialized":40,"global_ts_msec":1455907243976} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1455907243976} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":22,"thread_ts_msec":1455907243976,"pkt":"CAAnmO\/hCAAnAERyCABFAAAqELhAAIAG+F7AqDgBwKg4ZdESRF16higakEiEGVAYAQAwoAAAwAAAAAAA"} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907243976,"flow_last_seen":1455907243976,"flow_idle_time":7440000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":2,"flow_tot_l4_payload_len":2,"flow_avg_l4_payload_len":2,"midstream":1,"thread_ts_msec":1455907243976,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53522,"dst_port":17501,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} @@ -88,7 +88,7 @@ 00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":1926,"flow_first_seen":1455907258332,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53523,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":1919,"flow_first_seen":1455907271483,"flow_last_seen":1455907286855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61604,"flow_avg_l4_payload_len":32,"midstream":1,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.101","dst_ip":"192.168.56.1","src_port":17501,"dst_port":53524,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":1928,"flow_first_seen":1455907267002,"flow_last_seen":1455907286845,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":61855,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1455907286855,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":53528,"dst_port":17501,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00487{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":8516,"packets-processed":8514,"total-skipped-flows":0,"total-l4-data-len":294179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-events-serialized":91,"global_ts_msec":1455907286855} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8516,"source":"coap_mqtt.pcap","alias":"nDPId-test","packets-captured":8516,"packets-processed":8514,"total-skipped-flows":0,"total-l4-data-len":294179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":16,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":91,"global_ts_msec":1455907286855} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8516/8514 ~~ skipped flows.............: 0 @@ -97,8 +97,8 @@ ~~ total active/idle flows...: 16/16 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4947976 bytes -~~ total memory freed........: 4947976 bytes +~~ total memory allocated....: 4948000 bytes +~~ total memory freed........: 4948000 bytes ~~ total allocations/frees...: 109706/109706 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars diff --git a/test/results/cpha.pcap.out b/test/results/cpha.pcap.out index d1f47911c..893eadc60 100644 --- a/test/results/cpha.pcap.out +++ b/test/results/cpha.pcap.out @@ -1,10 +1,10 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cpha.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1603354463286} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1603354463286} 00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603354463286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":96,"pkt_l4_len":58,"thread_ts_msec":1603354463286,"pkt":"AQBeFQMBAAAAAAEBgQAAFQgARQAATgAAAAD\/EQyKAAAAAKwVAwAftB+0ADpJ\/BqQDDEnhQABABZ5PgAB\/\/7gSgEAAAIAAQAACAoAAgADAAQAAAIECQAAAAkAAAAAAAIA"} 00619{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}} 00658{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1603354463286,"flow_last_seen":1603354463286,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1603354463286,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"172.21.3.0","src_port":8116,"dst_port":8116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CPHA","breed":"Fun","category":"Network"}} -00465{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1603354463286} +00544{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"cpha.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1603354463286} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars ~~ json string max len.......: 663 chars -~~ json string avg len.......: 547 chars +~~ json string avg len.......: 548 chars diff --git a/test/results/dcerpc.pcap.out b/test/results/dcerpc.pcap.out index a5a1de700..4fcbb60d2 100644 --- a/test/results/dcerpc.pcap.out +++ b/test/results/dcerpc.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dcerpc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1602860709979} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1602860709979} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":180000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01303{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1602860709979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":684,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":684,"pkt_l4_len":650,"thread_ts_msec":1602860709979,"pkt":"AA7wSJ4FABwGCybtCABFAAKeAX4AAB4RFWLAqAELwKgBFMADiJQCip8cBAAgAAAAAADeoAAAbJcR0YJxAAEBAQFN3qAAAWyXEdGCcQCgJELffTX9qQA1ihISgAQAHAYLJu0AAAAAAAAAAQAAAAAAAP\/\/\/\/8CMgAAAAAAAAMtAAACHgAAAy0AAAAAAAACHgEBAEQBAAABCfGlMMdfbUe2f4BzQ53qrQACABwGCybt3qAAAGyXEdGCcQBkAQ0AKgAAABECWIiSAA5wbGN4YmtvbnRyNzRiNwECAGgBAAABAAGIkgAAAAIAKIAAACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAcAAAABAAAAAIAAAAEAAIABAAIAAIACAAMAAQABAAQAAgABAAYAAwABAAkAAgACAAEACAAEAAEACwECAGgBAAACAAKIkgAAAAIAKIAQACAAAgABAAD\/\/\/\/\/AAMAA8AAAAAAAAAAAAEAAAAAAAIAAgABAAYABAABAAkABwAAAAEAAAAAgAAAAQAAgAEAAgAAgAIAAwABAAEABAACAAEABQADAAEACAEEAEoBAAABAAAAAAAAAAAEBgAAAAQAAQAAAAEAAAABAAABAYAAAAAAAgAAAAEAAAEBgAEAAAADAAAAAQAAAQGAAgAAAAMAAAABAAABAQEEACABAAABAAAAAAABAQAA2AAAAAEAAQAAAAEAAQABAAEBAQEEACYBAAABAAAAAAACCAgABAAAAAEAAQAAAAEAAwABAAEBAQACAAEBAQEEACABAAABAAAAAAADCAAAAgAAAAEAAQAAAAEAAQABAAEBAQEEACABAAABAAAAAAAEAAgAUgAAAAEAAQAAAAEAAgACAAEBAQEDABYBAAABiJIAAAAAAAEAAwAAAQDAAKAA"} 00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1602860709979,"flow_last_seen":1602860709979,"flow_idle_time":180000,"flow_min_l4_payload_len":642,"flow_max_l4_payload_len":642,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":642,"midstream":0,"thread_ts_msec":1602860709979,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} @@ -22,7 +22,7 @@ 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709993,"flow_last_seen":1602860710062,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":804,"flow_tot_l4_payload_len":2212,"flow_avg_l4_payload_len":368,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49161,"dst_port":49155,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1602860709979,"flow_last_seen":1602860710032,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":953,"flow_tot_l4_payload_len":3454,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.11","dst_ip":"192.168.1.20","src_port":49155,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1602860710063,"flow_last_seen":1602860710063,"flow_idle_time":180000,"flow_min_l4_payload_len":132,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":264,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1602860710071,"l3_proto":"ip4","src_ip":"192.168.1.20","dst_ip":"192.168.1.11","src_port":49162,"dst_port":34964,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RPC","breed":"Acceptable","category":"RPC"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":25,"global_ts_msec":1602860710071} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"dcerpc.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":6194,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1602860710071} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -31,8 +31,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682878 bytes -~~ total memory freed........: 4682878 bytes +~~ total memory allocated....: 4682902 bytes +~~ total memory freed........: 4682902 bytes ~~ total allocations/frees...: 101168/101168 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/dhcp-fuzz.pcapng.out b/test/results/dhcp-fuzz.pcapng.out index 9ed1cf40f..8c0a1b56c 100644 --- a/test/results/dhcp-fuzz.pcapng.out +++ b/test/results/dhcp-fuzz.pcapng.out @@ -1,10 +1,10 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1268519154926} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1268519154926} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00852{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1268519154926,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1268519154926,"pkt":"\/\/\/\/\/\/\/\/AB8p2i15CABFAAFIfVQAAIAR+kDAqJto\/\/\/\/\/wBEAEMBNNQyAQEGAMl5uWAAAAAAwKgBaAAAAAAAAAAAAAAAAAAfKdoteQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1wAAAAAAAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZQAAAAAAAAAAAABjglNjNQFqPQcBAB8p2i15DAdNSzAzODYyPDFNU0ZUIDUuMDcMAQ8DBiwuLx8h+Sv8KwPcAQD\/AAAAACUAAAAA"} 00713{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"","fingerprint":"","class_ident":""}} 00588{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1268519154926,"flow_last_seen":1268519154926,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1268519154926,"l3_proto":"ip4","src_ip":"192.168.155.104","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1268519154926} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dhcp-fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":300,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1268519154926} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,8 +13,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars diff --git a/test/results/diameter.pcap.out b/test/results/diameter.pcap.out index ff45e78f9..53aae328a 100644 --- a/test/results/diameter.pcap.out +++ b/test/results/diameter.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"diameter.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1263278878271} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1263278878271} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00912{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":398,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":398,"pkt_l4_len":364,"thread_ts_msec":1263278878271,"pkt":"ABpk3ZWLACYYlIbACABFAAGABtlAAIAGAAAKyQn1CskJC8cNDxz34fq2+LwvkFAY+gQqBAAAAQABWIAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAAAAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAbhAAAAkAAABuUAAAAwAAAACAAABukAAAA1kYmlsbAAAAAAAAaBAAAAMAAAAAQAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1263278878271,"flow_last_seen":1263278878271,"flow_idle_time":7440000,"flow_min_l4_payload_len":344,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":344,"flow_avg_l4_payload_len":344,"midstream":1,"thread_ts_msec":1263278878271,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} 00768{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1263278878292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":290,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":290,"pkt_l4_len":256,"thread_ts_msec":1263278878292,"pkt":"ACYYlIbAABpk3ZWLCABFAAEUlYlAAEAGe8kKyQkLCskJ9Q8cxw34vC+Q9+H8DlAYGSCUIQAAAQAA7EAAARAAAAAEAupJMCbwAAMAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAQxAAAAMAAAH0QAAAQhAAAAaZHNsdTEuY29tdmVyc2UuY29tAAAAAAEoQAAAFGNvbXZlcnNlLmNvbQAAAQJAAAAMAAAABAAAAaBAAAAMAAAAAQAAAZ9AAAAMAAAAAAAAARZAAAAMAABBbQAAADdAAAAMzvaZ5QAAAcBAAAAMAAAABQAAAa9AAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQ="} 00933{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1263278878336,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":414,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":414,"pkt_l4_len":380,"thread_ts_msec":1263278878336,"pkt":"ABpk3ZWLACYYlIbACABFAAGQBtpAAIAGAAAKyQn1CskJC8cNDxz34fwO+LwwfFAY+RgqFAAAAQABaIAAARAAAAAEAupJMSbwAAUAAAEHQAAAHW54bDthcGk7MTI2MzI3ODg3ODE0NwAAAAAAAc1AAAAUQ29tdmVyc2UuRENJAAABAkAAAAwAAAAEAAABCEAAABlueGwxLm5ldHhjZWxsLmNvbQAAAAAAAShAAAAUbmV0eGNlbGwuY29tAAABn0AAAAwAAAABAAABJUAAABlkZ3UyLmNvbXZlcnNlLmNvbQAAAAAAARtAAAAUY29tdmVyc2UuY29tAAAAN0AAAAzO9pmeAAABu0AAACgAAAG8QAAAFDkxOTA4MDAwMDAxNgAAAcJAAAAMAAAAAAAAAaBAAAAMAAAAAgAAAbVAAAA0AAABnUAAACwAAAG9QAAAGAAAAb9AAAAQAAAAAAAAAAIAAAGpQAAADAAAAWQAAAG+QAAANAAAAZ1AAAAsAAABvUAAABgAAAG\/QAAAEAAAAAAAAAABAAABqUAAAAwAAAFk"} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1263278878271,"flow_last_seen":1263278878357,"flow_idle_time":7440000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":360,"flow_tot_l4_payload_len":1656,"flow_avg_l4_payload_len":276,"midstream":1,"thread_ts_msec":1263278878357,"l3_proto":"ip4","src_ip":"10.201.9.245","dst_ip":"10.201.9.11","src_port":50957,"dst_port":3868,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Diameter","breed":"Acceptable","category":"Network"}} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1263278878357} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"diameter.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":1656,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1263278878357} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679972 bytes -~~ total memory freed........: 4679972 bytes +~~ total memory allocated....: 4679996 bytes +~~ total memory freed........: 4679996 bytes ~~ total allocations/frees...: 101149/101149 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/dlt_ppp.pcap.out b/test/results/dlt_ppp.pcap.out index 37149411b..e1b4a58fe 100644 --- a/test/results/dlt_ppp.pcap.out +++ b/test/results/dlt_ppp.pcap.out @@ -1,7 +1,7 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00170{"error_event_id":2,"error_event_name":"Unknown L3 protocol","datalink":9,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_msec":1031} 01927{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"} -00458{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":4,"global_ts_msec":1031} +00537{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":4,"global_ts_msec":1031} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -10,8 +10,8 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 175 chars diff --git a/test/results/dnp3.pcap.out b/test/results/dnp3.pcap.out index d53be4a07..d6c9c45d9 100644 --- a/test/results/dnp3.pcap.out +++ b/test/results/dnp3.pcap.out @@ -1,50 +1,50 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnp3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1097501938503} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1097501938503} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097501938503,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097501938503,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1097501938503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097501938503,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTFlAAIAGmmQKAAAICgAAAwrlTiBVHBrSAAAAAHAC\/\/+mIQAAAgQFtAEBBAI="} 00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097501938503,"flow_last_seen":1097501938504,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097501938504,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1097502623045} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":40,"packets-processed":39,"total-skipped-flows":0,"total-l4-data-len":345,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1097502623045} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097502623045,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097502623045,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1097502623045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097502623045,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTRVAAIAGmagKAAAICgAAAwrzTiBm5W0JAAAAAHAC\/\/9CEwAAAgQFtAEBBAI="} 00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097502623045,"flow_last_seen":1097502623047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097502623047,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-data-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-events-serialized":14,"global_ts_msec":1097504102255} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":79,"packets-processed":78,"total-skipped-flows":0,"total-l4-data-len":540,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":14,"global_ts_msec":1097504102255} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097504102255,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097504102255,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1097504102255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097504102255,"pkt":"AAKzznBRAFAEk3BnCABFAAAwTjtAAIAGmIIKAAAICgAAAwsMTiCPBdusAAAAAHAC\/\/+rNgAAAgQFtAEBBAI="} 00629{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097504102255,"flow_last_seen":1097504102257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097504102257,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00669{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":109,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097502623045,"flow_last_seen":1097502648678,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1097504103602,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2803,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-data-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-events-serialized":21,"global_ts_msec":1097505644006} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":217,"packets-processed":216,"total-skipped-flows":0,"total-l4-data-len":3957,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1097505644006} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097505644006,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097505644006,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":218,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":219,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1097505644006,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097505644006,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAVNAAIAG5WkKAAAJCgAAAwQ4TiAZahgcAAAAAHAC\/\/\/rNQAAAgQFtAEBBAI="} 00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":226,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097505644006,"flow_last_seen":1097505719035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":15,"flow_tot_l4_payload_len":15,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097505719035,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1080,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-data-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-events-serialized":27,"global_ts_msec":1097507785883} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":352,"packets-processed":351,"total-skipped-flows":0,"total-l4-data-len":5682,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":4,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1097507785883} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097507785883,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097507785883,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":352,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":354,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1097507785883,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097507785883,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAaRAAIAG5RkKAAAICgAAAwQ+TiAMLRLKAAAAAHAC\/\/\/9vwAAAgQFtAEBBAI="} 00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":361,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097507785883,"flow_last_seen":1097507785885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097507785885,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-data-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-events-serialized":33,"global_ts_msec":1097510947092} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":445,"packets-processed":444,"total-skipped-flows":0,"total-l4-data-len":7101,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":5,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1097510947092} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097510947092,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097510947092,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":445,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":447,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1097510947092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097510947092,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBZtAAIAG4SIKAAAICgAAAwSHTiCYpsdTAAAAAHAC\/\/+8cwAAAgQFtAEBBAI="} 00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":454,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097510947092,"flow_last_seen":1097510947094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097510947094,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":466,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":39,"flow_first_seen":1097501938503,"flow_last_seen":1097502062040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":345,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1097510950374,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2789,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-data-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-events-serialized":40,"global_ts_msec":1097512255234} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":472,"packets-processed":471,"total-skipped-flows":0,"total-l4-data-len":7296,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1097512255234} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097512255234,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097512255234,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":473,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":474,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":3,"flow_last_seen":1097512255234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097512255234,"pkt":"AAKzznBRAFAEk3BnCABFAAAwBpNAAIAG4CoKAAAICgAAAwSgTiANrtDCAAAAAHAC\/\/895AAAAgQFtAEBBAI="} 00630{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":481,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1097512255234,"flow_last_seen":1097512255236,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":17,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1097512255236,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":496,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":138,"flow_first_seen":1097504102255,"flow_last_seen":1097504224083,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":91,"flow_tot_l4_payload_len":3417,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1097512264841,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":2828,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-data-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-events-serialized":47,"global_ts_msec":1097513177295} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":505,"packets-processed":504,"total-skipped-flows":0,"total-l4-data-len":7593,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":7,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":47,"global_ts_msec":1097513177295} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1097513177295,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1097513177295,"l3_proto":"ip4","src_ip":"10.0.0.9","dst_ip":"10.0.0.3","src_port":1084,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":505,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":506,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1097513177295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1097513177295,"pkt":"AAKzznBRAFAEk3BnCABFAAAwAUpAAIAG5XIKAAAJCgAAAwQ8TiBc3qwfAAAAAHAC\/\/8TugAAAgQFtAEBBAI="} @@ -55,7 +55,7 @@ 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":93,"flow_first_seen":1097507785883,"flow_last_seen":1097507856257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":93,"flow_tot_l4_payload_len":1419,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1086,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1097510947092,"flow_last_seen":1097510959487,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1159,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1097512255234,"flow_last_seen":1097512267645,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":297,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1097513185107,"l3_proto":"ip4","src_ip":"10.0.0.8","dst_ip":"10.0.0.3","src_port":1184,"dst_port":20000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNP3","breed":"Acceptable","category":"IoT-Scada"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-data-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-events-serialized":58,"global_ts_msec":1097513185107} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":543,"source":"dnp3.pcap","alias":"nDPId-test","packets-captured":543,"packets-processed":543,"total-skipped-flows":0,"total-l4-data-len":7788,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1097513185107} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 543/543 ~~ skipped flows.............: 0 @@ -64,8 +64,8 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4703697 bytes -~~ total memory freed........: 4703697 bytes +~~ total memory allocated....: 4703721 bytes +~~ total memory freed........: 4703721 bytes ~~ total allocations/frees...: 101708/101708 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/dns-invalid-chars.pcap.out b/test/results/dns-invalid-chars.pcap.out index 1fa57d2a4..ce25ab46d 100644 --- a/test/results/dns-invalid-chars.pcap.out +++ b/test/results/dns-invalid-chars.pcap.out @@ -1,12 +1,12 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946734886956} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946734886956} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946734886956,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":946734886956,"pkt":"AAAAAAAAAAAAAAAACABFAABMyRJAAEARc4x\/AAABfwAAAYyMADUAOP5Ln2wBAAABAAAAAAAAA3d3dxdhbGx5b3VyYmEEBQZhcmViZWxvbmd0bwJjbgAAAQAB"} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946734886956,"flow_last_seen":946734886956,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":946734886956,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourba???arebelongto.cn","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00530{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946734886957,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":946734886957,"pkt":"AAAAAAAAAAAAAAAACABFAABcAABAAEARPI9\/AAABfwAAAQA1jIwASP5bn2yBgAABAAEAAAAAA3d3dxdhbGx5b3VyYmFzZXNhcmUBAgNvbmd0bwJjbgAAAQABwAwAAQABAAAAPAAEE7mN8Q=="} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.allyourbasesare???ongto.cn","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"19.185.141.241"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946734886956,"flow_last_seen":946734886957,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":946734886957,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":35980,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":946734886957} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns-invalid-chars.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":112,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946734886957} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679856 bytes -~~ total memory freed........: 4679856 bytes +~~ total memory allocated....: 4679880 bytes +~~ total memory freed........: 4679880 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars diff --git a/test/results/dns-tunnel-iodine.pcap.out b/test/results/dns-tunnel-iodine.pcap.out index 8da920ea8..1ce160a75 100644 --- a/test/results/dns-tunnel-iodine.pcap.out +++ b/test/results/dns-tunnel-iodine.pcap.out @@ -1,5 +1,5 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1282356640051} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1282356640051} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1282356640051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABEAABAAEARIngKAAIeCgACFK5fADUAMAHkErABAAABAAAAAAAAC3ZhYWFha2FyZGxpBnBpcmF0ZQNzZWEAAAoAAQ=="} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":0,"num_answers":0,"reply_code":0,"query_type":10,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -7,7 +7,7 @@ 00914{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1282356640051,"flow_last_seen":1282356640051,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1282356640051,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"vaaaakardli.pirate.sea","num_queries":1,"num_answers":1,"reply_code":0,"query_type":10,"rsp_type":10,"rsp_addr":"0.0.0.0"}} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1282356640051,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1282356640051,"pkt":"CAAnx266CAAnnOC0CABFAABZAABAAEARImMKAAIeCgACFK5fADUARcobMN8BAAABAAAAAAAAIGxhZWdwdW1pcGxoaHB6MTJ5bmQxZWZsandsa2pjZ3d5BnBpcmF0ZQNzZWEAAAoAAQ=="} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1282356640051,"flow_last_seen":1282356664538,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1470,"flow_tot_l4_payload_len":52024,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1282356664538,"l3_proto":"ip4","src_ip":"10.0.2.30","dst_ip":"10.0.2.20","src_port":44639,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-data-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1282356664538} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":438,"source":"dns-tunnel-iodine.pcap","alias":"nDPId-test","packets-captured":438,"packets-processed":434,"total-skipped-flows":0,"total-l4-data-len":52024,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1282356664538} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 438/434 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4692384 bytes -~~ total memory freed........: 4692384 bytes +~~ total memory allocated....: 4692408 bytes +~~ total memory freed........: 4692408 bytes ~~ total allocations/frees...: 101577/101577 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars diff --git a/test/results/dns_ambiguous_names.pcap.out b/test/results/dns_ambiguous_names.pcap.out index 99165c591..6fee1185b 100644 --- a/test/results/dns_ambiguous_names.pcap.out +++ b/test/results/dns_ambiguous_names.pcap.out @@ -1,5 +1,5 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1625744123717} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625744123717} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625744123717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1625744123717,"pkt":"ABshv2HAVASmitEsCABFAABS3sIAAEARfvYKyAILCAgICLz3ADUAPh0yZjEBIAABAAAAAAABCjQxLWNvdXJpZXIEcHVzaAVhcHBsZQNjb20AAAEAAQAAKRAAAAAAAAAA"} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625744123717,"flow_last_seen":1625744123717,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1625744123717,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":48375,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ApplePush","breed":"Acceptable","category":"Cloud"},"dns": {"query":"41-courier.push.apple.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -60,7 +60,7 @@ 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123796,"flow_last_seen":1625744123823,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":57051,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744123890,"flow_last_seen":1625744123973,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":42790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625744124422,"flow_last_seen":1625744124461,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1625744124461,"l3_proto":"ip4","src_ip":"10.200.2.11","dst_ip":"8.8.8.8","src_port":44883,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-events-serialized":63,"global_ts_msec":1625744124461} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dns_ambiguous_names.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":1947,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":63,"global_ts_msec":1625744124461} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -69,8 +69,8 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688226 bytes -~~ total memory freed........: 4688226 bytes +~~ total memory allocated....: 4688250 bytes +~~ total memory freed........: 4688250 bytes ~~ total allocations/frees...: 101190/101190 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars diff --git a/test/results/dns_doh.pcap.out b/test/results/dns_doh.pcap.out index bd8cedfbb..5aa59840f 100644 --- a/test/results/dns_doh.pcap.out +++ b/test/results/dns_doh.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1571089200789} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1571089200789} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1571089200789,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1571089200789,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1571089200789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1571089200789,"pkt":"WkBO7NFkeDHBvV4kCABFAABAAABAAEAGI5asFAoEaBD4+cLVAbuk7FgiAAAAALAC\/\/+OlwAAAgQFtAEDAwYBAQgKHZWyDQAAAAAEAgAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1571089200876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1571089200876,"pkt":"eDHBvV4kWkBO7NFkCABFAAA0AAAAADAGc6JoEPj5rBQKBAG7wtXKYdwupOxYI4ASchB+OgAAAgQFFAEBBAIBAwMK"} @@ -7,7 +7,7 @@ 00912{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1571089200789,"flow_last_seen":1571089200878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1571089200878,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00953{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1571089200789,"flow_last_seen":1571089200968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1817,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1571089200968,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.3","client_requested_server_name":"mozilla.cloudflare-dns.com","ja3":"b20b44b18b853ef29ab773e921b03422","ja3s":"eb1d94daa7e0344597e756a1fb6e7054","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":142,"flow_first_seen":1571089200789,"flow_last_seen":1571089204031,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":12658,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1571089204031,"l3_proto":"ip4","src_ip":"172.20.10.4","dst_ip":"104.16.248.249","src_port":49877,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-data-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1571089204031} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":142,"source":"dns_doh.pcap","alias":"nDPId-test","packets-captured":142,"packets-processed":142,"total-skipped-flows":0,"total-l4-data-len":12658,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1571089204031} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 142/142 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686006 bytes -~~ total memory freed........: 4686006 bytes +~~ total memory allocated....: 4686030 bytes +~~ total memory freed........: 4686030 bytes ~~ total allocations/frees...: 101288/101288 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/dns_dot.pcap.out b/test/results/dns_dot.pcap.out index 079d5301f..65cd45ace 100644 --- a/test/results/dns_dot.pcap.out +++ b/test/results/dns_dot.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_dot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1572783663234} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1572783663234} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572783663234,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572783663234,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572783663234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663234,"pkt":"uCfrK5DxCAAnjau+CABFAAA8w6dAAEAGpKPAqAG5CAgICOOyA1VVRPv3AAAAAKAC+vDSnwAAAgQFtAQCCAoqL5UTAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572783663269,"pkt":"CAAnjau+uCfrK5DxCABFAAA8cqUAAHcG\/qUICAgIwKgBuQNV47LuO0vYVUT7+KAS6yDKxQAAAgQFZAQCCAqOOwAQKi+VEwEDAwg="} @@ -7,7 +7,7 @@ 01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572783663234,"flow_last_seen":1572783663269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":198,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1572783663269,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01643{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1572783663234,"flow_last_seen":1572783663319,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":3267,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1572783663319,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"4fa5e77b91a47e7cdcf5a5e6d25f8449","ja3s":"2b341b88c742e940cfb485ce7d93dde7","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"BE:73:46:2A:2E:FB:A9:E9:42:D0:71:10:1B:8C:BF:44:6A:5D:AD:53"}} 01056{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1572783663234,"flow_last_seen":1572783666246,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3069,"flow_tot_l4_payload_len":4269,"flow_avg_l4_payload_len":177,"midstream":0,"thread_ts_msec":1572783666246,"l3_proto":"ip4","src_ip":"192.168.1.185","dst_ip":"8.8.8.8","src_port":58290,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1572783666246} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"dns_dot.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":4269,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1572783666246} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686751 bytes -~~ total memory freed........: 4686751 bytes +~~ total memory allocated....: 4686775 bytes +~~ total memory freed........: 4686775 bytes ~~ total allocations/frees...: 101182/101182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/dns_exfiltration.pcap.out b/test/results/dns_exfiltration.pcap.out index 3d1b1d26c..3196f0bb1 100644 --- a/test/results/dns_exfiltration.pcap.out +++ b/test/results/dns_exfiltration.pcap.out @@ -1,5 +1,5 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_exfiltration.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1580978146717} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1580978146717} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1580978146717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":215,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":215,"pkt_l4_len":181,"thread_ts_msec":1580978146717,"pkt":"qqru7hERjNzURr7ECABFAADJegRAAD8RAADAqNw4wKjLp9w1ADUAtSn4OR0BAAABAAAAAAAABmRuc2NhdDw1NDZiMDNmNTAwMDAwMDAwMDBhNjAyM2VkNGRmMTg0ZDZhYzVjMjYyOGI0NzcxNGZkZWU1ODRmZWQ3Mzk8NWEwM2I1YjFlMWFhOGY4ZmRiMWJiZThkNWUwNDk1MjE0MWY3ZDRmODJjN2UzYjA2ZGNjOGI4N2ZhZDdhGjE5ZTRkMDk4ZGM4YzYxOGY4ZDgxY2ZlYjAyAAAPAAE="} 00979{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1580978146717,"flow_last_seen":1580978146717,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":173,"flow_tot_l4_payload_len":173,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1580978146717,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":0,"num_answers":0,"reply_code":0,"query_type":15,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -7,7 +7,7 @@ 00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1580978146717,"flow_last_seen":1580978146888,"flow_idle_time":180000,"flow_min_l4_payload_len":173,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1580978146888,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"e1aa8f8fdb1bbe8d5e04952141f7d4f82c7e3b06dcc8b87fad7a.19e4d098dc8c618f8d81cfeb02","num_queries":1,"num_answers":1,"reply_code":0,"query_type":15,"rsp_type":15,"rsp_addr":"0.0.0.0"}} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1580978147753,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1580978147753,"pkt":"qqru7hERjNzURr7ECABFAACYekZAAD8RAADAqNw4wKjLp9w1ADUAhCnHfRoBAAABAAAAAAAABmRuc2NhdDw5MWYwMDNmNTAwZjYxMjIxODEwYWVhMDAwMDA0ODYzYzY5MTU4MGVjYWQ2NmY2NGFjN2RkYjg3Yjg5YzcmOTIwMDgyMWU1MjdkNGUxNzYzMjUzYzI1ZTI5N2UyYWE0MTEzZDAAAAUAAQ=="} 00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":300,"flow_first_seen":1580978146717,"flow_last_seen":1580978206707,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":344,"flow_tot_l4_payload_len":60945,"flow_avg_l4_payload_len":203,"midstream":0,"thread_ts_msec":1580978206707,"l3_proto":"ip4","src_ip":"192.168.220.56","dst_ip":"192.168.203.167","src_port":56373,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00487{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-data-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1580978206707} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":300,"source":"dns_exfiltration.pcap","alias":"nDPId-test","packets-captured":300,"packets-processed":300,"total-skipped-flows":0,"total-l4-data-len":60945,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1580978206707} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 300/300 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688498 bytes -~~ total memory freed........: 4688498 bytes +~~ total memory allocated....: 4688522 bytes +~~ total memory freed........: 4688522 bytes ~~ total allocations/frees...: 101443/101443 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars diff --git a/test/results/dns_fragmented.pcap.out b/test/results/dns_fragmented.pcap.out index 48fc8d2ae..b8f7425b0 100644 --- a/test/results/dns_fragmented.pcap.out +++ b/test/results/dns_fragmented.pcap.out @@ -1,5 +1,5 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_fragmented.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1558968008021} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1558968008021} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1558968008021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1558968008021,"pkt":"AAwpil3XAIac51UUCABFAABE5WoAAG8R7BGs2ShMwRjj7t1oADUAMAwz1D8AEAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAAAA=="} 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -45,7 +45,7 @@ 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 01581{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1558968031134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":886,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":886,"pkt_l4_len":832,"thread_ts_msec":1558968031134,"pkt":"AIac51UUAAwpil3Xht1gAJ7uA0ARQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBQAAAAAAAAEOADWIgANANAyeBoQQAAEAAAAEAAEDZmcyCHdlYmVybGFiAmRlAAAcAAHAEAAGAAEAAAA8ADwDbnMwCHdlYmVyZG5zwBkJd2VibWFzdGVyCXdlYmVybmV0egNuZXQAeFhI6QAADhAAAAOEACTqAAAAADzAEAAuAAEAAAA8AR8ABgoCAAAAPF0SKiBc6o8QkEcId2ViZXJsYWICZGUAsAsLORY9T68251zcXXrXYMubapdXlnVZdczSZ8VjQS3g0dStlbXNUxRf4FJCpZevgIdkz+OzavU4Y3EyCKf5qxw7GiEllt+hznji85+jlwbqxa7BHuVrNf4YxsbIr0kaSblmtIn8e12vMQAgQIzOeK4VKGey+3rFftx2Cs7v0mw4V0Rd+gTYttfq+PLvGu8vSZibXFxqlj86VVzTwvOCEmjqKNyjon+\/djMG\/LpzWXoT2evp9l8K1VcJU\/8uUY9ZE4WS0WjV4uuPKKqmHeTkethHG1xsLp0jKFQP8kYfYkdlxDBuNu6KhurVxO4RiM92K63vMdmIW\/4VjMYm2cPPQCBWTlI1U0hKRjVHQ1RFQ1RIN0wwRUNLTEoxTkRGNE04S8CHADIAAQAAALQAMgEAABQQM4lV2XYIwLE0ewVnw5K1+BQAQBNLJ89Pbt3WSJZWXFg+eo1pkwAGQAAAAAACwZQALgABAAAAtAEfADIKAwAAALRdChEDXOJ73JBHCHdlYmVybGFiAmRlAFwWgMgEjrA1OcHB+Qo5dWmMix1bJ7WFGsQIkPmTlF\/KVvK6k5dVU4FDCZtKPuPYCkg0XLBOcR\/wguOUuuyBL7cbjUoN0UHJur34eNeWLngpBhaxFTmuqY80vKjed0ttFQ6uVnd2OAmDzRp6YxYtTin4\/XGlVO6lMt+k2mYftwRyr5Ohjp6NH+J8dbjX7gkD3ENGAHspVLSTz4LxrhUH8dsbFK8rT\/kUhlCBvTuJYAxOkSEWqp4vVZ54PXcY61pn5KAT8mJWdw+HLsa\/lUjZNXicEmky99XDlPLcJk7OI3ZM83QYPgYAFE\/lMHbTSiiue2rS4deUwWxFmnQYlhv0FA4AACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 00805{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":19,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-events-serialized":48,"global_ts_msec":1559042371783} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":9318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":7,"total-active-flows":7,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1559042371783} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1559042371783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":123,"pkt_l4_len":69,"thread_ts_msec":1559042371783,"pkt":"CFsOoYNeAAwpfKTLht1gCrtxAEURQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBTuhIANQBFzxq5yAEgAAEAAAAAAAEIZmcyLW1nbXQId2ViZXJsYWICZGUAABwAAQAAKRAAAAAAAAAMAAoACJyfIZPEos+4"} 00813{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559042371783,"flow_last_seen":1559042371783,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1559042371783,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":47634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2-mgmt.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -73,7 +73,7 @@ 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968021013,"flow_last_seen":1558968021014,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":824,"flow_tot_l4_payload_len":883,"flow_avg_l4_payload_len":441,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00706{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1559042374838,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-data-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-events-serialized":76,"global_ts_msec":1560869882430} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":22,"total-skipped-flows":0,"total-l4-data-len":10514,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":11,"total-updates":0,"current-active-flows":4,"total-active-flows":11,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":76,"global_ts_msec":1560869882430} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1560869882430,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":129,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":129,"pkt_l4_len":75,"thread_ts_msec":1560869882430,"pkt":"CFsOoYNeAAwpfKTLht1gDk+bAEsRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABERvnYANQBL7vOR3wEgAAEAAAAAAAEFc2lnb2sQdmVydGVpbHRlc3lzdGVtZQNuZXQAAAEAAQAAKRAAAAAAAAAMAAoACKFV23rIz7mH"} 00818{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869882430,"flow_last_seen":1560869882430,"flow_idle_time":180000,"flow_min_l4_payload_len":67,"flow_max_l4_payload_len":67,"flow_tot_l4_payload_len":67,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1560869882430,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":48758,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sigok.verteiltesysteme.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -145,7 +145,7 @@ 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1560869895045,"flow_last_seen":1560869895070,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2620:fe::fe","src_port":46709,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00726{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1560869913753,"flow_last_seen":1560869913756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1732,"flow_tot_l4_payload_len":1786,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1560869916477,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:1f0b:16b0::a26:53","src_port":57089,"dst_port":53,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00487{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-data-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-events-serialized":148,"global_ts_msec":1560869916477} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":66,"source":"dns_fragmented.pcap","alias":"nDPId-test","packets-captured":66,"packets-processed":59,"total-skipped-flows":0,"total-l4-data-len":17861,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":148,"global_ts_msec":1560869916477} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 66/59 ~~ skipped flows.............: 0 @@ -154,8 +154,8 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4698949 bytes -~~ total memory freed........: 4698949 bytes +~~ total memory allocated....: 4698973 bytes +~~ total memory freed........: 4698973 bytes ~~ total allocations/frees...: 101262/101262 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 214 chars diff --git a/test/results/dns_invert_query.pcapng.out b/test/results/dns_invert_query.pcapng.out index ef36a7048..9a3add93b 100644 --- a/test/results/dns_invert_query.pcapng.out +++ b/test/results/dns_invert_query.pcapng.out @@ -1,11 +1,11 @@ 00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_invert_query.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00476{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1618744019230} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1618744019230} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744019230,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1618744019230,"pkt":"AAAAAAAAAAEAVKCBCABFAABAAABAAEARzK6tk2yu9LtfAUf7ADUALMGVd\/wJAAAAAAEAAAAAAzIxNgI1OAMyMDIBNAAAAQABAAAAAAAA"} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744019230,"flow_last_seen":1618744019230,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1618744019230,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"216.58.202.4","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744019235,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":20,"thread_ts_msec":1618744019235,"pkt":"AAAAAAAAAAEAVKCBCABFAAAoAABAADsR0cb0u18BrZNsrgA1R\/sAFEgWd\/yJhAAAAAAAAAAAAAA="} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1618744019230,"flow_last_seen":1618744019235,"flow_idle_time":180000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1618744019235,"l3_proto":"ip4","src_ip":"173.147.108.174","dst_ip":"244.187.95.1","src_port":18427,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":1618744019235} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_invert_query.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":48,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1618744019235} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,8 +14,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679856 bytes -~~ total memory freed........: 4679856 bytes +~~ total memory allocated....: 4679880 bytes +~~ total memory freed........: 4679880 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/dns_long_domainname.pcap.out b/test/results/dns_long_domainname.pcap.out index e4a71b069..a8019f24c 100644 --- a/test/results/dns_long_domainname.pcap.out +++ b/test/results/dns_long_domainname.pcap.out @@ -1,12 +1,12 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dns_long_domainname.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1599686652555} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1599686652555} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1599686652555,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1599686652555,"pkt":"EBMx8Tl2KDc3AG3ICABFAABZsREAAEAR9yLAqAGoCAgICP8fADUARcOpi1QBAAABAAAAAAAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAQ=="} 00804{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1599686652555,"flow_last_seen":1599686652555,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1599686652555,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1599686652578,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_msec":1599686652578,"pkt":"KDc3AG3IEBMx8Tl2CABFAACR3WoAAHYRlJEICAgIwKgBqAA1\/x8AfQAAi1SBgwABAAAAAQAABmdtcjAyYwIxNgEwDGZoa2Zoc2RrZmhzawZ0dW5uZWwHZXhhbXBsZQNjb20AAAEAAcAsAAYAAQAABcMALAJucwVpY2FubgNvcmcAA25vYwNkbnPATHhn+r4AABwgAAAOEAASdQAAAA4Q"} 00814{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"gmr02c.16.0.fhkfhsdkfhsk.tunnel.example.com","num_queries":1,"num_answers":1,"reply_code":3,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1599686652555,"flow_last_seen":1599686652578,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":117,"flow_tot_l4_payload_len":178,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1599686652578,"l3_proto":"ip4","src_ip":"192.168.1.168","dst_ip":"8.8.8.8","src_port":65311,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1599686652578} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dns_long_domainname.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":178,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1599686652578} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679856 bytes -~~ total memory freed........: 4679856 bytes +~~ total memory allocated....: 4679880 bytes +~~ total memory freed........: 4679880 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars diff --git a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out index 0b3292119..7dffbc5c3 100644 --- a/test/results/dnscrypt-v1-and-resolver-pings.pcap.out +++ b/test/results/dnscrypt-v1-and-resolver-pings.pcap.out @@ -1,5 +1,5 @@ 00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00487{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946735705348} +00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946735705348} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946735705348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946735705348,"pkt":"REREREREZmZmZmZmCABFAAIcCf9AAL0Rd68KAAABlTjkLZX0AbsCCDw8f0cBAAABAAAAAAABATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAEAAAAAAAAAAAABxgAMAcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00795{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946735705348,"flow_last_seen":946735705348,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946735705348,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"149.56.228.45","src_port":38388,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} @@ -30,7 +30,7 @@ 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":946735705459,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946735705459,"pkt":"ZmZmZmZmRERERERECABFAADUC58AADQRQFiVOOQtCgAAAQG7iZwAwDxIf0KBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":946735705460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946735705460,"pkt":"ZmZmZmZmRERERERECABFAADUC50AADQRQFqVOOQtCgAAAQG7iqcAwDs5f0aBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} 00706{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":946735705461,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":226,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":226,"pkt_l4_len":192,"thread_ts_msec":946735705461,"pkt":"ZmZmZmZmRERERERECABFAADUC54AADQRQFmVOOQtCgAAAQG7gx0AwELEf0WBgAABAAEAAAAAATINZG5zY3J5cHQtY2VydAhkbnNjcnlwdARjYS0yAAAQAAHADAAQAAEAAAAAAH18RE5TQwACAAAFGFEAAwsZ+sBWpvUVROInn0h1y0+FE\/VHdPKdwGWI15rFeV84ZdSkid7VtVlPn9SchFzfn3Pj66PFpyoNS6YMir6PRfcrBtc8JsfsQb\/FwAoHgENy0Ke+Bxb4NU7gNSOLvo9F9ysG119TYaFfU2GhX1SzIQ=="} -00494{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-events-serialized":33,"global_ts_msec":946739299327} +00573{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":7056,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":6,"total-active-flows":6,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":946739299327} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":946739299327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":946739299327,"pkt":"REREREREZmZmZmZmCABFAAIcFypAAL0R8NAKAAABPtK0R8c8BB0CCLXvBycBAAABAAAAAAABATINZG5zY3J5cHQtY2VydANuczIIaXJpc2VkZW4CZnIAABAAAQAAAAAAAAAAAAHEAAwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739299327,"flow_last_seen":946739299327,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":946739299327,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"62.210.180.71","src_port":51004,"dst_port":1053,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} @@ -1464,7 +1464,7 @@ 00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":236,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739614386,"flow_last_seen":946739614411,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":816,"flow_avg_l4_payload_len":408,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"144.91.106.227","src_port":38660,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":240,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739660371,"flow_last_seen":946739660417,"flow_idle_time":180000,"flow_min_l4_payload_len":384,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":960,"flow_avg_l4_payload_len":480,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"195.30.94.28","src_port":40958,"dst_port":8443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00836{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946739861286,"flow_last_seen":946739861499,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":576,"flow_tot_l4_payload_len":752,"flow_avg_l4_payload_len":376,"midstream":0,"thread_ts_msec":946739861499,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"51.15.62.65","src_port":40675,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00509{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-data-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-events-serialized":1467,"global_ts_msec":946739861499} +00588{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":608,"source":"dnscrypt-v1-and-resolver-pings.pcap","alias":"nDPId-test","packets-captured":608,"packets-processed":488,"total-skipped-flows":0,"total-l4-data-len":289066,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":245,"total-detection-updates":0,"total-updates":6,"current-active-flows":0,"total-active-flows":245,"total-idle-flows":245,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_msec":946739861499} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 608/488 ~~ skipped flows.............: 0 @@ -1473,8 +1473,8 @@ ~~ total active/idle flows...: 245/245 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4906718 bytes -~~ total memory freed........: 4906718 bytes +~~ total memory allocated....: 4906742 bytes +~~ total memory freed........: 4906742 bytes ~~ total allocations/frees...: 102363/102363 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 228 chars diff --git a/test/results/dnscrypt-v2-doh.pcap.out b/test/results/dnscrypt-v2-doh.pcap.out index 71ad84cc0..379ec0209 100644 --- a/test/results/dnscrypt-v2-doh.pcap.out +++ b/test/results/dnscrypt-v2-doh.pcap.out @@ -1,5 +1,5 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946739298533} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946739298533} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00841{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946739298533,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":337,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":337,"pkt_l4_len":303,"thread_ts_msec":946739298533,"pkt":"REREREREZmZmZmZmCABFAAFD4UdAAL0GsQQKAAABi2PeSNGqAbt5f9qX6vvArlAYAfYrngAAFgMBARYBAAESAwPY4R+kmwrmRkwkOvmL20MZvvmmXV\/QYaA6X4C5e+GFvyA2SDuI+F1GOq7qyiEw+aePhhElQVpDVzMYXSdiyok3WQAmwC\/AMMArwCzMqMypwBPACcAUwAoAnACdAC8ANcASAAoTARMDEwIBAACjAAAAEgAQAAANZG9oLTIuc2VieS5pbwAFAAUBAAAAAAAKAAoACAAdABcAGAAZAAsAAgEAAA0AGgAYCAQEAwgHCAUIBgQBBQEGAQUDBgMCAQID\/wEAAQAAEAAOAAwCaDIIaHR0cC8xLjEAEgAAACsACQgDBAMDAwIDAQAzACYAJAAdACA0hS9OEA\/J5twwMByNtSlpgrCPJW9Ooqwd+S9NxEdaCw=="} 00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946739298533,"flow_last_seen":946739298533,"flow_idle_time":7440000,"flow_min_l4_payload_len":283,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":283,"flow_avg_l4_payload_len":283,"midstream":1,"thread_ts_msec":946739298533,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"139.99.222.72","src_port":53674,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"doh-2.seby.io","ja3":"d0ee3237a14bbd89ca4d2b5356ab20ba","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} @@ -240,7 +240,7 @@ 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":946739385216,"flow_last_seen":946739415379,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4699,"flow_avg_l4_payload_len":261,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"104.28.0.106","src_port":39214,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":946739348961,"flow_last_seen":946739364914,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5460,"flow_avg_l4_payload_len":364,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"45.153.187.96","src_port":38018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":946739305016,"flow_last_seen":946739327879,"flow_idle_time":7440000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":2904,"flow_tot_l4_payload_len":5516,"flow_avg_l4_payload_len":324,"midstream":1,"thread_ts_msec":946739888204,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"185.253.154.66","src_port":59404,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-data-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-events-serialized":243,"global_ts_msec":946739888204} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":577,"source":"dnscrypt-v2-doh.pcap","alias":"nDPId-test","packets-captured":577,"packets-processed":577,"total-skipped-flows":0,"total-l4-data-len":185420,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":34,"total-detection-updates":36,"total-updates":0,"current-active-flows":0,"total-active-flows":34,"total-idle-flows":34,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":243,"global_ts_msec":946739888204} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 577/577 ~~ skipped flows.............: 0 @@ -249,8 +249,8 @@ ~~ total active/idle flows...: 34/34 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4871715 bytes -~~ total memory freed........: 4871715 bytes +~~ total memory allocated....: 4871739 bytes +~~ total memory freed........: 4871739 bytes ~~ total allocations/frees...: 101955/101955 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars diff --git a/test/results/dnscrypt-v2.pcap.out b/test/results/dnscrypt-v2.pcap.out index 4939da848..70c6b6f9d 100644 --- a/test/results/dnscrypt-v2.pcap.out +++ b/test/results/dnscrypt-v2.pcap.out @@ -1,5 +1,5 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946760521313} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946760521313} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946760521313,"flow_last_seen":946760521313,"flow_idle_time":180000,"flow_min_l4_payload_len":1088,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1088,"flow_avg_l4_payload_len":1088,"midstream":0,"thread_ts_msec":946760521313,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01919{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946760521313,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1130,"pkt_l4_len":1096,"thread_ts_msec":946760521313,"pkt":"AABeAAEK6qmpVXFVCABFAARcbhBAALERNCZ\/AAABfwAAApb6FOkESCe048PqxHAbR9XexWcgBKkL3kOeOPWTE2vKv7G3b+NOW862Bvwb1rheRQpQUH1mr6e8OCu\/fibn8cYTAvsRcNZA8\/lTdO1zXx64xZvGw9jDVohyuD42K8UoR60NkNdqxmDm0qVliFWXizmljTn2lD7CTHoYDdzqjjkHmHHUYe7NejwHo7UzJLYj4uUoMZ5OBbpbxqfekl3zx\/Y\/4Zdyfk6\/03lvMbG9F2W\/akMw4XwHvq2g20\/z7ROpAn9pbnoIPgkT0bVLMUloa6KCu+fPabNALYQCzXjw1dWf3V3HgmcswkwsHKRU4IqCA\/69xcDmnZfgajXBSpNTdHGZU3HrpU7Y+zKoXZQEmeLc30bXeW5a9kf14ALJr7nP37xAYcN4G1BzEhKbbjiDg1A8CDSXiipFooV7yrAiiDZFfq27wAKZRhDngTzeslBwu2i9MUBFZfRNYKakWYXb0zhir5\/O29uGdH+oix0VAlOhQ1zI2Iy777Cmv9swWs1wCBkrJE\/94M4tHF8XTS+kICmBd4\/\/oCbnlEOyxgE0tpl\/nt7We2odNwl1bEewLva0FOnwrRvhVpfaOoXJc9u0J1yVggsuxaSQHVALa0pkLJp+\/KL1C5ympFZjeFktaMfNQOPv5Z3ESCDKvkHzBBiVXNmZyBQJjVm8OJ2VxCOFxQRcEAfIQp56nl1CI6spURDZCsZVp2WuwyXhdsymxVlmsZMvMariZ7h1rbuSEhdHqejvERJd+oAjcCDcUCZYn75DUrNO01fMsDJFP9eRjUktxwy4\/sGlfHHZsXsBQsVS+zNosEiqeQlMFWbk\/CQC\/Iy+m8JNr48sNXZTfXlgESJMZXIJGI3ZhFWluGHRiSLjWQPEgvt0+8gtmgy\/Sb56ZYrX4M7I0sBjqZhkP6vZD63SReYDlzFMUXd7hqpdFD+DjTIU374ZDUKtowMci+TNbopqyz97shtgi2xwOH9hFddB1RkG4yQjJkESvH+dEwGDhiyuqu1jbA0SFR8P5u+YYRQ+42CE\/iBU+jTsoOwxLsuWVcddU3vstbXn6rqxHgTXYGQFfuQtZFvSdKWnmTw8z9w8zndi+uHY\/vuoYXfx78owiiwhQhGyfvFoeyz6rWetZHRBw8zdBPggojOpslDYBovfLfe36dR5k4GtMpkpWYRt2em7VCMyF\/XbQIJEmhp+Ako20cMzqWuCfInK3G1X2JqV5rUe\/hqwd4JCyxrYqNuTc0r7m\/tXkqg9Pt8Nefpg\/ArWfvW+92iTAzlNVO3aq1ykTtQZiIeO81hVzagjUmsfI9nbIftuGPqsEIReSMuv5dWv6UgqYAe4C\/Xx87KHRwvxYrw2wdoQQVmttjR1\/zLAosSHz6yXxjq3yFjyK9Klg3OqBxrG0xMTunO9JWWEVDj8mxnhWJ808mUKd\/9SGzIWV6hSgWaIDqMtm18GCQPG3sT0f23Y6zC5qmo="} 00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946760521327,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":946760521327,"pkt":"6qmpVXFVLGv1oHfACABFAAEMLuFAADYR8aV\/AAACfwAAARTplvoA+BE2cjZmbnZXajgKUFB9Zq+nvDgrv35wwPFkkokFr1FaigO8H+CEw9XZ9v94iKYdvhofH7\/r0T3rultZ9ZuMYw63KPKpYNyj1i2Vz2KxAnu1y9OcbN8hOMoWFrn1y\/BrWeycOMWNW\/UytoGW9Utt69PEyNka4RcvHRab4iJ\/YjjMR75dgU4mnlrydsdtgAPjXq8XLISW7\/42LpWK7O03ro1N2Q0h\/PZQAkZ8Yr116m7rrS+wia4dqoRvx+npPzTL2uTXQZk6coE4bD7nXs83zCQTiFsawPIKEo\/Czq95ZoX+83ElbKp2Lf2x5F0tvUmYWWas"} @@ -15,7 +15,7 @@ 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605285,"flow_last_seen":946760605298,"flow_idle_time":180000,"flow_min_l4_payload_len":368,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":728,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":50893,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760521313,"flow_last_seen":946760521327,"flow_idle_time":180000,"flow_min_l4_payload_len":240,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1328,"flow_avg_l4_payload_len":664,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":38650,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":946760605202,"flow_last_seen":946760605216,"flow_idle_time":180000,"flow_min_l4_payload_len":176,"flow_max_l4_payload_len":1088,"flow_tot_l4_payload_len":1264,"flow_avg_l4_payload_len":632,"midstream":0,"thread_ts_msec":946760605298,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.2","src_port":42883,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":18,"global_ts_msec":946760605298} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt-v2.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":4048,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":946760605298} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -24,8 +24,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681716 bytes -~~ total memory freed........: 4681716 bytes +~~ total memory allocated....: 4681740 bytes +~~ total memory freed........: 4681740 bytes ~~ total allocations/frees...: 101155/101155 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars diff --git a/test/results/dnscrypt_skype_false_positive.pcapng.out b/test/results/dnscrypt_skype_false_positive.pcapng.out index db1139df7..bb7ad28dd 100644 --- a/test/results/dnscrypt_skype_false_positive.pcapng.out +++ b/test/results/dnscrypt_skype_false_positive.pcapng.out @@ -1,14 +1,14 @@ 00482{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00489{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1625015363846} +00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625015363846} 00608{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625015363846,"flow_last_seen":1625015363846,"flow_idle_time":180000,"flow_min_l4_payload_len":512,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":512,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":1625015363846,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625015363846,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1625015363846,"pkt":"eJS0JASgYDjgxTWgCABFcAIcMeUAAKoRYLfAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD3lhBxF+xRcXm4OudBLKFF3lXNzJRT1n1mCwEwKyGhzNUC6UkZad2AWsmuU16fgPBH\/sceAjxvXbeJaMQ9EbSG+EryR20f36x0OJcNkQYlfmM\/kN4T86L0ASqKQ0TZzuEESSiQX32uxygOna3C7y8YkubD4iZwEIg4QPEIQOdpWbEXtV\/o83jys6juVpKCDsvd9F8BJn0A7cjfMFRaUEMtODCG9KXBGEFHSZ18dK+ql0\/Pni3Dqd6Y7WU9Mlsj6IJPn77nWwLoqZYdJM9PltVUKA0BCDDZWLsJkP+knwwM996eWvPVPxNZ1KKAU+KOVJ04oTxBObGh5XZz6JStYBY6Gu1I+A7lBm6RD\/WCsjY01E5zHZUyzq\/sRzA5mq5v96ugcirzkq3k0\/Yi8TtQ9Ei2s6Y2t9FI5mQA6UNGXKigRJGNMlurE7oVNz9ZGKjrmgUROTHW19Dk8giJLA8E8v8V\/Kx+sNH6hBiMP0Nh9x\/ejK++VYPU3QRVutcD8PafmUWXqxmeXX5tAdjXoA\/bR66F4Yy0keXtHiEolfEIPbbw5Dss1Er21DaArDQUxYztwJdUkbudQ3HagiiDaY7lCwmWsiFTSiz+tzK3sS0+qynhYwsO0Zb6cGdfI="} 00784{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625015363881,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":282,"pkt_l4_len":248,"thread_ts_msec":1625015363881,"pkt":"YDjgxTWgeJS0JASgCABFAAEMb2FAADQRWrvUL+SIwKgCZAG7twoA+ISncjZmbnZXajh5YQcRfsUXF5uDrnRgM\/W0etYbRlCvzAlkKKyMUQLv0ljsGjvVtZfe\/2tl\/VnemuvYfUBk\/FlJZG2T9aqA3YLF1UTRltK97uI2ksWKJgX3BniRDpntrFamW1JEmb\/3xLyET8LVaXWh0WE97YtyY5BJWfj3a3nIABAcBULeLr+9m6kab1t2+yUw8O2x9jiPjOG9E0ybqrKAE6AYHqZ5TwJfUOjYj\/lXF7jHkO1u0hdfTacv4XB0pSOO1yv7woMURQKedSBCZ47xfNaXXx66LiGW4zFY9AWDuJNy+t3jJfjPP44rub81jFTM"} -00491{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":6,"global_ts_msec":1625020200938} +00570{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":3,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":752,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":6,"global_ts_msec":1625020200938} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1625020200938,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1625020200938,"pkt":"eJS0JASgYDjgxTWgCABFcAIcvZMAAIwR8wjAqAJk1C\/kiLcKAbsCCH3e0xsCBCrEBvNJfmmTQksKFsBudVhmUbtKR7UA4dAhr2YeFsWFn50WD0vHrlH\/yRcXvmd7t8+K4M4sVr0Poj8Wk\/utpL\/xCX\/xF62azc12+nNI8QCtVvppS8TlqEq0v0z1ZL6VhUUGpPUFklJ6FIusCvwq2w1dSM6BMePG+Qo4lcOLbOLpFDdDpN7sGyBBByiu62SvizwpJiQ6P3\/ZSXKjnk+4TGpUh1Mb5c9mzEfAV3qGGdzKjeCok93Nwnvp36CiiO\/GOkE9r\/ZYsdRaCmC23bIy9acHKaDgHPfJpiFe0JUanQLCN9xYimCEsH8Zta9Ub1Y03R23fJnK8tpwkYIEBK7LZJ1F9iJoeKxBWFnz1ecGcBI1RX2es6McfzJoxkjQOuHEH6AiYPJoSwpKAve4ipq0HR\/HOtcm2eSvFhLdYG1E+T0mXDh9vYgTW5nrseVIT7nqhIq7lD3WYEFzszkgcd3k9UDRv+myTHfgeMeOMZENFmbm5E8g9X\/DmfsUhaGuiUNClJJMVj7goJjiEWrKvyoRVfrCC4PbNLMbvqDrlvRzXORnY\/CFgO7+WLg3KO2ey7CthW2BKxwYRE712SYEdOkDCt96TjkrXI1srSS+8m95DCo5Kt+A80OCrLXxvwtGpEmk4P+Hhi7NqGvVAPLHH8VQvEse4iqUK05\/zGpQspc="} 00806{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00847{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":5,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1625015363846,"flow_last_seen":1625020200970,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":344,"midstream":0,"thread_ts_msec":1625020200970,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} 00845{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1625015363846,"flow_last_seen":1625020500975,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":2128,"flow_avg_l4_payload_len":354,"midstream":0,"thread_ts_msec":1625020500975,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"212.47.228.136","src_port":46858,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"DNScrypt","breed":"Safe","category":"Network"}} -00495{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1625020500975} +00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"dnscrypt_skype_false_positive.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":2128,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1625020500975} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679972 bytes -~~ total memory freed........: 4679972 bytes +~~ total memory allocated....: 4679996 bytes +~~ total memory freed........: 4679996 bytes ~~ total allocations/frees...: 101149/101149 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 487 chars diff --git a/test/results/doq.pcapng.out b/test/results/doq.pcapng.out index 79b467c89..347311dbc 100644 --- a/test/results/doq.pcapng.out +++ b/test/results/doq.pcapng.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1606056093199} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1606056093199} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1606056093199,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1606056093199,"pkt":"AAAAAAAAAAAAAAAAht1gJqqiBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAButIDEATYBOvN\/wAAIAhwsYltsps+WghOL+O5iCYx+QBEtgiJINLAj38+CB9CqAWNGDJ\/Ht0GdZPYPfPv0gkn+G7KypaOwXpeaLqP2vrcKno6\/xJHt9kjbL2TY4b\/m9R6nztt0oBs85JJhS7Tj\/KxdnJUR5x1KoMSoiK8Up0wKQjS6CJwz+096+5cglByj68BpzrUHMPeI6GM8BR\/Wl2qjunMufbT3ODI125lDdGTaTqNLCMEIjagI12Vrkh1+4q55QnPNmDSc9uNkJ0l5bhH58Gr3GA8HfFg35RCENcGDFpWMYVXiM4ZLQRFPmW9PqqUvAkPFdK1\/e6zKceMIWl6qFwaRZM+da6dEGVcJjr7Z+tAEETRp6uqCb9nnpAvg2AYmEND50nvVEnJ0vebAvnDE4IogXJzua2gFwFm7VLYd1uL79o4iJgu\/rwI3t1+Scpc6iAB46mZWFz3fE1WDQxwSMiil9o8+U4JW1BkjaBlJjEwDLig1LbtT\/HP47m8JDRgq00wdO+B2e1saSoPUtzWH02fRpSsRwHLssxWK\/GeM8n4na9wb14wVoOdjdGJ+KEHpdBBYTSNse3PnwWrKaaP0mh7odZYLBlgeNvTBLAUy7TPWKcxmhtN6bsS\/Yjh2568CzWxz8tWmprG6YblEP1vhUU2WDKbQBSh9+e7EH2JaN6LGpgUM6\/yeDE+g\/QCDKFbnXJHaC3VNe2EpDTrUSTzTJX2ScnDPI4dI01EvvWXSfxAJzcCmkKAUz3B\/F3DS8bS2lYESb9nSox1FCQUX1S8MhWCL4jSZ4wobqLA6VEQ7puZt\/yd5mc0snO7+JferPZwSQV1jN5hdBcuNb6kj\/JG4pzUoB7QTPQcjcnBLCPQDWDzw3nQ+Ebywtgt9T0aEFqJVOTfT95bWTz6VinV\/brwfnTHpSbkUgeBvFyaDcSzRz5tFZ0q4\/gUbfajms9qKrPFsufIU5NQtKyl5gUxP+4xC0KsglyEqg4DVy8vzlOpHC9Zo8AzpD2Cd9yZUaVpS3jLxre91YlfpTBViFMhAAL1N+wl47YhA2pgyB2GGbWg1O6K4C74tiA9XM\/lrGlbtuiyqqRmlQ+OfACiiCT0\/fwnridhEP9NjW3A9LNkp5ph6u81Z1emHsIGmFkXyP7nojGy2XKkTHlNA+eKBGol\/TUgCzHu7qPwHu5vMLlk5NNq3Od8+eHViQU1LY+OXeYFHuY2S+VSf848yXn0P1WZ\/Hf4jpB8WMcPpj0cXHyY46IsajmZ4uRB40h68eDc26RMlrZAfwBIGjks8KSh5b2f1BdJ6LJ4taZkNl8x+qPVYwRdc+lJsRkcGfu+BxMBIzhOPr2wg8uauRqGpIMGiSEXt5eLhu3VHEqTuhLQrFWRwEWEm+WzY4itmVZYx3CM7zWu6j3KhN5W5HEWKe61AmbunEuzKrb9KKf1hG4Uz72IU4aUy8+qV8fLyqPe7E\/Hm\/QiosHbq0whMHw6xHc0E9dDFb7\/w2jqW\/bhRCLrrZSTu8KDShAe9bkemwaFOWgs8zleXJrozrnvcOKNBpToZAop8FcA1V6SZ+05avECZK7qQ04Uc8xlehoG+3W27ZNgeNIiTH8MtU0A5kV6veOOCPQW7GGwaBK9iuORoisN7YKGMwzzN0ZIQ\/IailJpjg=="} 00928{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1606056093199,"flow_last_seen":1606056093199,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1606056093199,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"version":"TLSv1.3","alpn":"doq-i00","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} @@ -12,7 +12,7 @@ 00641{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1606056093560,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":195,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":195,"pkt_l4_len":141,"thread_ts_msec":1606056093560,"pkt":"AAAAAAAAAAAAAAAAht1gAryMAI06QAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAQQoBAAAAABgJPSDAF0RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABAxC60gBdAHBcTi\/juYgmMfl+eB8WJkIN5W\/s2kV3mgzDwRAUXXe+90zefQTxG5fKyAbzm2S0iX0HuS+7+NHu2bYpwdweEdBhQ2oYMUDLzzaxqsrt98mI\/P6gjJFj"} 00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1606056093260,"flow_last_seen":1606056096363,"flow_idle_time":120000,"flow_min_l4_payload_len":141,"flow_max_l4_payload_len":141,"flow_tot_l4_payload_len":846,"flow_avg_l4_payload_len":141,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1606056093199,"flow_last_seen":1606056096363,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3920,"flow_avg_l4_payload_len":280,"midstream":0,"thread_ts_msec":1606056096363,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":47826,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1606056096363} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"doq.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":4766,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1606056096363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686702 bytes -~~ total memory freed........: 4686702 bytes +~~ total memory allocated....: 4686726 bytes +~~ total memory freed........: 4686726 bytes ~~ total allocations/frees...: 101178/101178 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/doq_adguard.pcapng.out b/test/results/doq_adguard.pcapng.out index b11b2e8ed..f61c38ca2 100644 --- a/test/results/doq_adguard.pcapng.out +++ b/test/results/doq_adguard.pcapng.out @@ -1,12 +1,12 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"doq_adguard.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1608278425043} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1608278425043} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02115{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1608278425043,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_msec":1608278425043,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYdAAEARno7AqAypXowODqBuAxAE2E0Zwf8AAB0S1uV91ARNGaKcpPbuz4JRKRijEV3+fOp1xbl+o2VPCxw5C7F1AESjjIExuU1VGYMi3qR5FgZXmV5jW\/GS3bvPGESTCXlAOuaNPS4Z9rqb5GmZjOPu5h+dEeHCBQsH0bRQhppRcffIYyvfvxi5LNyq540e1YcNLgxwEYv9mwEEutsUSgLF8qQi1vATlbVLiQwhaXITCRD653klYnm9BoO04fUR8kaaf1qYfex026282Q5EvztDSyWuA6xW\/3D3I27VAQo2GbCoqYf0QIrZOfacQartZRA3xvw5C0Iz0S7jBboiOrSPOxbet7b4p4CBzdW+POAUSVXQZZS3xQkY5PXEeYGco5aUsp3O0lAaLfFFVll\/srPVtdJxYLG5mlTKam3NxBl9gHT9gkoJzUoEmtdaRDaxhP5yiedQs+JgoW4F1fDqHPMPnBtk1UezjBjE\/COENcHIEQq2HIfbQ9Lv+kS5CfcaSKs2mUQTuvs7\/voDRF2y7TFb+uqyMeAqq3doSDMB2jHa\/EojP\/f+RrMNy\/X7kDEEcbw43eMXD1tzHjBj\/ncaLMsfP3IPyZyF35MF8e+053ploy3mGcl5fW5eZxUFM6FDjn\/9\/9yB7HR5pdMyplGzzI1OpdByhfvbVWjVUlFgtm4LcbCFS9YXIuJWVQaT92LVmTrycmBpec\/NHPi6MerrZrFPH1cWAKJm6C\/35hd09a7vURbcj2Nwu+wvQEGek3M9LNpTgKAxfeLa6jR7yY8FRi9Fslx+40aTEwGgLY10PqSAVV873bY1HrjXgee+hInU5OzwDGisUkG1vjenUqCdXtWODZ9xJFrjxkNSBVsfWyX84bL4AH0cHSMH3bXpv8DZGk6dvuB1thnl5dRd79ArhxOkLRjIKU\/spE2xAqe+laOg7FDuovO8+vb44+p0a1tCIq75DbW5Z\/3eQHDpNFbf\/ZruNBwv0I6n5NxcgHEUQaffXIlX36W8Z8AD3YDD85hA4jZxmySge94o03q\/ZMGs+bJTnaK8KlLmSNMXuFjJ7F4SdWbAr+gE3KQqFqqYY9ZfiG2QbB9\/YTG+8SQBafYwX6k2J2OEpMyUilzmDTz3a5eH47iPLgq2nb2F+k0c4RMx6bB8xhJbOXMxEbB5OktMbojYZ5\/D7JZ6FArciEMMkyFIwplniDv\/bjNCRjIZzGWltVCRAQBZZf0ds2kXzLEOIGMUpx2oFRtwDgwesKJgy9be1woTT3HVmrfv8vUkkFOD253UN9bBIfIU4elVEm8DEZ93RQ8PGCnqpWPqKVclryY+VrRX6bBv\/eydiZowniNJyXmSTkGKfOGX30rdpMaFIjV9VAFWlq4kC1zIbyb3K46JC+I+XxrKEmMLqMbO6CesmtgLUC8vVTv7LWODOF1NIRzdEgb8Qn\/9qSY3t6c\/zKgfF8YyVeS6jf5EL3te6RDnB0wZsaBklSDaR66VSY+qB2O5PnaefdIKM\/htIG2nKmWB0tq+\/dxdUHWEvheHhEbmX4TUB3cfXIIesE+zpUW6KXqwY94WHHPEMe6voxs49AJ\/2IZiFohwbn6CjrWd2PilA\/\/N7kVyw58ilFGWokoGNIRgJ61vUDU8rgEdxFK12mR1bebXKhOpf+Sf7ekcBE2R4BLb6ThrQxQ="} 00825{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1608278425043,"flow_last_seen":1608278425043,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1608278425043,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.adguard.com","version":"TLSv1.3","alpn":"doq-i00","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} 00630{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1608278425079,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_msec":1608278425079,"pkt":"mt9Y+uvcCL6sCxduCABFAACoAbMAAD8RP6dejA4OwKgMqQMQoG4AlJ+l8P8AAB0RXf586nXFuX6jZU8LHDkLsXUEXOoexyg1M1\/+GZvbsGeGqJJILJUnaeRPlfaewSkJ0QM1kILJB9RkVGFQIKTOYfD\/amFvF5G2sUWGCAnPMQAxGtra+t44CL4uNVFuP1UAIYDjP5flgPs8Cfp53+s66ugMjRy2XoqR7aApyqmdoc3EHdt+2Cg="} 02114{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1608278425084,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1274,"pkt_l4_len":1240,"thread_ts_msec":1608278425084,"pkt":"CL6sCxdumt9Y+uvcCABFAATsXYtAAEARnorAqAypXowODqBuAxAE2FXxz\/8AAB0EXOoexxFd\/nzqdcW5fqNlTwscOQuxdUBgKDUzX\/4Zm9uwZ4aokkgslSdp5E+V9p7BKQnRAzWQgskH1GRUYVAgpM5h8P9qYW8XkbaxRYYICc8xADEa2tr63jgIvi41UW4\/VQAhgOM\/l+WA+zwJ+nnf6zrq6AyNHLZeRFASnCr8obwp9Ty5sR7kprQnC0Sv2ZcsxYzIMAthEKqYU0zMuGSEznU2JvTrq\/bykaeb5dqdGxdiszDYKDU6Jn7sPAcjUZ2gh8+BYZGe9phFiloXFkZRqkF4syIAEkOpcy2MK\/fkeUIOyP6wlwkzaY3fbmuxHrqRyLu45SBR1VMQFyHi28JYz7QmMQfDMqnuI0IWIuFKHwG0T\/v0jhF19jPBzG3JSCrPoiaSUV9rQI1kZsCKoMrGjumM68QAfolXONsAd2IYudReWz3mQrB3zOSDXc7+iPJJwc0+KS52obxIkJ0I8SZ7CLjp+FpGH++2YepZGSZYPB5rc\/4HU1bQ4ocmPERQ5l+FpQxpj4cq2AJTX05VWg9LfjDFrHE6D6oMOTTfheRhy7X3SqhzfVhy\/w3RXnv00qwNGkVr8QIR+wCM95sfw88fV3+NqmU3vnLU2z+qvvT2HlvRQm9ykjYa60lgB9sFJ5Ng9ge\/cpn16AR4r\/NoOup4fo8EeFB8cFrAVg+3WG3mgWxUdvK6oND07fFN48QrriL1y7XuIB3Fa65jgY5B4zE7vkkBXKUfGormP9hug8dHVr44WkbHCTqfFJuTHKIf9gtfJ9VQps1jhQjM952WGdM\/mFbut40pSDwrgQgdt0stO2C4PvDiwgzZaEybJzcZBHCUgM8reKIoRyLrSsWciN2b3tsFQXXaEeEGdt8Bc\/5zyh11uwNSzGQ\/Fl2k7QrJleMEWlDCFHuNFZdb7JDVOvqjlXAHTTHX0xSx0KU4aqrg\/kZVORXUFVlv\/xu8mW\/pGVbnSUQNAvLvkvHNdnu1ZPxtBzMoqU+96Xp\/DxrznNbYv32YFRLbK8kA8U4FaZhJ3oS+5KFBikdLEV9Hai2hbk8GZjN2iqviHrHccJqNkg3SIuZD5qamhaUaMG9NOa5pQ9jLJU\/ymgo7DdgKxRH8uuDjWk10CemOYV7pIj9XJEg0HHMmlI1Un6aDxtAu5UK1qm1HNb38yVa+sYeN5Ew6KHyqBUxxS4IflHX5qeqIZPOKrYg5MCubhSudLKbjcH5sXIzejKF8iZ0FlTKPdHSExxjW0QFN6bAWoLJuZE\/4kDcgHKTjdquB1S9wjg6Pah9A0AO1p8+A56ZYLVjRHdUF0Eo6bHTdn4hIgHvxPjCmO5BtWUKEeQnKGkkR8kgREjXo6GfEeHC4Vb4SCK88RJFW07bR+3U68E0sOKimZElroA+KMcE32OqnpsNULoyV7BunASAegp78gVNI0Bil4Klffm6tM6xnJr7Wx08jSGi+pGYWmiGnj3zfHIxpQuw4bIpm3S\/lud8tMnqwiD6\/bIUKO1SxVSWZBp6s2PlGyGHrgwwdIy5nXoip9OukmbhVHpu5a+3BERo9ToRhkKbGsS5gAuyL08\/F6VvMQD\/JdB+\/2rkXCT7ca7Lr49P5aV+w66D8Iwyn8BcCGyOLiGucN4S\/JjMhOeFgH9mu48hQ78o="} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":296,"flow_first_seen":1608278425043,"flow_last_seen":1608278463119,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":32013,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1608278463119,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"94.140.14.14","src_port":41070,"dst_port":784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-data-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1608278463119} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":296,"source":"doq_adguard.pcapng","alias":"nDPId-test","packets-captured":296,"packets-processed":296,"total-skipped-flows":0,"total-l4-data-len":32013,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1608278463119} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 296/296 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4693786 bytes -~~ total memory freed........: 4693786 bytes +~~ total memory allocated....: 4693810 bytes +~~ total memory freed........: 4693810 bytes ~~ total allocations/frees...: 101451/101451 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/dos_win98_smb_netbeui.pcap.out b/test/results/dos_win98_smb_netbeui.pcap.out index 6e48d39c2..dd180a97e 100644 --- a/test/results/dos_win98_smb_netbeui.pcap.out +++ b/test/results/dos_win98_smb_netbeui.pcap.out @@ -1,5 +1,5 @@ 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1576409796586} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1576409796586} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586} @@ -338,7 +338,7 @@ 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00827{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1576409807597,"flow_last_seen":1576409923353,"flow_idle_time":180000,"flow_min_l4_payload_len":177,"flow_max_l4_payload_len":207,"flow_tot_l4_payload_len":2817,"flow_avg_l4_payload_len":187,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-data-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":341,"global_ts_msec":1576409931837} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":220,"packets-processed":62,"total-skipped-flows":0,"total-l4-data-len":5953,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":341,"global_ts_msec":1576409931837} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 220/62 ~~ skipped flows.............: 0 @@ -347,8 +347,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4684212 bytes -~~ total memory freed........: 4684212 bytes +~~ total memory allocated....: 4684236 bytes +~~ total memory freed........: 4684236 bytes ~~ total allocations/frees...: 101214/101214 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars diff --git a/test/results/drda_db2.pcap.out b/test/results/drda_db2.pcap.out index f493d82d9..601e95e1e 100644 --- a/test/results/drda_db2.pcap.out +++ b/test/results/drda_db2.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"drda_db2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1175543772220} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1175543772220} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1175543772220,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1175543772220,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1175543772220,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772220,"pkt":"AAwpfMZqAFBWwAABCABFAAAwIqBAAIAGglXAqGoBwKhqgBLvw1AKtGewAAAAAHAC\/\/\/kqAAAAgQFtAEBBAI="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1175543772221,"pkt":"AFBWwAABAAwpfMZqCABFAAAwAABAAEAG5PXAqGqAwKhqAcNQEu\/9XlZHCrRnsXASFtB6IQAAAgQFtAEBBAI="} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1175543772221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1175543772221,"pkt":"AAwpfMZqAFBWwAABCABFAAAoIqFAAIAGglzAqGoBwKhqgBLvw1AKtGex\/V5WSFAQ\/\/+9tQAA"} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1175543772220,"flow_last_seen":1175543772338,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1175543772338,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} 00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1175543772220,"flow_last_seen":1175543810683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":4623,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1175543810683,"l3_proto":"ip4","src_ip":"192.168.106.1","dst_ip":"192.168.106.128","src_port":4847,"dst_port":50000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DRDA","breed":"Acceptable","category":"Database"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1175543810683} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"drda_db2.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":4623,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1175543810683} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682948 bytes -~~ total memory freed........: 4682948 bytes +~~ total memory allocated....: 4682972 bytes +~~ total memory freed........: 4682972 bytes ~~ total allocations/frees...: 101182/101182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars diff --git a/test/results/dropbox.pcap.out b/test/results/dropbox.pcap.out index fcb1a79b1..eceeb924f 100644 --- a/test/results/dropbox.pcap.out +++ b/test/results/dropbox.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dropbox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1455907271481} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1455907271481} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00565{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1455907271481,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1455907271481,"pkt":"CAAnmO\/hCAAnAERyCABFAAB8EMQAAIARN\/bAqDgBwKg4ZcSHRFwAaLRJQwM1AW9STXJEXEFyCEJ1czE3Q21kETL\/eyJtZXNzYWdlVHlwZSI6IlVQREFURSIsIm1lc3NhZ2VDb250ZW50IjoiRnJpIEZlYiAxOSAyMDo0MToxMSBFRVQgMjAxNiJ9"} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907271481,"flow_last_seen":1455907271481,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1455907271481,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50311,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} @@ -20,7 +20,7 @@ 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":153,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1455907275690,"flow_last_seen":1455907275690,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1455907275690,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.101","src_port":50319,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":154,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1455907275695,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1455907275695,"pkt":"CAAnAERyCAAnmO\/hCABFAAAyX35AAEAR6YXAqDhlwKg4AURcxI8AHvHmZkSAZtDWwMpn\/osvci9CdXMxN0NtZA=="} 00574{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1455907275831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1455907275831,"pkt":"CAAnmO\/hCAAnAERyCABFAACAFEwAAIARNGrAqDgBwKg4ZcSPRFwAbLkURwOAZ6ExGoh1VzNyRFxBcghCdXMxN0NtZBEy\/3sibWVzc2FnZVR5cGUiOiJVUERBVEUiLCJtZXNzYWdlQ29udGVudCI6IkZyaSBGZWIgMTkgMjA6NDE6MTUgRUVUIDIwMTYifQ=="} -00476{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-data-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-events-serialized":23,"global_ts_msec":1459182796665} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":801,"packets-processed":800,"total-skipped-flows":0,"total-l4-data-len":47076,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":4,"total-active-flows":4,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1459182796665} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1459182796665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182796665,"pkt":"8IQvSpdgeJKcD6iOCABFAABAOLtAAEARfTrAqAFpwKgB\/thvADUALFKSg5wBAAABAAAAAAAABmNsaWVudAdkcm9wYm94A2NvbQAAAQAB"} 00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":801,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1459182796665,"flow_last_seen":1459182796665,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1459182796665,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":55407,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"client.dropbox.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -66,7 +66,7 @@ 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":828,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1459182818229,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1459182818229,"pkt":"8IQvSpdgeJKcD6iOCABFAABAQCRAAEARddHAqAFpwKgB\/oGlADUALERt3H0BAAABAAAAAAAABm5vdGlmeQdkcm9wYm94A2NvbQAAAQAB"} 00773{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1459182818263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_msec":1459182818263,"pkt":"eJKcD6iO8IQvSpdgCABFAAEYAABAAEARtR3AqAH+wKgBaQA1gaUBBH9u3H2BgAABAAEABAAEBm5vdGlmeQdkcm9wYm94A2NvbQAAAQABwAwAAQABAAAAcQAEon0Rg8AMAAIAAQAAAHEAFwducy0xMTU0CWF3c2Rucy0xNgNvcmcAwAwAAgABAAAAcQASBW5zLTgzCWF3c2Rucy0xMMAbwAwAAgABAAAAcQAWBm5zLTg5NQlhd3NkbnMtNDcDbmV0AMAMAAIAAQAAAHEAGQducy0xOTM2CWF3c2Rucy01MAJjbwJ1awDAYwABAAEAAVOfAATN+8BTwIEAAQABAAFTrgAEzfvDf8BAAAEAAQABU6sABM37xILAowABAAEAAVN1AATN+8eQ"} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":829,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1459182818229,"flow_last_seen":1459182818263,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":252,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1459182818263,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.254","src_port":33189,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"notify.dropbox.com","num_queries":1,"num_answers":9,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.17.131"}} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-data-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-events-serialized":69,"global_ts_msec":1535391465534} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":837,"packets-processed":836,"total-skipped-flows":0,"total-l4-data-len":52930,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":11,"total-detection-updates":6,"total-updates":0,"current-active-flows":7,"total-active-flows":11,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":69,"global_ts_msec":1535391465534} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00675{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1535391465534,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_msec":1535391465534,"pkt":"\/\/\/\/\/\/\/\/rNG4wD8JCABFAADEWzxAAEARHT\/AqAEG\/\/\/\/\/0RcRFwAsAWteyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiZGlzcGxheW5hbWUiOiAiIiwgImhvc3RfaW50IjogMTQyNjI0OTI5OTAwNTgxMDUzNDA3MzQwMDE2NzI1NzY2ODExMzI2LCAibmFtZXNwYWNlcyI6IFszMTE2NDIwNDE2LCAzMjA5MzgyOTQ0LCAxMjM1ODYyNywgMTEzODA0NDM2N119"} 00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":837,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1535391465534,"flow_last_seen":1535391465534,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":168,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391465534,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} @@ -100,7 +100,7 @@ 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465534,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"255.255.255.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391651170,"flow_last_seen":1535391682514,"flow_idle_time":180000,"flow_min_l4_payload_len":163,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":489,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.64","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1535391465535,"flow_last_seen":1535391525545,"flow_idle_time":180000,"flow_min_l4_payload_len":168,"flow_max_l4_payload_len":168,"flow_tot_l4_payload_len":504,"flow_avg_l4_payload_len":168,"midstream":0,"thread_ts_msec":1535391682514,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-data-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":2,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-events-serialized":103,"global_ts_msec":1535391682514} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":848,"source":"dropbox.pcap","alias":"nDPId-test","packets-captured":848,"packets-processed":848,"total-skipped-flows":0,"total-l4-data-len":54916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":15,"total-detection-updates":6,"total-updates":2,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":103,"global_ts_msec":1535391682514} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 848/848 ~~ skipped flows.............: 0 @@ -109,8 +109,8 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4716598 bytes -~~ total memory freed........: 4716598 bytes +~~ total memory allocated....: 4716622 bytes +~~ total memory freed........: 4716622 bytes ~~ total allocations/frees...: 102033/102033 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/dtls.pcap.out b/test/results/dtls.pcap.out index cffbf1b25..7f2c826e3 100644 --- a/test/results/dtls.pcap.out +++ b/test/results/dtls.pcap.out @@ -1,11 +1,11 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1545143424891} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1545143424891} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1545143424891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 01053{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":155,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"bd743610892cec1efed851b2b5efd4f5","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1545143424891,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1545143424891,"pkt":"WLEPD4fwhLVBbZhoCABFAAC3FtBAAEARhxHAqA3LwKgNOZ8j3MMAozuLFv7\/AAAAAAAAAAAAjgEAAIIAAAAAAAAAgv79zrBtKgTLKhUXwuJm7W22k25ueldyqs3Q4tvQaM4mc34AAAAYwCvAL8ypzKjACcATwArAFACcAC8ANQAKAQAAQP8BAAEAABcAAAAjAAAADQAUABIEAwgEBAEFAwgFBQEIBgYBAgEADgAFAAIAAQAACwACAQAACgAIAAYAHQAXABg="} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1545143424891,"flow_last_seen":1545143424891,"flow_idle_time":180000,"flow_min_l4_payload_len":155,"flow_max_l4_payload_len":155,"flow_tot_l4_payload_len":310,"flow_avg_l4_payload_len":155,"midstream":0,"thread_ts_msec":1545143424891,"l3_proto":"ip4","src_ip":"192.168.13.203","dst_ip":"192.168.13.57","src_port":40739,"dst_port":56515,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00466{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":1545143424891} +00545{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"dtls.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":310,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1545143424891} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,8 +14,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679856 bytes -~~ total memory freed........: 4679856 bytes +~~ total memory allocated....: 4679880 bytes +~~ total memory freed........: 4679880 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/dtls2.pcap.out b/test/results/dtls2.pcap.out index c641a388e..fc3049339 100644 --- a/test/results/dtls2.pcap.out +++ b/test/results/dtls2.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1507911659748} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1507911659748} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507911659748,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"thread_ts_msec":1507911659748,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"} 01049{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507911659748,"flow_last_seen":1507911659748,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"thread_ts_msec":1507911659748,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} @@ -8,7 +8,7 @@ 01348{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1507911660332,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","subjectDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}} 01031{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":25,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1507911659748,"flow_last_seen":1507911868551,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3173,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1507911868551,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} 01029{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1507912041896,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1507912041896} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":3731,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":1,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1507912041896} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680712 bytes -~~ total memory freed........: 4680712 bytes +~~ total memory allocated....: 4680736 bytes +~~ total memory freed........: 4680736 bytes ~~ total allocations/frees...: 101175/101175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/dtls_certificate.pcapng.out b/test/results/dtls_certificate.pcapng.out index f0d8849d8..b9cec50af 100644 --- a/test/results/dtls_certificate.pcapng.out +++ b/test/results/dtls_certificate.pcapng.out @@ -1,10 +1,10 @@ 00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00476{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1645461580895} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1645461580895} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":180000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02400{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1645461580895,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1486,"pkt_l4_len":1452,"thread_ts_msec":1645461580895,"pkt":"AAEC3cZZAAAAw9EGCABFAAXASWxAADQRSEO\/Pjy+o80PtAG7l9wFrJO8Fv79AAAAAAAAAAIARQIAADkAAQAAAAAAOf79\/Kc4HE2ihqeGXU8HJgbvv17oNih5trwpTgkv9KYfrYAAwDAAABH\/AQABAAALAAQDAAECACMAABb+\/QAAAAAAAAADBPILAATmAAIAAAAABOYABOMABOAwggTcMIIDxKADAgECAhMzAAAAHLZ5tboHL3PzAAAAAAAcMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHUmVkbW9uZDEeMBwGA1UECgwVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSwwKgYDVQQDDCNNaWNyb3NvZnQgVXBkYXRlIFNlY3VyZSBTZXJ2ZXIgQ0EgMTAeFw0xNzAyMjcxMjAwMDBaFw0xOTAyMjcwMDAwMDBaMHkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdSZWRtb25kMRIwEAYDVQQKDAlNaWNyb3NvZnQxDDAKBgNVBAsMA0RTUDEhMB8GA1UEAwwYd3d3LnVwZGF0ZS5taWNyb3NvZnQuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxchtkZuNapLH78mZf0URm+rRwTx\/ZkyEWQKrdPC7T\/I\/VBlNaCjkhqqLjeWcxNjAXFgHV0DQS4Ohn1NUJhGwRm+C9xnh7uNg5h\/HW\/hZG6rQQT\/YIEe4RMEDoHNucdV0ldNkVXCWmH7VdyXRHfM9s1z8dmKF9BhxFUrUndT8KN51NorrFfTkRDxgaXL\/XiTXb5jjFdTMNDoWEcfCSn+mv6sdX3THlAvFHxknV8wAjqvNtxIjUk2YFzbeaTG2Q+ckuiam9dVPaH56OySqB0JYTcsJNz1EFEanNbn3YoH9U68KtmWqXQruXynN3poT1rVwEUFs6k6P4rp9p9jisxqFTQIDAQABo4IBUTCCAU0wDgYDVR0PAQH\/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSLiU8Spy0D\/BrMqi4FzdoDPizAuzAfBgNVHSMEGDAWgBQTA4kJqE\/7jzADbipdbCNlgXR+uzBmBgNVHR8EXzBdMFugWaBXhlVodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3JsMHMGCCsGAQUFBwEBBGcwZTBjBggrBgEFBQcwAoZXaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBVcGRhdGUlMjBTZWN1cmUlMjBTZXJ2ZXIlMjBDQSUyMDEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAD\/XXW3cyN\/n\/BsXYc461vEQJ\/MooDP0uWOe5wtrpd3XUOKUuYcOvN70FidsM66xtY3sgdh6LUV7Vd3UbwrHsVXRThb+W0JmRxLpORJHovyCUjHJdgWcwAmAecZJ4QHbPt4JGKIezh1zC7zvwpMBEph7\/DE2rRq+Bk7Vj\/NpG5hi7ChZs0a\/4ZlQ63BMdels0iVL7Gl8j2rZV6AKE6rNjGoosoCEoztRWeQE8+sRCm+Ke3bWDxj6rORsUQGgzGimwUgWsdfd3Nhsgd7TmdyKcuJKVjK3IJvBgJOkTc6Wtb9I6keqOhJz+tW6pXPpKnm\/uuS9speSYMehXhdxy6auf74W\/v0AAAAAAAAABABGDAABSQADAAAAAAA6AwAXQQTUxAnF4aD29iFX08UpvzSYHoOfJnjbLUY7FaBYVdRtgMBGO\/4Mp6YBV28sDk7JZ2MLOl9WIA=="} 00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":180000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}} 00962{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1645461580895,"flow_last_seen":1645461580895,"flow_idle_time":180000,"flow_min_l4_payload_len":1444,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":1444,"flow_avg_l4_payload_len":1444,"midstream":0,"thread_ts_msec":1645461580895,"l3_proto":"ip4","src_ip":"191.62.60.190","dst_ip":"163.205.15.180","src_port":443,"dst_port":38876,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.WindowsUpdate","breed":"Safe","category":"SoftwareUpdate"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1645461580895} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dtls_certificate.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1444,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1645461580895} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,8 +13,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688212 bytes -~~ total memory freed........: 4688212 bytes +~~ total memory allocated....: 4688236 bytes +~~ total memory freed........: 4688236 bytes ~~ total allocations/frees...: 101148/101148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 474 chars diff --git a/test/results/dtls_certificate_fragments.pcap.out b/test/results/dtls_certificate_fragments.pcap.out index 9c9d3a431..b08ac1b25 100644 --- a/test/results/dtls_certificate_fragments.pcap.out +++ b/test/results/dtls_certificate_fragments.pcap.out @@ -1,5 +1,5 @@ 00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00484{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1556606275726} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1556606275726} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":180000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1556606275726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":354,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":354,"pkt_l4_len":320,"thread_ts_msec":1556606275726,"pkt":"AAAAp2BiAAAAtzPNCABFAAFUW5tAAD4Rr1YKusaVI9I7hpmzrZsBQKk0Fv7\/AAAAAAAAAAABKwEAAR8AAAAAAAABH\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAAACgwDDALMAowCTAFMAKAKUAowChAJ8AawBqAGkAaAA5ADgANwA2AIgAhwCGAIXAMsAuwCrAJsAPwAUAnQA9ADUAhMAvwCvAJ8AjwBPACQCkAKIAoACeAGcAQAA\/AD4AMwAyADEAMACaAJkAmACXAEUARABDAELAMcAtwCnAJcAOwAQAnAA8AC8AlgBBAAfAEsAIABYAEwAQAA3ADcADAAoA\/wEAAFUACwAEAwABAgAKABwAGgAXABkAHAAbABgAGgAWAA4ADQALAAwACQAKACMAAAANACAAHgYBBgIGAwUBBQIFAwQBBAIEAwMBAwIDAwIBAgICAwAPAAEB"} 01095{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1556606275726,"flow_last_seen":1556606275726,"flow_idle_time":180000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":0,"thread_ts_msec":1556606275726,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} @@ -7,7 +7,7 @@ 00902{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1556606275913,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":374,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":374,"pkt_l4_len":340,"thread_ts_msec":1556606275913,"pkt":"AAAAp2BiAAAAtzPNCABFAAFoW6pAAD4RrzMKusaVI9I7hpmzrZsBVHbeFv7\/AAAAAAAAAAEBPwEAATMAAQAAAAABM\/79XLdFN6Sz4OQy2sCEjyxqziIlNS85zlQeFiYi19pl1vEAFGas+MFHIUbk58MIduuc4UCKEPlDAKDAMMAswCjAJMAUwAoApQCjAKEAnwBrAGoAaQBoADkAOAA3ADYAiACHAIYAhcAywC7AKsAmwA\/ABQCdAD0ANQCEwC\/AK8AnwCPAE8AJAKQAogCgAJ4AZwBAAD8APgAzADIAMQAwAJoAmQCYAJcARQBEAEMAQsAxwC3AKcAlwA7ABACcADwALwCWAEEAB8ASwAgAFgATABAADcANwAMACgD\/AQAAVQALAAQDAAECAAoAHAAaABcAGQAcABsAGAAaABYADgANAAsADAAJAAoAIwAAAA0AIAAeBgEGAgYDBQEFAgUDBAEEAgQDAwEDAgMDAgECAgIDAA8AAQE="} 01244{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1556606275726,"flow_last_seen":1556606276035,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":2104,"flow_avg_l4_payload_len":526,"midstream":0,"thread_ts_msec":1556606276035,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"3c3d129780d0066cd8936a6291a8d44f","ja3s":"d45798bc098cd930de7eb2f5f866e994","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA"}} 01072{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1556606275726,"flow_last_seen":1556606278645,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1412,"flow_tot_l4_payload_len":5138,"flow_avg_l4_payload_len":256,"midstream":0,"thread_ts_msec":1556606278645,"l3_proto":"ip4","src_ip":"10.186.198.149","dst_ip":"35.210.59.134","src_port":39347,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} -00493{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1556606278645} +00572{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"dtls_certificate_fragments.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":5138,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1556606278645} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680378 bytes -~~ total memory freed........: 4680378 bytes +~~ total memory allocated....: 4680402 bytes +~~ total memory freed........: 4680402 bytes ~~ total allocations/frees...: 101163/101163 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 482 chars diff --git a/test/results/dtls_session_id_and_coockie_both.pcap.out b/test/results/dtls_session_id_and_coockie_both.pcap.out index 2633320ae..42f07381c 100644 --- a/test/results/dtls_session_id_and_coockie_both.pcap.out +++ b/test/results/dtls_session_id_and_coockie_both.pcap.out @@ -1,5 +1,5 @@ 00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00490{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1592388499775} +00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388499775} 00610{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388499775,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":141,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":141,"pkt_l4_len":107,"thread_ts_msec":1592388499775,"pkt":"AAAAAAAAAAEAvpsKCABFAAB\/T3sAAH8RdtO5xHHv33Rp98RRrZsAazO3Fv79AAAAAAAAAAAAVgEAAEoAAAAAAAAASv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4AAALALAEA"} 01080{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388499775,"flow_last_seen":1592388499775,"flow_idle_time":180000,"flow_min_l4_payload_len":99,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":99,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1592388499775,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} @@ -7,7 +7,7 @@ 00621{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388499813,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":161,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":161,"pkt_l4_len":127,"thread_ts_msec":1592388499813,"pkt":"AAAAAAAAAAEAvpsKCABFAACTT3wAAH8Rdr65xHHv33Rp98RRrZsAf9dAFv79AAAAAAAAAAEAagEAAF4AAQAAAAAAXv79P8FbOXt8ZkgBLvoC72ni+sdFNMYxwEb+hvs\/sv9L1B0gODIAL4OTx2HjtkquDfJ\/XJtXFrGeH36FJxKlpF5tST4UHA78IXAQBJ4GgFMdNk7gXqpCpp4AAsAsAQA="} 01139{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.2","client_requested_server_name":"","ja3":"e15c510766789ed8f49de0e37951c1da","ja3s":"a1d48eca741e476d8ee735578a26bdbd","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} 00954{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1592388499775,"flow_last_seen":1592388499833,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":436,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1592388499833,"l3_proto":"ip4","src_ip":"185.196.113.239","dst_ip":"223.116.105.247","src_port":50257,"dst_port":44443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"DTLS","breed":"Safe","category":"Web"}} -00495{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1592388499833} +00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"dtls_session_id_and_coockie_both.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":436,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1592388499833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679914 bytes -~~ total memory freed........: 4679914 bytes +~~ total memory allocated....: 4679938 bytes +~~ total memory freed........: 4679938 bytes ~~ total allocations/frees...: 101147/101147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 488 chars diff --git a/test/results/encrypted_sni.pcap.out b/test/results/encrypted_sni.pcap.out index 727471895..31601afcc 100644 --- a/test/results/encrypted_sni.pcap.out +++ b/test/results/encrypted_sni.pcap.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"encrypted_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1590680386576} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01422{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} @@ -12,7 +12,7 @@ 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":15,"global_ts_msec":1590680391590} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"encrypted_sni.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1590680391590} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4689654 bytes -~~ total memory freed........: 4689654 bytes +~~ total memory allocated....: 4689678 bytes +~~ total memory freed........: 4689678 bytes ~~ total allocations/frees...: 101164/101164 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/ethereum.pcap.out b/test/results/ethereum.pcap.out index 0c8b0c989..909680be7 100644 --- a/test/results/ethereum.pcap.out +++ b/test/results/ethereum.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethereum.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1578508362274} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1578508362274} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00611{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578508362274,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":170,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":170,"pkt_l4_len":136,"thread_ts_msec":1578508362274,"pkt":"KDc3AG3IEBMx8Tl2CABFAACc0mBAADURe2hXDt4ZwKgBuN11dl8AiEJtHMys6Q29AOp21rwpZSDXERjTbIzhwNph0idC5kCkV\/FDnhOUP\/GMZC9pQ1ikY4tKfgVohRJdDV\/jhdY3JkNQ8nfjTjeSnG7Ixlzbx1L2txMkADCUTD6WfRXFuzz03\/IfAAHdBMuEfwAAAYJ2X4J2X8mETxbOvYLp94CEXhYgXgU="} 00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578508362274,"flow_last_seen":1578508362274,"flow_idle_time":180000,"flow_min_l4_payload_len":128,"flow_max_l4_payload_len":128,"flow_tot_l4_payload_len":128,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1578508362274,"l3_proto":"ip4","src_ip":"87.14.222.25","dst_ip":"192.168.1.184","src_port":56693,"dst_port":30303,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} @@ -429,7 +429,7 @@ 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508364522,"flow_last_seen":1578508365036,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":458,"flow_tot_l4_payload_len":1241,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"162.243.160.83","src_port":56613,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00804{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1578508365009,"flow_last_seen":1578508365126,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":540,"flow_tot_l4_payload_len":1312,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"144.91.120.135","src_port":56641,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00803{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1578508364824,"flow_last_seen":1578508365152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":571,"flow_tot_l4_payload_len":1388,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1578508366135,"l3_proto":"ip4","src_ip":"192.168.1.184","dst_ip":"159.203.84.31","src_port":56634,"dst_port":30303,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-events-serialized":432,"global_ts_msec":1578508366135} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"ethereum.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":86968,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":71,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":74,"total-idle-flows":74,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":432,"global_ts_msec":1578508366135} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -438,8 +438,8 @@ ~~ total active/idle flows...: 74/74 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4918206 bytes -~~ total memory freed........: 4918206 bytes +~~ total memory allocated....: 4918230 bytes +~~ total memory freed........: 4918230 bytes ~~ total allocations/frees...: 103417/103417 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/ethernetIP.pcap.out b/test/results/ethernetIP.pcap.out index 75eef0ce6..19f08bbe9 100644 --- a/test/results/ethernetIP.pcap.out +++ b/test/results/ethernetIP.pcap.out @@ -1,5 +1,5 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ethernetIP.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1352718180263} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1352718180263} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1352718180263,"pkt":"AAC80WDaeOfR4AJeCABFAAB6cCZAAIAGAACNUQAKjVEAU8RjrxLdiI2HlJVDUVAY+XQbbAAAcAA6AAABAhAAAAAAGjkvAAAAAAAAAAAAAAAAAAoAAgChAAQACRM1ALEAJgDkagoCIAIkAQIABgASAEwCIHIkAADOBAABAEwCIHIkACw9BAABAA=="} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1352718180263,"flow_last_seen":1352718180263,"flow_idle_time":7440000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":1,"thread_ts_msec":1352718180263,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.83","src_port":50275,"dst_port":44818,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} @@ -24,7 +24,7 @@ 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1352718180397,"flow_last_seen":1352718181046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2398,"flow_avg_l4_payload_len":109,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.23","src_port":62717,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1352718180265,"flow_last_seen":1352718181047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":107,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.63","dst_ip":"141.81.0.10","src_port":44818,"dst_port":52593,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1352718180390,"flow_last_seen":1352718181050,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":474,"flow_tot_l4_payload_len":2598,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1352718181050,"l3_proto":"ip4","src_ip":"141.81.0.10","dst_ip":"141.81.0.43","src_port":52594,"dst_port":44818,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"EthernetIP","breed":"Acceptable","category":"Network"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":27,"global_ts_msec":1352718181050} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"ethernetIP.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":11876,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1352718181050} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -33,8 +33,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685314 bytes -~~ total memory freed........: 4685314 bytes +~~ total memory allocated....: 4685338 bytes +~~ total memory freed........: 4685338 bytes ~~ total allocations/frees...: 101252/101252 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars diff --git a/test/results/exe_download.pcap.out b/test/results/exe_download.pcap.out index d6135a5df..59fd6a751 100644 --- a/test/results/exe_download.pcap.out +++ b/test/results/exe_download.pcap.out @@ -1,5 +1,5 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1569434051004} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434051004} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434051004,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434051004,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434051004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434051004,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0AI9AAIAGAKkKCRllkFtFw8ANAFC+hvgeAAAAAIACIADegAAAAgQFtAEDAwgBAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434051324,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsBbAAAIAGO5CQW0XDCgkZZQBQwA0+79i4vob4H2AS+vAU7QAAAgQFtA=="} @@ -7,7 +7,7 @@ 00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434051004,"flow_last_seen":1569434051324,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":153,"flow_tot_l4_payload_len":153,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569434051324,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":0,"content_type":"","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} 01067{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434051004,"flow_last_seen":1569434051623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1613,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434051623,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"},"http": {"hostname":"144.91.69.195","url":"144.91.69.195\/solar.php","code":200,"content_type":"application\/octet-stream","user_agent":"pwtyyEKzNtGatwnJjmCcBLbOveCVpc"}} 00933{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":703,"flow_first_seen":1569434051004,"flow_last_seen":1569434056186,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":679485,"flow_avg_l4_payload_len":966,"midstream":0,"thread_ts_msec":1569434056186,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"144.91.69.195","src_port":49165,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-data-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1569434056186} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":703,"source":"exe_download.pcap","alias":"nDPId-test","packets-captured":703,"packets-processed":703,"total-skipped-flows":0,"total-l4-data-len":679485,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434056186} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 703/703 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4700265 bytes -~~ total memory freed........: 4700265 bytes +~~ total memory allocated....: 4700289 bytes +~~ total memory freed........: 4700289 bytes ~~ total allocations/frees...: 101849/101849 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/exe_download_as_png.pcap.out b/test/results/exe_download_as_png.pcap.out index ce47e72ec..92fe7918c 100644 --- a/test/results/exe_download_as_png.pcap.out +++ b/test/results/exe_download_as_png.pcap.out @@ -1,5 +1,5 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"exe_download_as_png.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1569434903040} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569434903040} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569434903040,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569434903040,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569434903040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569434903040,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0Bk9AAIAGv+sKCRlluWJXucAtAFB7PMGWAAAAAIACIAAdNgAAAgQFtAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569434903440,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1569434903440,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsESIAAIAG9SC5Yle5CgkZZQBQwC0vLgrVezzBl2AS+vAxRwAAAgQFtA=="} @@ -7,7 +7,7 @@ 00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569434903040,"flow_last_seen":1569434903441,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1569434903441,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":0,"content_type":"","user_agent":"WinHTTP loader\/1.0"}} 01045{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569434903040,"flow_last_seen":1569434904053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1609,"flow_avg_l4_payload_len":268,"midstream":0,"thread_ts_msec":1569434904053,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"185.98.87.185","url":"185.98.87.185\/tablone.png","code":200,"content_type":"image\/png","user_agent":"WinHTTP loader\/1.0"}} 00935{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":534,"flow_first_seen":1569434903040,"flow_last_seen":1569434972556,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":500597,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1569434972556,"l3_proto":"ip4","src_ip":"10.9.25.101","dst_ip":"185.98.87.185","src_port":49197,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-data-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1569434972556} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":534,"source":"exe_download_as_png.pcap","alias":"nDPId-test","packets-captured":534,"packets-processed":534,"total-skipped-flows":0,"total-l4-data-len":500597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1569434972556} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 534/534 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4695339 bytes -~~ total memory freed........: 4695339 bytes +~~ total memory allocated....: 4695363 bytes +~~ total memory freed........: 4695363 bytes ~~ total allocations/frees...: 101680/101680 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/facebook.pcap.out b/test/results/facebook.pcap.out index 656b4a8d6..5fb2a419b 100644 --- a/test/results/facebook.pcap.out +++ b/test/results/facebook.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"facebook.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1472393122365} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1472393122365} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472393122365,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1472393122365,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1472393122365,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122365,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1472393122668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1472393122668,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="} @@ -15,7 +15,7 @@ 00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1472393123550,"flow_last_seen":1472393123838,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1472393123838,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.facebook.com","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,spdy\/3.1,http\/1.1"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1472393122365,"flow_last_seen":1472393123665,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":4475,"flow_avg_l4_payload_len":235,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Facebook","breed":"Fun","category":"SocialNetwork"}} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":41,"flow_first_seen":1472393123550,"flow_last_seen":1472393124229,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":22044,"flow_avg_l4_payload_len":537,"midstream":0,"thread_ts_msec":1472393124229,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":18,"global_ts_msec":1472393124229} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"facebook.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1472393124229} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -24,8 +24,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4693731 bytes -~~ total memory freed........: 4693731 bytes +~~ total memory allocated....: 4693755 bytes +~~ total memory freed........: 4693755 bytes ~~ total allocations/frees...: 101227/101227 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/firefox.pcap.out b/test/results/firefox.pcap.out index 2cc976593..993211158 100644 --- a/test/results/firefox.pcap.out +++ b/test/results/firefox.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"firefox.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1620927997754} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620927997754} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620927997754,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620927997754,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51577,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620927997754,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620927997754,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6Esl5AbuZmizAAAAAALAC\/\/9OVwAAAgQFtAEDAwUBAQgKNAyUbQAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"firefox.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620927997781,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620927997781,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7yXkJiZGFmZoswaAS\/oiCawAAAgQFrAQCCAo8IAcuNAyUbQEDAwc="} @@ -42,7 +42,7 @@ 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":434,"flow_first_seen":1620927999109,"flow_last_seen":1620927999830,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":353696,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51599,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":646,"flow_first_seen":1620927999111,"flow_last_seen":1620927999879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":545091,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51600,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":878,"flow_first_seen":1620927999112,"flow_last_seen":1620927999897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":744373,"flow_avg_l4_payload_len":847,"midstream":0,"thread_ts_msec":1620927999948,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":51601,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":5441,"packets-processed":5441,"total-skipped-flows":0,"total-l4-data-len":4593506,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-events-serialized":45,"global_ts_msec":1620927999948} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5441,"source":"firefox.pcap","alias":"nDPId-test","packets-captured":5441,"packets-processed":5441,"total-skipped-flows":0,"total-l4-data-len":4593506,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":6,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1620927999948} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5441/5441 ~~ skipped flows.............: 0 @@ -51,8 +51,8 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4854403 bytes -~~ total memory freed........: 4854403 bytes +~~ total memory allocated....: 4854427 bytes +~~ total memory freed........: 4854427 bytes ~~ total allocations/frees...: 106617/106617 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/fix.pcap.out b/test/results/fix.pcap.out index 9bdbca711..f8614a28d 100644 --- a/test/results/fix.pcap.out +++ b/test/results/fix.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1493755109242} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1493755109242} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_msec":1493755109242,"pkt":"THK5MeMlACJNe\/gxCABFAACKT3MAAPUGlw4IERYfwKgAFA+gqko3bYCMRQ1qAYAY\/\/+s3wAAAQEICsq+JozkIvOrOD1PATk9MDA3NQEzNT1HAQIgAAANgQxAKWj1wo9cKQAAAAEAABRnDEBj4euA7PpqAAAAAQAADiEMQENwo99tuUEAAAABAAAMAwxAYm64YJmdywAAAAE="} 00621{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1493755109242,"flow_last_seen":1493755109242,"flow_idle_time":7440000,"flow_min_l4_payload_len":86,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":86,"midstream":1,"thread_ts_msec":1493755109242,"l3_proto":"ip4","src_ip":"8.17.22.31","dst_ip":"192.168.0.20","src_port":4000,"dst_port":43594,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} @@ -72,7 +72,7 @@ 00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1493755111956,"flow_last_seen":1493755132007,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":85,"flow_tot_l4_payload_len":372,"flow_avg_l4_payload_len":37,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38646,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1493755110320,"flow_last_seen":1493755130355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":647,"flow_avg_l4_payload_len":35,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":38652,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} 00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1493755113353,"flow_last_seen":1493755123449,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":99,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":36,"midstream":1,"thread_ts_msec":1493755132120,"l3_proto":"ip4","src_ip":"208.245.107.3","dst_ip":"192.168.0.20","src_port":4000,"dst_port":39094,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"FIX","breed":"Safe","category":"RPC"}} -00480{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-data-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-events-serialized":75,"global_ts_msec":1493755132120} +00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1261,"source":"fix.pcap","alias":"nDPId-test","packets-captured":1261,"packets-processed":1261,"total-skipped-flows":0,"total-l4-data-len":37586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":12,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":75,"global_ts_msec":1493755132120} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1261/1261 ~~ skipped flows.............: 0 @@ -81,8 +81,8 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4750535 bytes -~~ total memory freed........: 4750535 bytes +~~ total memory allocated....: 4750559 bytes +~~ total memory freed........: 4750559 bytes ~~ total allocations/frees...: 102449/102449 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/forticlient.pcap.out b/test/results/forticlient.pcap.out index 7cc79d9ad..ec37d1899 100644 --- a/test/results/forticlient.pcap.out +++ b/test/results/forticlient.pcap.out @@ -1,5 +1,5 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"forticlient.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1621067203571} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1621067203571} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621067203571,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1621067203571,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61805,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621067203571,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1621067203571,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG9\/\/AqAGyUlEuDfFtKMutlmzOAAAAALAC\/\/9bnAAAAgQFtAEDAwUBAQgKJ6c8YwAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1621067203633,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1621067203633,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8pJBAADQGX3NSUS4NwKgBsijL8W1kEcpBrZZsz6ASOEBvHAAAAgQFrAQCCAoGP5CkJ6c8YwEDAwo="} @@ -40,7 +40,7 @@ 00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1621067205651,"flow_last_seen":1621067206738,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3853,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61811,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} 00959{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1621067206773,"flow_last_seen":1621067207860,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7276,"flow_avg_l4_payload_len":250,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61812,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} 00964{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1901,"flow_first_seen":1621067209199,"flow_last_seen":1621067222261,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":277457,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1621067222261,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"82.81.46.13","src_port":61820,"dst_port":10443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"3":"DPI (cache)"},"proto":"TLS.FortiClient","breed":"Safe","category":"VPN"}} -00487{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":43,"global_ts_msec":1621067222261} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2000,"source":"forticlient.pcap","alias":"nDPId-test","packets-captured":2000,"packets-processed":2000,"total-skipped-flows":0,"total-l4-data-len":298759,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":43,"global_ts_msec":1621067222261} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2000/2000 ~~ skipped flows.............: 0 @@ -49,8 +49,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4772359 bytes -~~ total memory freed........: 4772359 bytes +~~ total memory allocated....: 4772383 bytes +~~ total memory freed........: 4772383 bytes ~~ total allocations/frees...: 103178/103178 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars diff --git a/test/results/ftp-start-tls.pcap.out b/test/results/ftp-start-tls.pcap.out index 0df412f34..4fbb0627f 100644 --- a/test/results/ftp-start-tls.pcap.out +++ b/test/results/ftp-start-tls.pcap.out @@ -1,12 +1,12 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp-start-tls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1383123629078} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1383123629078} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383123629078,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383123629078,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFOAAs3ocAAP8GetIK7hokCtwyTPKMABUzQlCKAAAAAGACIACjMgAAAgQCAAAA"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD8G378K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383123629078,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1383123629078,"pkt":"AAAAEAAU3NL8+wOhCABFAAAs+dJAAD0G4b8K3DJMCu4aJAAV8owdfc81M0JQi2ASwAASugAAAgQFtAAA"} 00816{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1383123629078,"flow_last_seen":1383123629098,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":187,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1383123629098,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":51,"flow_first_seen":1383123629078,"flow_last_seen":1383123629412,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":512,"flow_tot_l4_payload_len":4690,"flow_avg_l4_payload_len":91,"midstream":0,"thread_ts_msec":1383123629412,"l3_proto":"ip4","src_ip":"10.238.26.36","dst_ip":"10.220.50.76","src_port":62092,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-data-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1383123629412} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":51,"source":"ftp-start-tls.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":51,"total-skipped-flows":0,"total-l4-data-len":4690,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1383123629412} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 51/51 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4683325 bytes -~~ total memory freed........: 4683325 bytes +~~ total memory allocated....: 4683349 bytes +~~ total memory freed........: 4683349 bytes ~~ total allocations/frees...: 101195/101195 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars diff --git a/test/results/ftp.pcap.out b/test/results/ftp.pcap.out index 9c7e131c6..9d9ea5b4f 100644 --- a/test/results/ftp.pcap.out +++ b/test/results/ftp.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1552590234892} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1552590234892} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1552590234892,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1552590234892,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1552590234892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1552590234892,"pkt":"EBMx8Tl2xCwDBkn+CABFAABAAABAAEAGAADAqAHUWoJGScYGABWjI5ftAAAAALAC\/\/9jegAAAgQFtAEDAwUBAQgKO1eYmQAAAAAEAgAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1552590234919,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1552590234919,"pkt":"xCwDBkn+EBMx8Tl2CABFAAA8AABAADYG4XRagkZJwKgB1AAVxgZYKsHSoyOX7qASqbA+KAAAAgQFrAQCCAoSZ\/tNO1eYmQEDAw4="} @@ -18,7 +18,7 @@ 00640{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1115,"flow_first_seen":1552590241545,"flow_last_seen":1552590241878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1048576,"flow_avg_l4_payload_len":940,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50696,"dst_port":24523,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00800{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":68,"flow_first_seen":1552590234892,"flow_last_seen":1552590243371,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":241,"flow_tot_l4_payload_len":1063,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50694,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"}} 00826{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1552590236580,"flow_last_seen":1552590236666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1205,"flow_tot_l4_payload_len":1205,"flow_avg_l4_payload_len":133,"midstream":0,"thread_ts_msec":1552590243371,"l3_proto":"ip4","src_ip":"192.168.1.212","dst_ip":"90.130.70.73","src_port":50695,"dst_port":25685,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"FTP_DATA","breed":"Acceptable","category":"Download"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1192,"packets-processed":1192,"total-skipped-flows":0,"total-l4-data-len":1050844,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":21,"global_ts_msec":1552590243371} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1192,"source":"ftp.pcap","alias":"nDPId-test","packets-captured":1192,"packets-processed":1192,"total-skipped-flows":0,"total-l4-data-len":1050844,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1552590243371} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1192/1192 ~~ skipped flows.............: 0 @@ -27,8 +27,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4722254 bytes -~~ total memory freed........: 4722254 bytes +~~ total memory allocated....: 4722278 bytes +~~ total memory freed........: 4722278 bytes ~~ total allocations/frees...: 102344/102344 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/ftp_failed.pcap.out b/test/results/ftp_failed.pcap.out index b86671d7f..4a8330b3b 100644 --- a/test/results/ftp_failed.pcap.out +++ b/test/results/ftp_failed.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ftp_failed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1574361625864} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1574361625864} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574361625864,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1574361625864,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574361625864,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625864,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACgGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbUAAAAAoAJwgHzLAAACBAWgBAIICpYFXqIAAAAAAQMDBw=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1574361625878,"pkt":"ZABqYzXM9LUv\/K\/wht1gC1mOACgGOioACAAQEAAAAAAAAAAAAAEqAA1AAAEAAwGSABIBkwARABWutHAVBmyZN0G2oBL\/\/zbpAAACBAWgBAIIClbTSMOWBV6iAQMDDg=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574361625878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1574361625878,"pkt":"9LUv\/K\/wZABqYzXMht1gC5eXACAGQCoADUAAAQADAZIAEgGTABEqAAgAEBAAAAAAAAAAAAABrrQAFZk3QbZwFQZtgBAA4XzDAAABAQgKlgVesFbTSMM="} 00844{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"hello","password":"","auth_failed":1}} 00599{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":18,"flow_first_seen":1574361625864,"flow_last_seen":1574361633102,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":136,"flow_avg_l4_payload_len":7,"midstream":0,"thread_ts_msec":1574361633102,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:192:12:193:11","dst_ip":"2a00:800:1010::1","src_port":44724,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-data-len":136,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1574361633102} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"ftp_failed.pcap","alias":"nDPId-test","packets-captured":18,"packets-processed":18,"total-skipped-flows":0,"total-l4-data-len":136,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1574361633102} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 18/18 ~~ skipped flows.............: 0 @@ -15,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682368 bytes -~~ total memory freed........: 4682368 bytes +~~ total memory allocated....: 4682392 bytes +~~ total memory freed........: 4682392 bytes ~~ total allocations/frees...: 101162/101162 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 849 chars -~~ json string avg len.......: 639 chars +~~ json string avg len.......: 640 chars diff --git a/test/results/fuzz-2006-06-26-2594.pcap.out b/test/results/fuzz-2006-06-26-2594.pcap.out index a05ee5375..fae605f6a 100644 --- a/test/results/fuzz-2006-06-26-2594.pcap.out +++ b/test/results/fuzz-2006-06-26-2594.pcap.out @@ -1,5 +1,5 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1120469540839} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1120469540839} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1120469540839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469540839,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaYwAAIARTMHAqAECwKgB\/wCJAIkAOlu0hOcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPU0FDQUNBQ0FDQUJNAAAgAAE="} 00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469540839,"flow_last_seen":1120469540839,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469540839,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -474,7 +474,7 @@ 00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470129591,"flow_last_seen":1120470129591,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470129591,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_packet_id":2,"flow_last_seen":1120470129593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470129593,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CsMAR7GHVfCAAAABACVzAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":280,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470129591,"flow_last_seen":1120470129593,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470129593,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2755,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":37,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} -00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":282,"packets-processed":234,"total-skipped-flows":0,"total-l4-data-len":23856,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":26,"total-updates":11,"current-active-flows":58,"total-active-flows":104,"total-idle-flows":46,"total-events-serialized":477,"global_ts_msec":1120470141614} +00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":282,"packets-processed":234,"total-skipped-flows":0,"total-l4-data-len":23856,"total-not-detected-flows":6,"total-guessed-flows":4,"total-detected-flows":70,"total-detection-updates":26,"total-updates":11,"current-active-flows":58,"total-active-flows":104,"total-idle-flows":46,"total-compressions":66,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":477,"global_ts_msec":1120470141614} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1120470141614,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470141614,"pkt":"ADBUADRWAODtAW69CABFAABIaqIAAIARTK\/AqAECwKgBAQrEADUANAAlcwABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrACVzAAE="} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":282,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470141614,"flow_last_seen":1120470141614,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470141614,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2756,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -953,7 +953,7 @@ 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":486,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":182,"flow_packet_id":1,"flow_last_seen":1120470721915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120470721915,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADlXM4AAIARWMHAqAEpwKgB\/wCKAYoA0YerEQJM2MCoASkAigC7AAAghU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAABGAAAhAFYAAwABAAAAAgAyAFxNQUlMU0xPVFxCUk9XbkUAAQCA\/AoATEFCMTExAAAAAAAAAAAAAAUBAxAAAA8BVaoA"} 00580{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00565{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":487,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470721915,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3} -00501{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":398,"total-skipped-flows":0,"total-l4-data-len":38937,"total-not-detected-flows":15,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":55,"total-updates":25,"current-active-flows":34,"total-active-flows":182,"total-idle-flows":148,"total-events-serialized":956,"global_ts_msec":1120470764674} +00582{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":398,"total-skipped-flows":0,"total-l4-data-len":38937,"total-not-detected-flows":15,"total-guessed-flows":10,"total-detected-flows":134,"total-detection-updates":55,"total-updates":25,"current-active-flows":34,"total-active-flows":182,"total-idle-flows":148,"total-compressions":125,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":956,"global_ts_msec":1120470764674} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":1,"flow_last_seen":1120470764674,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470764674,"pkt":"ADBUADRWQODtAW69CABFAAA+a48AAIARS8zAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlLQhzaXBwc3RhcgNjb20AAAEAAQ=="} 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -1432,7 +1432,7 @@ 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":226,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470985418,"flow_last_seen":1120470985418,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"37.115.0.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00832{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"1":"Match by port"},"proto":"FTP_CONTROL","breed":"Unsafe","category":"Download"},"ftp": {"user":"","password":"","auth_failed":0}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00503{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":554,"total-skipped-flows":0,"total-l4-data-len":58605,"total-not-detected-flows":27,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":33,"current-active-flows":0,"total-active-flows":249,"total-idle-flows":249,"total-events-serialized":1435,"global_ts_msec":1120471107427} +00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","packets-captured":691,"packets-processed":554,"total-skipped-flows":0,"total-l4-data-len":58605,"total-not-detected-flows":27,"total-guessed-flows":28,"total-detected-flows":194,"total-detection-updates":88,"total-updates":33,"current-active-flows":0,"total-active-flows":249,"total-idle-flows":249,"total-compressions":159,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1435,"global_ts_msec":1120471107427} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 691/554 ~~ skipped flows.............: 0 @@ -1441,8 +1441,8 @@ ~~ total active/idle flows...: 249/249 ~~ total timeout flows.......: 28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5050680 bytes -~~ total memory freed........: 5050680 bytes +~~ total memory allocated....: 5050704 bytes +~~ total memory freed........: 5050704 bytes ~~ total allocations/frees...: 102772/102772 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars diff --git a/test/results/fuzz-2006-09-29-28586.pcap.out b/test/results/fuzz-2006-09-29-28586.pcap.out index 264dbad9e..4e11143d7 100644 --- a/test/results/fuzz-2006-09-29-28586.pcap.out +++ b/test/results/fuzz-2006-09-29-28586.pcap.out @@ -1,5 +1,5 @@ 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1031854484481} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1031854484481} 00197{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1031854484481} 00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -203,7 +203,7 @@ 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562321,"flow_last_seen":1031854562321,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":9587,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":117,"total-skipped-flows":0,"total-l4-data-len":22225,"total-not-detected-flows":3,"total-guessed-flows":27,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-events-serialized":206,"global_ts_msec":1031854568982} +00576{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":131,"packets-processed":117,"total-skipped-flows":0,"total-l4-data-len":22225,"total-not-detected-flows":3,"total-guessed-flows":27,"total-detected-flows":8,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":15,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":206,"global_ts_msec":1031854568982} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 131/117 ~~ skipped flows.............: 0 @@ -212,8 +212,8 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4746874 bytes -~~ total memory freed........: 4746874 bytes +~~ total memory allocated....: 4746898 bytes +~~ total memory freed........: 4746898 bytes ~~ total allocations/frees...: 101424/101424 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars diff --git a/test/results/fuzz-2020-02-16-11740.pcap.out b/test/results/fuzz-2020-02-16-11740.pcap.out index 1622b3d19..63e975ad2 100644 --- a/test/results/fuzz-2020-02-16-11740.pcap.out +++ b/test/results/fuzz-2020-02-16-11740.pcap.out @@ -1,5 +1,5 @@ 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1528996067791} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1528996067791} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1528996067791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996067791,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMZAAP8RAAAKDEAebOIZNXIQBxQCxwAAAQoCv14OK3h3MxRiiuPV6g7+kV4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADikDQM2NwZbIqDjATUwMzExNDgwMjeaNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XVkZpd2NjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLUlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RMYWI6DAAAN2MBBgAAAAIGBgAAAEQlAAAABRQ9BgAAABNABgAAAA1BBgAAAAZRRTU2TzoCAQA4ATAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996067791,"flow_last_seen":1528996067791,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996067791,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"108.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} @@ -35,7 +35,7 @@ 01181{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1528996641548,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1528996641548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_msec":1528996641548,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-events-serialized":38,"global_ts_msec":1528996680540} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1528996680540} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":22,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996680808,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00669{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1528996680808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528996680808,"pkt":"ABRP+4rqcNuYVcUnCABFAADA98dAAPwRXCPG4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":23,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996684582,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -147,7 +147,7 @@ 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1528997266054,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997266054,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/tpAAPwRVO\/G4hk1CjhAHgcUJQAAzZq1C0gAxTQDE\/syEk8COAKXrk0TJQABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuTHR3b3JrLm9yZywgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADQlOBVyiA51UB5+BTRf1Z+AgUAAJqmOeZiwwAAElk1sqzX2LSLAQACCwUAAAF5eGigvLsuc5FvQXnfthRQEr72IV3uvADHqUwosXSRIBM="} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":124,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997266054,"flow_last_seen":1528997266054,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997266054,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.56.64.30","src_port":1812,"dst_port":9472,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1528997050187,"flow_last_seen":1528997259951,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":4564,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1528997266594,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} -00495{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":6,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-events-serialized":150,"global_ts_msec":1528997294157} +00574{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":127,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":44703,"total-not-detected-flows":6,"total-guessed-flows":0,"total-detected-flows":16,"total-detection-updates":0,"total-updates":6,"current-active-flows":13,"total-active-flows":27,"total-idle-flows":14,"total-compressions":9,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":150,"global_ts_msec":1528997294157} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1528997294408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} @@ -305,7 +305,7 @@ 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683835,"flow_last_seen":1528997683835,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.119.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3} -00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":199,"total-skipped-flows":0,"total-l4-data-len":85029,"total-not-detected-flows":11,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":10,"current-active-flows":14,"total-active-flows":54,"total-idle-flows":40,"total-events-serialized":308,"global_ts_msec":1528997988607} +00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":199,"total-skipped-flows":0,"total-l4-data-len":85029,"total-not-detected-flows":11,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":10,"current-active-flows":14,"total-active-flows":54,"total-idle-flows":40,"total-compressions":16,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":308,"global_ts_msec":1528997988607} 00199{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_msec":1528997988838} 00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="} 00196{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1528997989240} @@ -457,7 +457,7 @@ 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1528998585268,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998585268,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00218{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998585453} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998585268,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} -00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":283,"total-skipped-flows":0,"total-l4-data-len":122535,"total-not-detected-flows":16,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":5,"total-active-flows":76,"total-idle-flows":71,"total-events-serialized":460,"global_ts_msec":1528998601376} +00577{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":283,"total-skipped-flows":0,"total-l4-data-len":122535,"total-not-detected-flows":16,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":5,"total-active-flows":76,"total-idle-flows":71,"total-compressions":19,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":460,"global_ts_msec":1528998601376} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1528998605741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"thread_ts_msec":1528998605741,"pkt":"AAAMB6xAABRP+4rqCABFAAKRIWpAAP8RAAAKDEAexuIZNXIQBxUCfQAABLwCddn+cEnhcqnQe5pr1rrJmHQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODgwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhYWM5L2YwOjc5OjYwOmQxOjdkOjM3LzI0NDEGAAAAExoxAAAACQErYXVkaXQtc2Vzc2lvbi1pZD0xMGZmMTBhWTAwMPowMGQ1YzlhYTIyNWItBgAAAAFABgAAAA1BBl4AAAZRBDU2NwZbIqrNGhQAAFfIBw5WWldDMlRlc3RMYWIaCgAAV8gIBEVUGhAAAFfICgpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} @@ -481,7 +481,7 @@ 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} -00499{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":366,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":128803,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":13,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-events-serialized":484,"global_ts_msec":1528998643334} +00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":366,"packets-processed":299,"total-skipped-flows":0,"total-l4-data-len":128803,"total-not-detected-flows":19,"total-guessed-flows":3,"total-detected-flows":57,"total-detection-updates":0,"total-updates":13,"current-active-flows":0,"total-active-flows":79,"total-idle-flows":79,"total-compressions":21,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":484,"global_ts_msec":1528998643334} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 366/299 ~~ skipped flows.............: 0 @@ -490,8 +490,8 @@ ~~ total active/idle flows...: 79/79 ~~ total timeout flows.......: 16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4771269 bytes -~~ total memory freed........: 4771269 bytes +~~ total memory allocated....: 4771293 bytes +~~ total memory freed........: 4771293 bytes ~~ total allocations/frees...: 101718/101718 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars diff --git a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out index 4f90879f1..81cada7f5 100644 --- a/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out +++ b/test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -1,10 +1,10 @@ 00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":18448697704865147} +00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":18448697704865147} 00259{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_msec":18448697704865147} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} 00224{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_msec":18448697704865147} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":18448697704865147} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":18448697704865147} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 229 chars -~~ json string max len.......: 495 chars -~~ json string avg len.......: 363 chars +~~ json string max len.......: 574 chars +~~ json string avg len.......: 401 chars diff --git a/test/results/fuzz-2021-10-13.pcap.out b/test/results/fuzz-2021-10-13.pcap.out index 19deeaaad..9f1ab63e0 100644 --- a/test/results/fuzz-2021-10-13.pcap.out +++ b/test/results/fuzz-2021-10-13.pcap.out @@ -1,8 +1,8 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":980658803882} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":980658803882} 00203{"error_event_id":1,"error_event_name":"Unknown datalink layer packet","datalink":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_msec":980658803882} 00532{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":197,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":980658803882} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_msec":980658803882} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/0 ~~ skipped flows.............: 0 @@ -11,10 +11,10 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 208 chars -~~ json string max len.......: 537 chars -~~ json string avg len.......: 366 chars +~~ json string max len.......: 558 chars +~~ json string avg len.......: 381 chars diff --git a/test/results/genshin-impact.pcap.out b/test/results/genshin-impact.pcap.out index bed4af3dd..3ae52670a 100644 --- a/test/results/genshin-impact.pcap.out +++ b/test/results/genshin-impact.pcap.out @@ -1,18 +1,18 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"genshin-impact.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1615497372822} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1615497372822} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1615497372822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1615497372822,"pkt":"eJS0JASgYDjgxTWgCABFAAAwrR4AAD8RTEjAqAJkL\/WPVeWOVlUAHPQTAAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1615497372822,"flow_last_seen":1615497372822,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1615497372822,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1615497372843,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1615497372843,"pkt":"YDjgxTWgeJS0JASgCABFAAAwK09AADcRlhcv9Y9VwKgCZFZV5Y4AHKXfAAABRQADGDI6DaIVSZYC0hRRRUU="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1615497372883,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1615497372883,"pkt":"eJS0JASgYDjgxTWgCABFAADFrx4AAD8RSbPAqAJkL\/WPVeWOVlUAsVF7MhgDABWiDTpRAAABg6QlIwAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZwkZnnlWAs83g1p8EKxdCAGrvC1rqvpVXt+DS9GDIp59mUEo7M9A0R8PnQy3bk3e+QGIcWRmxHcBqUQOH+f\/uJk3ozIYAwAVog06UQAAAYOkJSMBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BfbJ9hSIrPxLFWnBNUYf2O83uxMA=="} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1617969465739} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4307,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1617969465739} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1617969465739,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1617969465739,"pkt":"eJS0JASgYDjgxTWgCABFAAAwIDwAAD8RvwnAqAJkL\/6pbecJVlYAHFkOAAAA\/wAAAAC6msTNSZYC0v\/\/\/\/8="} 00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1617969465739,"flow_last_seen":1617969465739,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1617969465739,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1617969465761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1617969465761,"pkt":"YDjgxTWgeJS0JASgCABFAAAwmj1AADcRDQgv\/qltwKgCZFZW5wkAHNyDAAABRQACIqy6msTNSZYC0hRRRUU="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1617969465796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":153,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":153,"pkt_l4_len":119,"thread_ts_msec":1617969465796,"pkt":"eJS0JASgYDjgxTWgCABFAACLETwAAD8Rza7AqAJkL\/6pbecJVlYAd4PurCICAM3EmrpRAAABbMl+tgAAAAAAAAAAUwAAAOjKqWZw60qL9Yt3tYWQf\/bh4A8CmEwZmVNWIKRXCgqptAdyiLYHXIWEStbbdMV+nhEs6cNA1hYEnQ\/rbBPfqVmPcWA0wHkHrhALTrzN2JnmCbMb"} 00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1615497372822,"flow_last_seen":1615497374454,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1181,"flow_tot_l4_payload_len":4307,"flow_avg_l4_payload_len":287,"midstream":0,"thread_ts_msec":1617969467485,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.245.143.85","src_port":58766,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":15,"global_ts_msec":1618759616491} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":6297,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1618759616491} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1618759616491,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1618759616491,"pkt":"eJS0JASgYDjgxTWgCABFAAAwGRQAAD8RUQ3AqAJkCNFFv81fVlUAHHz9AAAA\/wAAAAAAAAAASZYC0v\/\/\/\/8="} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618759616491,"flow_last_seen":1618759616491,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618759616491,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} @@ -20,7 +20,7 @@ 00673{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1618759616572,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":211,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":211,"pkt_l4_len":177,"thread_ts_msec":1618759616572,"pkt":"eJS0JASgYDjgxTWgCABFAADFKAcAAD8RQYXAqAJkCNFFv81fVlUAsRpMXPECABn4gxJRAAAB+IeX5QAAAAAAAAAAUQAAAOjKqWZw7UqL9Yt3c0eSZxk9sU5aAs83g1pzHa9XCgisvC1r9\/0GCIzdTdWOJM16x0h+u8IR0UsPmVrqPkXeqgnccmMxz3oCrkMOS+f\/uJk3o1zxAgAZ+IMSUQAAAfiHl+UBAAAAAAAAACAAAADoyqkGcO9Ki\/W6d3BffbtOf4bPxP18xxJUYUezQnixMA=="} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1617969465739,"flow_last_seen":1617969467485,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":608,"flow_tot_l4_payload_len":1990,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"47.254.169.109","src_port":59145,"dst_port":22102,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} 00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1618759616491,"flow_last_seen":1618759618761,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":606,"flow_tot_l4_payload_len":2645,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1618759618761,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"8.209.69.191","src_port":52575,"dst_port":22101,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"GenshinImpact","breed":"Fun","category":"Game"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":45,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":23,"global_ts_msec":1618759618761} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":45,"source":"genshin-impact.pcap","alias":"nDPId-test","packets-captured":45,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":8942,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1618759618761} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 45/45 ~~ skipped flows.............: 0 @@ -29,8 +29,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682847 bytes -~~ total memory freed........: 4682847 bytes +~~ total memory allocated....: 4682871 bytes +~~ total memory freed........: 4682871 bytes ~~ total allocations/frees...: 101194/101194 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars diff --git a/test/results/git.pcap.out b/test/results/git.pcap.out index 377d29c89..9bd22248c 100644 --- a/test/results/git.pcap.out +++ b/test/results/git.pcap.out @@ -1,12 +1,12 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"git.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1460821630164} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1460821630164} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460821630164,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1460821630164,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460821630164,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630164,"pkt":"nJcm0ghCPJcOZtCOCABFAAA8Q1ZAAEAGScLAqABNBZnnFbt3JMp+hgtEAAAAAKACchB0gwAAAgQFtAQCCAoBp0gSAAAAAAEDAwo="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460821630221,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1460821630221,"pkt":"PJcOZtCOnJcm0ghCCABFCAA8AABAAC8GnhAFmecVwKgATSTKu3dqwE5VfoYLRaASOJBfrwAAAgQFrAQCCAorjWmrAadIEgEDAwc="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1460821630222,"pkt":"nJcm0ghCPJcOZtCOCABFAAA0Q1dAAEAGScnAqABNBZnnFbt3JMp+hgtFasBOVoAQAB3G2AAAAQEICgGnSCArjWmr"} 00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1460821630164,"flow_last_seen":1460821630222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":69,"flow_tot_l4_payload_len":69,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1460821630222,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} 00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":90,"flow_first_seen":1460821630164,"flow_last_seen":1460821631269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2880,"flow_tot_l4_payload_len":68049,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1460821631269,"l3_proto":"ip4","src_ip":"192.168.0.77","dst_ip":"5.153.231.21","src_port":47991,"dst_port":9418,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Git","breed":"Safe","category":"Collaborative"}} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1460821631269} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":90,"source":"git.pcap","alias":"nDPId-test","packets-captured":90,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":68049,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1460821631269} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 90/90 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682408 bytes -~~ total memory freed........: 4682408 bytes +~~ total memory allocated....: 4682432 bytes +~~ total memory freed........: 4682432 bytes ~~ total allocations/frees...: 101233/101233 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/google_ssl.pcap.out b/test/results/google_ssl.pcap.out index 5d50c4701..26583594e 100644 --- a/test/results/google_ssl.pcap.out +++ b/test/results/google_ssl.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"google_ssl.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1434443394683} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434443394683} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434443394683,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434443394683,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434443394683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1434443394683,"pkt":"AA6OTbSogMbKAJ6fCABFAAAsBqJAAEAG14usHwPg2DrUZKdTAbt6Z3LqAAAAAGACFtCOVwAAAgQFtA=="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434443394717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1434443394717,"pkt":"gMbKAJ6fAA6OTbSoCABFAAAseLYAADMGsnfYOtRkrB8D4AG7p1PuIxETemdy62ASp5T+aAAAAgQFlgAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1434443394851,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1434443394851,"pkt":"AA6OTbSogMbKAJ6fCABFAAAoBqNAAEAG146sHwPg2DrUZKdTAbt6Z3Lr7iMRFFAQFtCmzAAA"} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00589{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":28,"flow_first_seen":1434443394683,"flow_last_seen":1434443401353,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":7568,"flow_avg_l4_payload_len":270,"midstream":0,"thread_ts_msec":1434443401353,"l3_proto":"ip4","src_ip":"172.31.3.224","dst_ip":"216.58.212.100","src_port":42835,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-data-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1434443401353} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":28,"source":"google_ssl.pcap","alias":"nDPId-test","packets-captured":28,"packets-processed":28,"total-skipped-flows":0,"total-l4-data-len":7568,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1434443401353} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 28/28 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682658 bytes -~~ total memory freed........: 4682658 bytes +~~ total memory allocated....: 4682682 bytes +~~ total memory freed........: 4682682 bytes ~~ total allocations/frees...: 101172/101172 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars diff --git a/test/results/googledns_android10.pcap.out b/test/results/googledns_android10.pcap.out index c114d03df..a6a4d267d 100644 --- a/test/results/googledns_android10.pcap.out +++ b/test/results/googledns_android10.pcap.out @@ -1,5 +1,5 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"googledns_android10.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1592552824409} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592552824409} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592552824409,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1592552824409,"l3_proto":"ip4","src_ip":"8.8.8.8","dst_ip":"192.168.1.159","src_port":853,"dst_port":55856,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592552824409,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824409,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gpUAAHcG7tcICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT59wAAAQEIChWqa0r\/\/5Cw"} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592552824632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1592552824632,"pkt":"ag\/ahpuQEBMx8Tl2CABFAAA0gzYAAHcG7jYICAgIwKgBnwNV2jAOPHBKaWPSFIARAUT5GAAAAQEIChWqbCn\/\/5Cw"} @@ -56,7 +56,7 @@ 01419{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":298,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1592553007037,"flow_last_seen":1592553007118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":2990,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1592553007118,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dns.google","server_names":"dns.google,*.dns.google.com,8888.google,dns.google.com,dns64.dns.google,2001:4860:4860::64,2001:4860:4860::6464,2001:4860:4860::8844,2001:4860:4860::8888,8.8.4.4,8.8.8.8","ja3":"2c776785ee603cc85d37df996bb90cc8","ja3s":"b44baa8a20901c5663b3a9664ba8a767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services, CN=GTS CA 1O1","subjectDN":"C=US, ST=California, L=Mountain View, O=Google LLC, CN=dns.google","fingerprint":"5B:59:09:FC:7D:50:E6:F7:D1:08:8E:57:42:A2:D8:AE:1F:03:FF:EC"}} 00594{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":133,"flow_first_seen":1592552878549,"flow_last_seen":1592552996502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":19828,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48098,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":241,"flow_first_seen":1592553007037,"flow_last_seen":1592553079303,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":48857,"flow_avg_l4_payload_len":202,"midstream":0,"thread_ts_msec":1592553079303,"l3_proto":"ip4","src_ip":"192.168.1.159","dst_ip":"8.8.4.4","src_port":48210,"dst_port":853,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.DoH_DoT","breed":"Fun","category":"Network"}} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-data-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-events-serialized":59,"global_ts_msec":1592553079303} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":532,"source":"googledns_android10.pcap","alias":"nDPId-test","packets-captured":532,"packets-processed":532,"total-skipped-flows":0,"total-l4-data-len":97842,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":6,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":2,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":59,"global_ts_msec":1592553079303} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 532/532 ~~ skipped flows.............: 0 @@ -65,8 +65,8 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4728610 bytes -~~ total memory freed........: 4728610 bytes +~~ total memory allocated....: 4728634 bytes +~~ total memory freed........: 4728634 bytes ~~ total allocations/frees...: 101761/101761 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/gquic.pcap.out b/test/results/gquic.pcap.out index 047c8ac0a..abd648092 100644 --- a/test/results/gquic.pcap.out +++ b/test/results/gquic.pcap.out @@ -1,10 +1,10 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gquic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1591876186378} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591876186378} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591876186378,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1591876186378,"pkt":"6PckTkFdoMWJ9P+XCABFAAVieo1AAIARvdoKLAUZ2DrVo+6pAbsFTko2w1EwNTAIAXaX8XoV5u8AAEU0NFnBgsF5hkBVQ9QcdhAQB7AX4STVuX+cZkTXcyq7Q06MKI3IMV7nn3XwVsYd8lSM2UQ2Mh\/Lz0P54TH133\/BjF8sKcZx48\/VepMyZjozNf6hUhocgBAvamo29IXHVqILxpkl4wjCzjbjeV119chifFcXxaTjllFkxsh3XmLG5348E\/qK2TLLnMy43JAHw6S2e1v2BO4WXkya\/bcrsjPnQYikRvTxH8li9ZflQ5PttsYcSUtQigVmzX+3zu6YljUMgwCKrGbUc4ym0tN37M5ly\/uhm21+A6fvtyySGNQfP7wJOsR1iWGsA6NR+V\/fmgbvfd72gKd0sTHFADbRPSKYDc0XDK\/X8vG8GXGEknHbOT7DGSzLKpHYvLrwIaFjsweHE6gkta44k2oP3lJ5y\/ohylLleMWOzrznvbvHmPDTo6fznFlCwcMwiT5bU7kKdr22dfJC4HZKXgrfdx\/kyr9W7YgF8ndv1gEMp60hGoa3HeIkNrwcimMUj8lo1MQMLSdfIURLgLYuYXeqNU9nrCpCTOHF8rljnTLtemFl5GKnW4QO+Vn8YQU0wC2WniPFD0JOSE\/9\/8uhjdFWVDMbiGWhYk1SCdcSCnwwatMyU\/DcpZqDI25eb58WZqvNqtnsCmojU\/8N4SjVKXFe6sqZF9Vu2GvgHDvSqxDzjeY9qlts4TuIbe+gH+w1MKU7JxNtGZ08YyKdDEVfiklQ\/xyvSgH5AGRqlnD6igJ7NF54pjKD67q+V\/b7AzUVhGIbpajDS4rvn+fDdhXSGqLFbtHNBw9zOlfyLlg3QCkztn+awCGkuUrUQJWRuzHeXcQ9Pm+GTWr4ztxdNe8GOdcH0fw\/02FqwqbZa0xgXb6ogDH\/Z7u3OTt5CsB\/hPp4imvHezect7LAbuRcIJ+tmXKeqwNdUGoyV614kYKA0aTDm4QbBmp4nIg9dspzjXHExZ33U9zxLwZ8DYwQJDoYhywocb4+jKp5OhFT0Egt5ANj4PPsKNBEjNDxnpAKCiI11YkYMyYj1BSFJ2mKW5kFXZ2\/Uk7W0jKMRykBFSaIJ+fwu1W4yhNjDR69KpOGwGw5d47DA9U+Gj7qbRCpjgb1v145AzbIQNTU\/mwU8gqij0o+rVb\/pUEtWMRho\/Yukqvj0PDpk20u\/iMNduvSEQAQLt7IA31zZMJsdzUDXqeH4lvAJTdAXDM+BfHOutfryXO0ilZKrrhbJmj03RyAieSkoI7y9TYI7udqZUukM2QcgXS180FYjb94yLuFlXG0La9U7oT6UzgYEOrDdq4bcoWorhw9j4EjTTcsFMkNO8f65TlicSD0KdGh7ggCR8NtD2qMSi4KIMxq9IHmGPWBJODrdc1+LXcmA3ApoiY81zbK2QPTdK0LHWSdeauC3LCzY9zJ5bEtZvA4hiamdfZl4E5cxC\/raRilWW9+sNuXDrAH9rw48q66KiLSEC63yDpS1q549REO+OCEIx8SKQQoN1W6tspnVZ3EKLwuCby00TS84gP7\/ke1UZsRSUTrMeCETmkIya9DRfJn3gxYto584jg1Sk6Axi4aJ8MlnhdHfC\/0XWQrVM1UOD3\/J3K5XZUZKJ5vUWJzfBTgAe8J4\/heUMD2WmkBuQIER6hh9JGvwyZ2I6vJO7KXsorNCeXZA6iFfdtk90sqEl67LnWUAJmZ\/6NzgV\/JXrGoQRR0uqoWVC\/xj1u+c66MRH8y3Tf8DUoZ1L57SrRzGrkWBB6B2RSkfxWVzZUSCgEgPU4Lp+fnv6pDzh8zifmLUphU5Jycotx7"} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.gstatic.com","user_agent":"canary Chrome\/85.0.4169.0 Windows NT 10.0; Win64; x64"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1591876186378,"flow_last_seen":1591876186378,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1591876186378,"l3_proto":"ip4","src_ip":"10.44.5.25","dst_ip":"216.58.213.163","src_port":61097,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00468{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1591876186378} +00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"gquic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1350,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1591876186378} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685387 bytes -~~ total memory freed........: 4685387 bytes +~~ total memory allocated....: 4685411 bytes +~~ total memory freed........: 4685411 bytes ~~ total allocations/frees...: 101155/101155 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars ~~ json string max len.......: 2272 chars -~~ json string avg len.......: 1307 chars +~~ json string avg len.......: 1308 chars diff --git a/test/results/gtp_false_positive.pcapng.out b/test/results/gtp_false_positive.pcapng.out index f79985713..9b4e27ca6 100644 --- a/test/results/gtp_false_positive.pcapng.out +++ b/test/results/gtp_false_positive.pcapng.out @@ -1,22 +1,22 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1638856441836} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1638856441836} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1638856441836,"flow_last_seen":1638856441836,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1638856441836,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1638856441836,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1638856441836,"pkt":"AAAAAAAAAAEAm1OyCABFAABDuMQAAD8R0IIYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1638856442050,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1638856442050,"pkt":"AAAAAAAAAAEAm1OyCABFAABDLq0AAD8RWpoYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1638856501910,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1638856501910,"pkt":"AAAAAAAAAAEAm1OyCABFAABLxYgAAD8Rw7YYASFCPjh66HJHDToANyFgLwAAAALBDwDIAAEAAADTFLeVMl6lbwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} -00480{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":1639664897536} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":6,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1639664897536} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639664897536,"flow_last_seen":1639664897536,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1639664897536,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639664897536,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_msec":1639664897536,"pkt":"AAAAAAAAAAgAcgnYCABFaAAk3R5AADMR+TQyB2+GZ+Fnn0JoCEsAEMsJNwMAAEIAAAAAAAAAAAA="} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1638856441836,"flow_last_seen":1638856511476,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1639664897536,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1638856441836,"flow_last_seen":1638856511476,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1639664897536,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00481{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":12,"global_ts_msec":1640630605457} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":1640630605457} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1640630605457,"flow_last_seen":1640630605457,"flow_idle_time":180000,"flow_min_l4_payload_len":326,"flow_max_l4_payload_len":326,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00886{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1640630605457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_msec":1640630605457,"pkt":"AAAAAAAAAAgAF2izCABFAAFiEjRAAD0RTyh3ub6tQlZicghLw9wBTnl2RgEAAAJ5AwDIAMWLvaZzN8g7AAAAAHAALV6UJ\/cTHdx+UcbekdlVsrIQyORBtJYGjhwit4VPN8cgIpZwuzYVz0TO+kH8rnowgXXPb2P\/JTt2WeT4FCyPlfScgvudUxqPf1kwZMd0KmXiXleYPXTNqftx0xJj\/Kb2FN1yrSOQIVUjnqcH8TbL6jgJymGUAAAAfj1DGkvghwUAAAAAAQAAAAABAAAAAAAAAAAAAgBvbQcAAAAAAAAASgABBwAAAAgAYXV0b0FsZ28BADEQAGF1dG9Jbml0TGltaXRSZXMBADAMAGF1dG9MaW1pdFJlcwEAMAcAYndlQWxnbwEAMQwAZG91Ymxlaml0dGVyAQAwCQBwcm9iZVN0cmEBADAGAHNka2JiciAAYWNrVGltZU91dDoyMDB8YWNrVGltZUxlbmd0aDo2MDA="} 00657{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639664897536,"flow_last_seen":1639664897536,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"GTP","breed":"Acceptable","category":"Network"}} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639664897536,"flow_last_seen":1639664897536,"flow_idle_time":180000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1640630605457,"flow_last_seen":1640630605457,"flow_idle_time":180000,"flow_min_l4_payload_len":326,"flow_max_l4_payload_len":326,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"GTP","breed":"Acceptable","category":"Network"}} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1640630605457,"flow_last_seen":1640630605457,"flow_idle_time":180000,"flow_min_l4_payload_len":326,"flow_max_l4_payload_len":326,"flow_tot_l4_payload_len":326,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1640630605457,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":19,"global_ts_msec":1640630605457} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"gtp_false_positive.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":2,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_msec":1640630605457} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -25,8 +25,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4683153 bytes -~~ total memory freed........: 4683153 bytes +~~ total memory allocated....: 4683177 bytes +~~ total memory freed........: 4683177 bytes ~~ total allocations/frees...: 101160/101160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/h323-overflow.pcap.out b/test/results/h323-overflow.pcap.out index c3f502358..616771916 100644 --- a/test/results/h323-overflow.pcap.out +++ b/test/results/h323-overflow.pcap.out @@ -1,10 +1,10 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"h323-overflow.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946681200000} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":946681200000,"pkt":"IiIiIiIiIiIiIiIjCABFAAAsRr1AAIAG+9DAqAEBwKgBAnppAFA5fV1j4FJ\/s1AYQD3UwAAAAwAABA=="} 00649{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00575{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":31337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":946681200000} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"h323-overflow.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":4,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":946681200000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,8 +13,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681875 bytes -~~ total memory freed........: 4681875 bytes +~~ total memory allocated....: 4681899 bytes +~~ total memory freed........: 4681899 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/hangout.pcap.out b/test/results/hangout.pcap.out index 4b2fb818b..1c0562fd4 100644 --- a/test/results/hangout.pcap.out +++ b/test/results/hangout.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hangout.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1468516947751} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1468516947751} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1468516947751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1468516947751,"pkt":"CJ4BbNkmACFeRhcmCABFAACEs2cAACwRwp9KfYZ\/Clk9DUtp3FYAcAThAQEAVCESpEJmaHpqc2RpS0drd1gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFKAHosL2sVKq2EKifFUwLylv3i3sgCgABLYwivQ="} 00797{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1468516947751,"flow_last_seen":1468516947751,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516947751,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} 00576{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1468516948761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1468516948761,"pkt":"CJ4BbNkmACFeRhcmCABFAACEtXUAACwRwJFKfYZ\/Clk9DUtp3FYAcMuPAQEAVCESpEJ2bG8rRTlqWDZMSTAABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFD0l9HkkR5C8mDGwDSrC9i\/8E7pdgCgABPT5D+E="} 00575{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1468516949760,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1468516949760,"pkt":"CJ4BbNkmACFeRhcmCABFAACEuNIAACwRvTRKfYZ\/Clk9DUtp3FYAcJ51AQEAVCESpEJFNlpieTl0eEswU3gABgAhWWRWSldCNmwzN20xYzhENDpCbU1TU1l3ZHhBT1czSFlYAAAAACAACAABfY2fUviQAAgAFGvaO+U3jhYTDCbM5zzzk6bw5Z+5gCgABA724k8="} 00839{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1468516947751,"flow_last_seen":1468516965768,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":1976,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1468516965768,"l3_proto":"ip4","src_ip":"74.125.134.127","dst_ip":"10.89.61.13","src_port":19305,"dst_port":56406,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.GoogleHangoutDuo","breed":"Acceptable","category":"VoIP"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":1976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1468516965768} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"hangout.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":1976,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1468516965768} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688557 bytes -~~ total memory freed........: 4688557 bytes +~~ total memory allocated....: 4688581 bytes +~~ total memory freed........: 4688581 bytes ~~ total allocations/frees...: 101164/101164 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/hpvirtgrp.pcap.out b/test/results/hpvirtgrp.pcap.out index 7a97369b0..4b464bb90 100644 --- a/test/results/hpvirtgrp.pcap.out +++ b/test/results/hpvirtgrp.pcap.out @@ -1,11 +1,11 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hpvirtgrp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1614852331255} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614852331255} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614852331255,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614852331255,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614852331255,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614852331255,"pkt":"eJS0JASgYDjgxTWgCABFAAA85EJAAD8GMf7AqAJkoCzCQrXqFGfdahKJAAAAAKAC\/\/\/rnAAAAgQFtAQCCAoReGspAAAAAAEDAwg="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614852331284,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614852331284,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnteoCmmbE3WoSimASchDc7QAAAgQFrAAA"} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1614852331288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614852331288,"pkt":"eJS0JASgYDjgxTWgCABFAAAo5ENAAD8GMhHAqAJkoCzCQrXqFGfdahKKAppmxVAQ\/\/9mswAA"} 00649{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614852331255,"flow_last_seen":1614852331296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614852331296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":46570,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1614861892925} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":522,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1614861892925} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614861892925,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614861892925,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1614861892925,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614861892925,"pkt":"eJS0JASgYDjgxTWgCABFAAA85WdAAD8GMNnAqAJkoCzCQudAFGcyIeJoAAAAAKAC\/\/9iNQAAAgQFtAQCCAoAALAcAAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1614861892952,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861892952,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn50AGwaaHMiHiaWASchBDFwAAAgQFrAAA"} @@ -17,7 +17,7 @@ 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1614861998752,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614861998752,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn57x0ZsiytykDWmASchAM0gAAAgQFrAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1614861998755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614861998755,"pkt":"eJS0JASgYDjgxTWgCABFAAAobUNAAD8GqRHAqAJkoCzCQue8FGe3KQNadGbIs1AQ\/\/+WlwAA"} 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614861998723,"flow_last_seen":1614861998769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614861998769,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-events-serialized":20,"global_ts_msec":1614876808445} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":46,"packets-processed":45,"total-skipped-flows":0,"total-l4-data-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":3,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1614876808445} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614876808445,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614876808445,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1614876808445,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614876808445,"pkt":"eJS0JASgYDjgxTWgCABFAAA8MDtAAD8G5gXAqAJkoCzCQuoQFGeH4ylZAAAAAKAC\/\/91KwAAAgQFtAQCCAoAZP0\/AAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1614876808474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614876808474,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRn6hA0hHo5h+MpWmASchCiHwAAAgQFrAAA"} @@ -25,19 +25,19 @@ 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":49,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614876808445,"flow_last_seen":1614876811615,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614876811615,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861892925,"flow_last_seen":1614861898114,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59200,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614861998723,"flow_last_seen":1614862060713,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614876811951,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59324,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-events-serialized":28,"global_ts_msec":1614877863379} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":61,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":2088,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":28,"global_ts_msec":1614877863379} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614877863379,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614877863379,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1614877863379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614877863379,"pkt":"eJS0JASgYDjgxTWgCABFAAA8nQJAAD8GeT7AqAJkoCzCQpzYFGd4ZLUSAAAAAKAC\/\/8PXgAAAgQFtAQCCAoAcTP+AAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1614877863406,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614877863406,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnnNj+cl67eGS1E2ASchDErAAAAgQFrAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1614877863410,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614877863410,"pkt":"eJS0JASgYDjgxTWgCABFAAAonQNAAD8GeVHAqAJkoCzCQpzYFGd4ZLUT\/nJevFAQ\/\/9OcgAA"} 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":64,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614877863379,"flow_last_seen":1614877863430,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614877863430,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-data-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-events-serialized":34,"global_ts_msec":1614880256676} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":76,"packets-processed":75,"total-skipped-flows":0,"total-l4-data-len":2866,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1614880256676} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614880256676,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614880256676,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1614880256676,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614880256676,"pkt":"eJS0JASgYDjgxTWgCABFAAA87gNAAD8GKD3AqAJkoCzCQosyFGf2oDFeAAAAAKAC\/\/9JKQAAAgQFtAQCCAoAlBEuAAAAAAEDAwg="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1614880256703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614880256703,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnizKJqg+b9qAxX2ASchCfswAAAgQFrAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":78,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1614880256708,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614880256708,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7gRAAD8GKFDAqAJkoCzCQosyFGf2oDFfiaoPnFAQ\/\/8peQAA"} 00650{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614880256676,"flow_last_seen":1614880256732,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614880256732,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-events-serialized":40,"global_ts_msec":1614892184461} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":91,"packets-processed":90,"total-skipped-flows":0,"total-l4-data-len":3481,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1614892184461} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614892184461,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614892184461,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1614892184461,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184461,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7JAAD8Gco7AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/8FAAAAgQFtAQCCAoBLLDpAAAAAAEDAwg="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1614892184487,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614892184487,"pkt":"eJS0JASgYDjgxTWgCABFAAA8o7NAAD8Gco3AqAJkoCzCQsKuFGf4RqT8AAAAAKAC\/\/\/4LwAAAgQFtAQCCAoBLLTOAAAAAAEDAwg="} @@ -46,13 +46,13 @@ 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614876808445,"flow_last_seen":1614876926772,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":59920,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614880256676,"flow_last_seen":1614880490568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":615,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":35634,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614877863379,"flow_last_seen":1614877864559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":778,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1614892185660,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":40152,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-data-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-events-serialized":49,"global_ts_msec":1614894888601} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":106,"packets-processed":105,"total-skipped-flows":0,"total-l4-data-len":4061,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":49,"global_ts_msec":1614894888601} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614894888601,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614894888601,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1614894888601,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614894888601,"pkt":"eJS0JASgYDjgxTWgCABFAAA8czZAAD8GowrAqAJkoCzCQqY4FGfLLz4YAAAAAKAC\/\/+U4AAAAgQFtAQCCAoBVchmAAAAAAEDAwg="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1614894888628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614894888628,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpjjVSzZFyy8+GWASchAxGQAAAgQFrAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1614894888632,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1614894888632,"pkt":"eJS0JASgYDjgxTWgCABFAAAoczdAAD8Gox3AqAJkoCzCQqY4FGfLLz4Z1Us2RlAQ\/\/+63gAA"} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":109,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614894888601,"flow_last_seen":1614894888640,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":132,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1614894888640,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-data-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-events-serialized":55,"global_ts_msec":1614898090218} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":121,"packets-processed":120,"total-skipped-flows":0,"total-l4-data-len":4583,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":55,"global_ts_msec":1614898090218} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614898090218,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614898090218,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1614898090218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1614898090218,"pkt":"eJS0JASgYDjgxTWgCABFAAA8EFJAAD8GBe\/AqAJkoCzCQqcMFGeOCpYjAAAAAKAC\/\/+UDgAAAgQFtAQCCAoBYq1xAAAAAAEDAwg="} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1614898090245,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1614898090245,"pkt":"YDjgxTWgeJS0JASgCABFAAAsAABAADQGIVGgLMJCwKgCZBRnpwwosEHQjgqWJGASchC2bwAAAgQFrAAA"} @@ -61,7 +61,7 @@ 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614894888601,"flow_last_seen":1614895277767,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42552,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614898090218,"flow_last_seen":1614898324173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":522,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":42764,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1614892184461,"flow_last_seen":1614892314046,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":163,"flow_tot_l4_payload_len":580,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1614898324173,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"160.44.194.66","src_port":49838,"dst_port":5223,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HP_VIRTGRP","breed":"Acceptable","category":"Network"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-data-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-events-serialized":64,"global_ts_msec":1614898324173} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":135,"source":"hpvirtgrp.pcap","alias":"nDPId-test","packets-captured":135,"packets-processed":135,"total-skipped-flows":0,"total-l4-data-len":5105,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1614898324173} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 135/135 ~~ skipped flows.............: 0 @@ -70,8 +70,8 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4709121 bytes -~~ total memory freed........: 4709121 bytes +~~ total memory allocated....: 4709145 bytes +~~ total memory freed........: 4709145 bytes ~~ total allocations/frees...: 101311/101311 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars diff --git a/test/results/hsrp0.pcap.out b/test/results/hsrp0.pcap.out index b67ef3c29..07f26d4fb 100644 --- a/test/results/hsrp0.pcap.out +++ b/test/results/hsrp0.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hsrp0.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1126551970888} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1126551970888} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551970888,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1126551970888,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":66,"pkt_l4_len":28,"thread_ts_msec":1126551970888,"pkt":"AQBeAAACAAAMB6wKgQAACggARcAAMAAAAAABESXiChyo\/eAAAAIHwQfBABw\/0wAAEAMKWgoAY2lzY28AAAAKHKj+"} 00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551970888,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} @@ -16,7 +16,7 @@ 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971000,"flow_last_seen":1126551971000,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.170.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551971931,"flow_last_seen":1126551971931,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.252","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00671{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1126551970888,"flow_last_seen":1126551970888,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1126551971931,"l3_proto":"ip4","src_ip":"10.28.168.253","dst_ip":"224.0.0.2","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00467{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":19,"global_ts_msec":1126551971931} +00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"hsrp0.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":80,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_msec":1126551971931} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -25,8 +25,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682530 bytes -~~ total memory freed........: 4682530 bytes +~~ total memory allocated....: 4682554 bytes +~~ total memory freed........: 4682554 bytes ~~ total allocations/frees...: 101156/101156 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/hsrp2.pcap.out b/test/results/hsrp2.pcap.out index fac50a032..e4b74dbf1 100644 --- a/test/results/hsrp2.pcap.out +++ b/test/results/hsrp2.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hsrp2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1643795481192} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643795481192} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481192,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643795481192,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1643795481192,"pkt":"AQBeAABmcA9q7\/W\/CABFwABQAAAAAP8R88QKNNx94AAAZgfBB8EAPOmuASgCAAUEA5hwD2rv9b8AAABaAAALuAAAJxAKNNx+AAAAAAAAAAAAAAAAAwhjaXNjbwAAAA=="} 00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481192,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} @@ -8,7 +8,7 @@ 00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481220,"flow_last_seen":1643795481220,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.253.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643795481192,"flow_last_seen":1643795481192,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1643795481220,"l3_proto":"ip4","src_ip":"10.52.220.125","dst_ip":"224.0.0.102","src_port":1985,"dst_port":1985,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00468{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":11,"global_ts_msec":1643795481220} +00547{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"hsrp2.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":104,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1643795481220} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680728 bytes -~~ total memory freed........: 4680728 bytes +~~ total memory allocated....: 4680752 bytes +~~ total memory freed........: 4680752 bytes ~~ total allocations/frees...: 101148/101148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/hsrp2_ipv6.pcapng.out b/test/results/hsrp2_ipv6.pcapng.out index ee9342f8f..ab2180924 100644 --- a/test/results/hsrp2_ipv6.pcapng.out +++ b/test/results/hsrp2_ipv6.pcapng.out @@ -1,5 +1,5 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1589369101819} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1589369101819} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369101819,"flow_last_seen":1589369101819,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369101819,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1589369101819,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_msec":1589369101819,"pkt":"MzMAAABmqrvMAAEggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAB\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAIAgQAAAAB"} 00768{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1589369101819,"flow_last_seen":1589369101819,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":0,"thread_ts_msec":1589369101819,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} @@ -12,7 +12,7 @@ 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1589369131526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":34525,"pkt_l3_offset":18,"pkt_l4_offset":58,"pkt_len":72,"pkt_l4_len":14,"thread_ts_msec":1589369131526,"pkt":"MzMAAABmqrvMAAIggQAAEIbdbgAAAAAOEf\/+gAAAAAAAAAAAAAAAAAAC\/wIAAAAAAAAAAAAAAAAAZgftB+0ADvAHAgQAAAAB"} 00813{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369104269,"flow_last_seen":1589369235852,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":900,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::2","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} 00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1589369101819,"flow_last_seen":1589369240383,"flow_idle_time":180000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":1098,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1589369240383,"l3_proto":"ip6","src_ip":"fe80::1","dst_ip":"ff02::66","src_port":2029,"dst_port":2029,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HSRP","breed":"Acceptable","category":"Network"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-data-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1589369240383} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"hsrp2_ipv6.pcapng","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-data-len":1998,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1589369240383} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681714 bytes -~~ total memory freed........: 4681714 bytes +~~ total memory allocated....: 4681738 bytes +~~ total memory freed........: 4681738 bytes ~~ total allocations/frees...: 101182/101182 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars diff --git a/test/results/http-crash-content-disposition.pcap.out b/test/results/http-crash-content-disposition.pcap.out index 8779563ff..3f18b0b2d 100644 --- a/test/results/http-crash-content-disposition.pcap.out +++ b/test/results/http-crash-content-disposition.pcap.out @@ -1,5 +1,5 @@ 00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1492518365663} +00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1492518365663} 00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365663} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} 00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365767} @@ -18,7 +18,7 @@ 02271{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1492,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1492,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAF1EN2QAAtBpUTroEACsCoAGcAUMfjkVcfa3tFq0qAEAB6GowAAAEBCAoroVxpABR97khUVFAvMS4xIDIwMCBPSw0KU2VydmVyOiBuZ2lueA0KRGF0ZTogVHVlLCAxOCBBcHIgMjAxNyAxMjoxOToyNSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC81LjMuMw0KQ29udGVudC1MZW5ndGg6IDIxODcNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPGltc2dzPgo8dGltZXN0YW1wPjEzNTgyNzg0NTA8L3RpbWVzdGFtcD4KPGZyZXF1ZW50bHlfc2hvdz4zPC9mcmVxdWVudGx5X3Nob3c+CjxmcmVxdWVudGx5X3Nob3dfZmlyc3Q+MzwvZnJlcXVlbnRseV9zaG93X2ZpcnN0Pgo8bWVzc2FnZV9saXN0PgoJPG1lc3NhZ2U+CgkJPGlkPjE4PC9pZD4KCQk8dGl0bGU+RnJvbSBCcnVubyBNYXJzIHRvIFJpaGFubmE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5QbGF5IHRoZSBob3R0ZXN0IHNvbmdzIGVmZm9ydGxlc3NseSBvbiB0aGUgIzEgcGlhbm8gYXBwITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vYXBpLnNtdWxlLmNvbS92Mi9yZWRpcmVjdC9leUozWldKVmNtd2lPaUpvZEhSd09pOHZjR3hoZVM1bmIyOW5iR1V1WTI5dEwzTjBiM0psTDJGd2NITXZaR1YwWVdsc2N6OXBaRngxTURBelpHTnZiUzV6YlhWc1pTNXRZV2RwWTNCcFlXNXZJaXdpYlc5aWFXeGxWWEpzSWpvaWJXRnlhMlYwT2k4dlpHVjBZV2xzY3o5cFpGeDFNREF6WkdOdmJTNXpiWFZzWlM1dFlXZHBZM0JwWVc1dklpd2lZMkZ0Y0dGcFoyNUpaQ0k2TVRReU1pd2lZWEJ3SWpvaVRVbE9TVkJKUVU1UFgwRk9SRkpQU1VRaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDUxMzc2MzQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4xNzwvaWQ+CgkJPHRpdGxlPkRvd25sb2FkIFNpbmchIEthcmFva2UgZm9yIEZSRUU8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5TaW5nIHNvbmdzIGJ5IDFELCBDYXJseSBSYWUgSmVwc2VuLCBCaWViZXIgJmFtcDsgbW9yZSE8L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1YzJsdVoyRnVaSEp2YVdRaUxDSnRiMkpwYkdWVmNtd2lPaUp0WVhKclpYUTZMeTlrWlhSaGFXeHpQMmxrWEhVd01ETmtZMjl0TG5OdGRXeGxMbk5wYm1kaGJtUnliMmxrSWl3aVkyRnRjR0ZwWjI1SlpDSTZNVEV4T0N3aVlYQndJam9pVTBsT1IxOUhUMDlIVEVVaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjY3NzM5MA=="} 00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968} 01585{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":981,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":981,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAD1UN3QAAtBpcRroEACsCoAGcAUMfjkVclC3tFq0qAGAB6wJEAAAEBCAoroVxpABR97jQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMDwvaWQ+CgkJPHRpdGxlPkEgUGVwIFRhbGsgZnJvbSBLaWQgUHJlc2lkZW50ITwvdGl0bGU+CgkJPGRlc2NyaXB0aW9uPldhdGNoIHRoZSBuZXdlc3QgdmlkZW8gZnJvbSBUaGUgR3JlZ29yeSBCcm90aGVycywgYW5kIHBlcmZvcm0geW91ciBvd24gcmVuZGl0aW9uITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9bkZHY3JZUGRySlU8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYzNTQyNDg8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMTwvaWQ+CgkJPHRpdGxlPlJhcCBsaWtlIEVtaW5lbSE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5BdXRvUmFwIHR1cm5zIHNwZWVjaCBpbnRvIHJhcCAoYW5kIGNvcnJlY3RzIGJhZCByYXBwaW5nKS48L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1WVhWMGIzSmhjQ0lzSW0xdlltbHNaVlZ5YkNJNkltMWhjbXRsZERvdkwyUmxkR0ZwYkhNL2FXUmNkVEF3TTJSamIyMHVjMjExYkdVdVlYVjBiM0poY0NJc0ltTmhiWEJoYVdkdVNXUWlPakUxTVRNc0ltRndjQ0k2SWtGVlZFOVNRVkJmUjA5UFJ5Sjk8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYwNzU0MDI8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KPC9tZXNzYWdlX2xpc3Q+CjwvaW1zZ3M+"} -00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":21,"global_ts_msec":1492518365968} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1492518365968} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/0 ~~ skipped flows.............: 0 @@ -27,8 +27,8 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars diff --git a/test/results/http-lines-split.pcap.out b/test/results/http-lines-split.pcap.out index 47acf23c3..83f14df4d 100644 --- a/test/results/http-lines-split.pcap.out +++ b/test/results/http-lines-split.pcap.out @@ -1,12 +1,12 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-lines-split.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1593713340401} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593713340401} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593713340401,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1593713340401,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0t6tAAHkGyLLAqAABwKgAFJlEemkrolmxAAAAAIAC+vBZugAAAgQFtAEBBAIBAwMG"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1593713340401,"pkt":"YDjgxTWgABjzZLGICABFAAA0AABAALIGR17AqAAUwKgAAXppmUT8ca\/AK6JZsoAS+vCBjAAAAgQFtAEBBAIBAwMH"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1593713340401,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1593713340401,"pkt":"ABjzZLGIYDjgxTWgCABFAAAot6xAAHkGyL3AqAABwKgAFJlEemkrolmy\/HGvwVAQA+zlTAAAAAAAAAAA"} 00881{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1593713340401,"flow_last_seen":1593713340402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1593713340402,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"toni.lan","url":"toni.lan:31337\/","code":0,"content_type":"","user_agent":""}} 00827{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1593713340401,"flow_last_seen":1593713340404,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1699,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1593713340404,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.0.20","src_port":39236,"dst_port":31337,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1593713340404} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"http-lines-split.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":1699,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1593713340404} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680234 bytes -~~ total memory freed........: 4680234 bytes +~~ total memory allocated....: 4680258 bytes +~~ total memory freed........: 4680258 bytes ~~ total allocations/frees...: 101159/101159 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/http-manipulated.pcap.out b/test/results/http-manipulated.pcap.out index 76b49926e..b228221e9 100644 --- a/test/results/http-manipulated.pcap.out +++ b/test/results/http-manipulated.pcap.out @@ -1,11 +1,11 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-manipulated.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946727901369} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946727901369} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAA0umlAAI8Gr+7AqAAUwKgAB4NgH5BugXMeAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946727901369,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg2CKV04jboFzH4AS+vCVmQAAAgQFtAEBBAIBAwMG"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946727901369,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":946727901369,"pkt":"0h+5iIqPABjzZLGICABFAAAoumpAAI8Gr\/nAqAAUwKgAB4NgH5BugXMfildOJFAQAfaBhgAA"} 00889{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946727901369,"flow_last_seen":946727901369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":946727901369,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"wwww.lan","url":"wwww.lan:8080\/","code":0,"content_type":"","user_agent":"curl\/7.64.0"}} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":946729142063} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":653,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":946729142063} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"0h+5iIqPABjzZLGICABFAAA0svlAAL4GiF7AqAAUwKgAB4OUH5ARN20zAAAAAIAC+vCBkgAAAgQFtAEBBAIBAwMH"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":946729142063,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946729142063,"pkt":"ABjzZLGI0h+5iIqPCABFAAA0AABAAEAGuVjAqAAHwKgAFB+Qg5SNfRmbETdtNIAS+vAp\/QAAAgQFtAEBBAIBAwMG"} @@ -13,7 +13,7 @@ 00987{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":14,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946729142063,"flow_last_seen":946729142063,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":946729142063,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.lan","url":"www.lan:8080\/aaaaaaaaaaaaaaaaaaaaaaaa_very_long_uri","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Linux x86_64; rv:81.0) Gecko\/20100101 Firefox\/81.0"}} 00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":946727901369,"flow_last_seen":946727901370,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":577,"flow_tot_l4_payload_len":653,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33632,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00829{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":318,"flow_first_seen":946729142063,"flow_last_seen":946729148160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":29200,"flow_tot_l4_payload_len":940892,"flow_avg_l4_payload_len":2958,"midstream":0,"thread_ts_msec":946729148160,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"192.168.0.7","src_port":33684,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00487{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":328,"packets-processed":328,"total-skipped-flows":0,"total-l4-data-len":941545,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":16,"global_ts_msec":946729148160} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":328,"source":"http-manipulated.pcap","alias":"nDPId-test","packets-captured":328,"packets-processed":328,"total-skipped-flows":0,"total-l4-data-len":941545,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":946729148160} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 328/328 ~~ skipped flows.............: 0 @@ -22,8 +22,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4690363 bytes -~~ total memory freed........: 4690363 bytes +~~ total memory allocated....: 4690387 bytes +~~ total memory freed........: 4690387 bytes ~~ total allocations/frees...: 101481/101481 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/http_auth.pcap.out b/test/results/http_auth.pcap.out index be81d6cc2..e0293cb62 100644 --- a/test/results/http_auth.pcap.out +++ b/test/results/http_auth.pcap.out @@ -1,12 +1,12 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_auth.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1381844050222} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1381844050222} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1381844050222,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1381844050222,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1381844050222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1381844050222,"pkt":"TBfruiThKM\/pITwrCABFAABARSdAAEAGtjzAqAAEwP69qdRBAFCa4jGyAAAAALAC\/\/8jTAAAAgQFtAEDAwQBAQgKH38TuAAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1381844050402,"pkt":"KM\/pITwrTBfruiThCABFAAA8AABAADgGA2jA\/r2pwKgABABQ1EEDZtH9muIxs6ASOJA\/hAAAAgQFtAQCCAowzbX3H38TuAEDAwc="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1381844050402,"pkt":"TBfruiThKM\/pITwrCABFAAA0XSJAAEAGnk3AqAAEwP69qdRBAFCa4jGzA2bR\/oAQICuGBAAAAQEICh9\/FGkwzbX3"} 00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1381844050222,"flow_last_seen":1381844050402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":739,"flow_tot_l4_payload_len":739,"flow_avg_l4_payload_len":184,"midstream":0,"thread_ts_msec":1381844050402,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"browserspy.dk","url":"browserspy.dk\/password-ok.php","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/30.0.1599.69 Safari\/537.36"}} 00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1381844050222,"flow_last_seen":1381844057320,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":18376,"flow_avg_l4_payload_len":556,"midstream":0,"thread_ts_msec":1381844057320,"l3_proto":"ip4","src_ip":"192.168.0.4","dst_ip":"192.254.189.169","src_port":54337,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1381844057320} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"http_auth.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":18376,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1381844057320} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680937 bytes -~~ total memory freed........: 4680937 bytes +~~ total memory allocated....: 4680961 bytes +~~ total memory freed........: 4680961 bytes ~~ total allocations/frees...: 101180/101180 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/http_ipv6.pcap.out b/test/results/http_ipv6.pcap.out index 2b665e3f4..43a85bfe0 100644 --- a/test/results/http_ipv6.pcap.out +++ b/test/results/http_ipv6.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http_ipv6.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1448269123954} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1448269123954} 00607{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1448269123954,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269123954,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4006:804::200e","src_port":40526,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1448269123954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123954,"pkt":"UMWNrEEBeKzApw1Mht1gAAAAACAGQCoADUAAAQADeqzA\/\/6nDUwqABRQQAYIBAAAAAAAACAOnk4Bu0sl6VcU0QFTgBAA8iVzAAABAQgKEg1o4A\/E+0k="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1448269123971,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1448269123971,"pkt":"eKzApw1M9LUv\/K\/Cht1gAAAAACAGOSoAFFBABggEAAAAAAAAIA4qAA1AAAEAA3qswP\/+pw1MAbueThTRAVNLJelYgBABCVvaAAABAQgKD8WrNBINPNs="} @@ -95,7 +95,7 @@ 00609{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269144306,"flow_last_seen":1448269144348,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:400b:c02::9a","src_port":33062,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00667{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00611{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1448269145458,"flow_last_seen":1448269145478,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1448269146970,"l3_proto":"ip6","src_ip":"2a00:d40:1:3:7aac:c0ff:fea7:d4c","dst_ip":"2a00:1450:4001:803::1012","src_port":59690,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-data-len":51193,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":7,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-events-serialized":98,"global_ts_msec":1448269146970} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":193,"source":"http_ipv6.pcap","alias":"nDPId-test","packets-captured":193,"packets-processed":193,"total-skipped-flows":0,"total-l4-data-len":51193,"total-not-detected-flows":1,"total-guessed-flows":7,"total-detected-flows":7,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":98,"global_ts_msec":1448269146970} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 193/193 ~~ skipped flows.............: 0 @@ -104,8 +104,8 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4767832 bytes -~~ total memory freed........: 4767832 bytes +~~ total memory allocated....: 4767856 bytes +~~ total memory freed........: 4767856 bytes ~~ total allocations/frees...: 101444/101444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/iec60780-5-104.pcap.out b/test/results/iec60780-5-104.pcap.out index 937165b4f..582b63328 100644 --- a/test/results/iec60780-5-104.pcap.out +++ b/test/results/iec60780-5-104.pcap.out @@ -1,5 +1,5 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iec60780-5-104.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1219992231267} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1219992231267} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1219992231267,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1219992231267,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1568,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABXFGNTMABNy14eKCABFAAAwbS5AAIAGRKWsG\/htrBv4TwYgCWR6t61JAAAAAHAC\/\/8CpgAAAgQFtAEBBAI="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1219992231267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992231267,"pkt":"ABNy14eKABXFGNTMCABFAAAwQVVAAIAGcH6sG\/hPrBv4bQlkBiDrZdPBeretSnAS\/\/9DbQAAAgQFtAEBBAI="} @@ -33,11 +33,11 @@ 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1219992819943,"pkt":"ABNy14eKABXFGNTMCABFAAAwQZZAAIAGcD2sG\/hPrBv4bQlkBir5wu6KQbAakHAS\/\/\/l\/gAAAgQFtAEBBAI="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":3,"flow_last_seen":1219992819943,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1219992819943,"pkt":"ABXFGNTMABNy14eKCABFAAAobkVAAIAGQ5asG\/htrBv4TwYqCWRBsBqQ+cLui1AQ\/\/8SwwAAAAAAAAAA"} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1219992819942,"flow_last_seen":1219992819944,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1219992819944,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00481{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-data-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-events-serialized":36,"global_ts_msec":1219992852463} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-data-len":343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":3,"total-active-flows":6,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1219992852463} 00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":117,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1219992590188,"flow_last_seen":1219992781349,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":110,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1219992910077,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1572,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":120,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1219992782348,"flow_last_seen":1219992818955,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":17,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":2,"midstream":0,"thread_ts_msec":1219992935600,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1577,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} 00693{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1219992819942,"flow_last_seen":1219993055118,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":417,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1219993055118,"l3_proto":"ip4","src_ip":"172.27.248.109","dst_ip":"172.27.248.79","src_port":1578,"dst_port":2404,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"IEC60870","breed":"Acceptable","category":"IoT-Scada"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-data-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-events-serialized":40,"global_ts_msec":1219993055118} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":147,"source":"iec60780-5-104.pcap","alias":"nDPId-test","packets-captured":147,"packets-processed":147,"total-skipped-flows":0,"total-l4-data-len":748,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1219993055118} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 147/147 ~~ skipped flows.............: 0 @@ -46,8 +46,8 @@ ~~ total active/idle flows...: 6/6 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688421 bytes -~~ total memory freed........: 4688421 bytes +~~ total memory allocated....: 4688445 bytes +~~ total memory freed........: 4688445 bytes ~~ total allocations/frees...: 101305/101305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars diff --git a/test/results/imap-starttls.pcap.out b/test/results/imap-starttls.pcap.out index 341aa16cb..9a04724a7 100644 --- a/test/results/imap-starttls.pcap.out +++ b/test/results/imap-starttls.pcap.out @@ -1,12 +1,12 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imap-starttls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1437584567812} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1437584567812} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437584567812,"flow_last_seen":1437584567812,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1437584567812,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437584567812,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1437584567812,"pkt":"kFmvW2bUaKhtGGkOCABFAABAc8pAAEAGDnPAqBE11OMRusHoAI+CJObQAAAAALAC\/\/\/XTwAAAgQFtAEDAwQBAQgKKoxROgAAAAAEAgAA"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437584568002,"pkt":"aKhtGGkOkFmvW2bUCABFIAA0AABAADAGkinU4xG6wKgRNQCPwehPqEW7giTm0YASPryvAAAAAgQFtAQCAwMKAAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1437584568002,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1437584568002,"pkt":"kFmvW2bUaKhtGGkOCABFAAAohpRAAEAG+8DAqBE11OMRusHoAI+CJObRT6hFvFAQQAD2hgAA"} 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1437584567812,"flow_last_seen":1437584568383,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":271,"flow_tot_l4_payload_len":524,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1437584568383,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} 00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1437584567812,"flow_last_seen":1437584570828,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6193,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1437584570828,"l3_proto":"ip4","src_ip":"192.168.17.53","dst_ip":"212.227.17.186","src_port":49640,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"IMAPS","breed":"Safe","category":"Email"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1437584570828} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"imap-starttls.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":6193,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1437584570828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682774 bytes -~~ total memory freed........: 4682774 bytes +~~ total memory allocated....: 4682798 bytes +~~ total memory freed........: 4682798 bytes ~~ total allocations/frees...: 101176/101176 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/imap.pcap.out b/test/results/imap.pcap.out index b79b36a23..0fa90ab29 100644 --- a/test/results/imap.pcap.out +++ b/test/results/imap.pcap.out @@ -1,12 +1,12 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imap.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1213095262213} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1213095262213} 00565{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1213095262213,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1213095262213,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA8nkhAAEAGgSAKKAQCCigDArPdAI+IaqplAAAAAKACFtDwZgAAAgQFtAQCCAoKDDQtAAAAAAEDAwc="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1213095262213,"pkt":"ABUXJM1lAASWJ8g6CABFAAA8VURAAH8GiyQKKAMCCigEAgCPs903+0YNiGqqZqASIAAxdQAAAgQFtAEDAwgEAggKAoc1IAoMNC0="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1213095262213,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1213095262213,"pkt":"AASWJ8g6ABUXJM1lCABFAAA0nklAAEAGgScKKAQCCigDArPdAI+IaqpmN\/tGDoAQAC6AFAAAAQEICgoMNC0ChzUg"} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1213095262213,"flow_last_seen":1213095266594,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":184,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1213095266594,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"},"imap": {"user":"samir","password":"pfres"}} 00784{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":33,"flow_first_seen":1213095262213,"flow_last_seen":1213095266780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":696,"flow_tot_l4_payload_len":1580,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1213095266780,"l3_proto":"ip4","src_ip":"10.40.4.2","dst_ip":"10.40.3.2","src_port":46045,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IMAP","breed":"Unsafe","category":"Email"}} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1213095266780} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"imap.pcap","alias":"nDPId-test","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-data-len":1580,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1213095266780} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 33/33 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682803 bytes -~~ total memory freed........: 4682803 bytes +~~ total memory allocated....: 4682827 bytes +~~ total memory freed........: 4682827 bytes ~~ total allocations/frees...: 101177/101177 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/imaps.pcap.out b/test/results/imaps.pcap.out index 9dc20ebfb..07290b115 100644 --- a/test/results/imaps.pcap.out +++ b/test/results/imaps.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"imaps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1590857744659} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590857744659} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590857744659,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1590857744659,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590857744659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1590857744659,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+f\/AqAEIp2PXpMVKA+HRNM\/NAAAAALAC\/\/\/ajwAAAgQFtAEDAwUBAQgKFE2dOQAAAAAEAgAA"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1590857744706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1590857744706,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBgSnY9ekwKgBCAPhxUrMi6La0TTPzqAS\/ojr6QAAAgQFrAQCCAqpw+fsFE2dOQEDAwc="} @@ -8,7 +8,7 @@ 01008{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1667,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} 01212{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1590857744659,"flow_last_seen":1590857744765,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3107,"flow_avg_l4_payload_len":443,"midstream":0,"thread_ts_msec":1590857744765,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mail.ntop.org","server_names":"mail.ntop.org","ja3":"4923a265be4d81c68ecda45bb89cdf6a","ja3s":"b653c251b0ee54c3088fe7bb997cf59d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3","subjectDN":"CN=mail.ntop.org","fingerprint":"F1:9A:35:30:96:57:5E:56:81:28:2C:D9:45:A5:83:21:9E:E8:C5:DF"}} 00815{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1590857744659,"flow_last_seen":1590857744987,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3856,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1590857744987,"l3_proto":"ip4","src_ip":"192.168.1.8","dst_ip":"167.99.215.164","src_port":50506,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1590857744987} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"imaps.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":3856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1590857744987} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685289 bytes -~~ total memory freed........: 4685289 bytes +~~ total memory allocated....: 4685313 bytes +~~ total memory freed........: 4685313 bytes ~~ total allocations/frees...: 101168/101168 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/instagram.pcap.out b/test/results/instagram.pcap.out index 3fbccddf3..b45c43dac 100644 --- a/test/results/instagram.pcap.out +++ b/test/results/instagram.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"instagram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1436720898354} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1436720898354} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898354,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720898354,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"173.252.107.4","src_port":56382,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"instagram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1436720898354,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720898354,"pkt":"ABsv8H60QPMIw47hCABFAAA8TypAAEAGEYLAqABnrfxrBNw+AbsehKWiAAAAAKACOQjaPgAAAgQFtAQCCAoAA+qIAAAAAAEDAwY="} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"instagram.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720898386,"flow_last_seen":1436720898386,"flow_idle_time":7440000,"flow_min_l4_payload_len":1365,"flow_max_l4_payload_len":1365,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":1365,"midstream":1,"thread_ts_msec":1436720898386,"l3_proto":"ip4","src_ip":"192.168.0.103","dst_ip":"31.13.93.52","src_port":33936,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -155,7 +155,7 @@ 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1436720952611,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1436720952611,"l3_proto":"ip4","src_ip":"46.33.70.150","dst_ip":"192.168.0.103","src_port":80,"dst_port":40855,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":737,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1436720952611,"pkt":"QPMIw47hABsv8H60CABFAAA8AABAADkGC\/YuIUaWwKgAZwBQn5dVkK9h7WtuhaASOJDXwwAAAgQFlgQCCAoJIvhRAAP\/swEDAwU="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":738,"source":"instagram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1436720952611,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1436720952611,"pkt":"ABsv8H60QPMIw47hCABFAAA0kThAAEAGc8XAqABnLiFGlp+XAFDta26FVZCvYoAQAOU17QAAAQEICgAD\/7oJIvhR"} -00484{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":745,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":515476,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":15,"total-updates":0,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-events-serialized":158,"global_ts_msec":1568796253770} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":745,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":515476,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":15,"total-updates":0,"current-active-flows":32,"total-active-flows":32,"total-idle-flows":0,"total-compressions":9,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":158,"global_ts_msec":1568796253770} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568796253770,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1568796253770,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49355,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00487{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1568796253770,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1568796253770,"pkt":"xiwDYGpkxGGLNYKpCABFAABAAABAAEAGAr7AqAIRHw1WNMDLAbuZigajAAAAALAC\/\/8cPAAAAgQFtAEDAwYBAQgKDXByoQAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":746,"source":"instagram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1568796253782,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1568796253782,"pkt":"xGGLNYKpxiwDYGpkCABFAAA8AAAAAFQGLsIfDVY0wKgCEQG7wMv1rwrBmYoGpKASbHB3qgAAAgQFeAQCCAo6Lg6wDXByoQEDAwg="} @@ -239,7 +239,7 @@ 00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":230,"flow_first_seen":1568796254524,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155234,"flow_avg_l4_payload_len":674,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49359,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"finished","flow_packets_processed":359,"flow_first_seen":1568796265146,"flow_last_seen":1568796268054,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":272019,"flow_avg_l4_payload_len":757,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49360,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} 00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":212,"flow_first_seen":1568796265147,"flow_last_seen":1568796268053,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":155200,"flow_avg_l4_payload_len":732,"midstream":0,"thread_ts_msec":1568796268061,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"31.13.86.52","src_port":49361,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Instagram","breed":"Fun","category":"SocialNetwork"}} -00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":3443,"packets-processed":3442,"total-skipped-flows":0,"total-l4-data-len":2699527,"total-not-detected-flows":1,"total-guessed-flows":12,"total-detected-flows":29,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-events-serialized":242,"global_ts_msec":1568796268061} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3443,"source":"instagram.pcap","alias":"nDPId-test","packets-captured":3443,"packets-processed":3442,"total-skipped-flows":0,"total-l4-data-len":2699527,"total-not-detected-flows":1,"total-guessed-flows":12,"total-detected-flows":29,"total-detection-updates":21,"total-updates":0,"current-active-flows":0,"total-active-flows":38,"total-idle-flows":38,"total-compressions":14,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":242,"global_ts_msec":1568796268061} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3443/3442 ~~ skipped flows.............: 0 @@ -248,8 +248,8 @@ ~~ total active/idle flows...: 38/38 ~~ total timeout flows.......: 9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5383988 bytes -~~ total memory freed........: 5383988 bytes +~~ total memory allocated....: 5384012 bytes +~~ total memory freed........: 5384012 bytes ~~ total allocations/frees...: 104859/104859 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/ip_fragmented_garbage.pcap.out b/test/results/ip_fragmented_garbage.pcap.out index dcb3e1f41..0267068c7 100644 --- a/test/results/ip_fragmented_garbage.pcap.out +++ b/test/results/ip_fragmented_garbage.pcap.out @@ -1,5 +1,5 @@ 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1534244024697} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1534244024697} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244024697,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534244024697,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":24102,"dst_port":10792,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534244024697,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":16,"thread_ts_msec":1534244024697,"pkt":"QgEK8AABQgEK8AAbCABFAAAkAKAgAEAGRbEKAAACCoAAAl4mKigpKComXiUkI0AjJCUpOAAA"} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","l4_data_len":16,"global_ts_msec":1534244024697} @@ -18212,7 +18212,7 @@ 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244027129,"flow_last_seen":1534244027129,"flow_idle_time":7440000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":13617,"dst_port":10536,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00588{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534244031080,"flow_last_seen":1534244031080,"flow_idle_time":7440000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":1,"thread_ts_msec":1534244033211,"l3_proto":"ip4","src_ip":"10.0.0.2","dst_ip":"10.128.0.2","src_port":18258,"dst_port":16199,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00496{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":9077,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":80,"total-not-detected-flows":29,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-events-serialized":18215,"global_ts_msec":1534244033215} +00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9077,"source":"ip_fragmented_garbage.pcap","alias":"nDPId-test","packets-captured":9077,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":80,"total-not-detected-flows":29,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":29,"total-idle-flows":29,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18215,"global_ts_msec":1534244033215} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9077/29 ~~ skipped flows.............: 0 @@ -18221,8 +18221,8 @@ ~~ total active/idle flows...: 29/29 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4705055 bytes -~~ total memory freed........: 4705055 bytes +~~ total memory allocated....: 4705079 bytes +~~ total memory freed........: 4705079 bytes ~~ total allocations/frees...: 101256/101256 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 220 chars diff --git a/test/results/iphone.pcap.out b/test/results/iphone.pcap.out index e3cefe68a..456535d20 100644 --- a/test/results/iphone.pcap.out +++ b/test/results/iphone.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"iphone.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1582454552576} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1582454552576} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01122{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1582454552576,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":552,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":552,"pkt_l4_len":518,"thread_ts_msec":1582454552576,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAAIaAFkAAEAR8inAqAIBwKgC\/0RcRFwCBr34eyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAzMzA0MDI2MjQwMTMxNjcxMTI3MTc3MTQ1ODMyOTcxNTM2ODg0ODIsICJkaXNwbGF5bmFtZSI6ICIiLCAibmFtZXNwYWNlcyI6IFsyNzUwMzcwNTYwLCA3ODUyNjYxNzcsIDE1MjYyNjMwNDUsIDEzMzg2NTkyMDEsIDE0ODE5MzM3LCA0ODEwNTkxNzYwLCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCAyODUyMTYwNywgNDA1NjQ2MjU5MiwgNzA1MzYyNzE4NCwgMTUyMjE3NzU4NywgMTQyMTExNDM5OSwgMTI1MjExNjQyOSwgOTk0Njk3NzMsIDcwNzk2MzY2ODgsIDE3Njk2NDMwNywgMTI1NTQwNTY2LCAxMDQ3NDI4MTg5LCA0NzE2MTkwMDQ4LCA1NDY3MTYzMDg4LCAxMTk1MDQ0MDcxLCA5Njg1MzIyNCwgMTc2MDk5NjMsIDY0NzgzMDM0NDAsIDUxMTcwNjY0MiwgNjI5Nzk1NTE4NCwgMTQxNTYyMDM1MF19"} 00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"iphone.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1582454552576,"flow_last_seen":1582454552576,"flow_idle_time":180000,"flow_min_l4_payload_len":510,"flow_max_l4_payload_len":510,"flow_tot_l4_payload_len":510,"flow_avg_l4_payload_len":510,"midstream":0,"thread_ts_msec":1582454552576,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} @@ -312,7 +312,7 @@ 00655{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454595354,"flow_last_seen":1582454599568,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip6","src_ip":"fe80::823:3f17:8298:a29c","dst_ip":"ff02::2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454598713,"flow_last_seen":1582454598755,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":161,"flow_tot_l4_payload_len":193,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":52682,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiCloud","breed":"Acceptable","category":"Web"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1582454599929,"flow_last_seen":1582454599930,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":238,"flow_avg_l4_payload_len":119,"midstream":0,"thread_ts_msec":1582454600748,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":65079,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.AppleiTunes","breed":"Fun","category":"Streaming"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":486,"total-skipped-flows":0,"total-l4-data-len":190360,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-events-serialized":315,"global_ts_msec":1582454600748} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":500,"source":"iphone.pcap","alias":"nDPId-test","packets-captured":500,"packets-processed":486,"total-skipped-flows":0,"total-l4-data-len":190360,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":50,"total-detection-updates":40,"total-updates":0,"current-active-flows":0,"total-active-flows":51,"total-idle-flows":51,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":315,"global_ts_msec":1582454600748} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 500/486 ~~ skipped flows.............: 0 @@ -321,8 +321,8 @@ ~~ total active/idle flows...: 51/51 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4995786 bytes -~~ total memory freed........: 4995786 bytes +~~ total memory allocated....: 4995810 bytes +~~ total memory freed........: 4995810 bytes ~~ total allocations/frees...: 102026/102026 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars diff --git a/test/results/ipv6_in_gtp.pcap.out b/test/results/ipv6_in_gtp.pcap.out index 019a5b2bd..a8bd785b5 100644 --- a/test/results/ipv6_in_gtp.pcap.out +++ b/test/results/ipv6_in_gtp.pcap.out @@ -1,11 +1,11 @@ 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1536839120404} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1536839120404} 00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536839120404} 00468{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1536840494424} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":5,"global_ts_msec":1536840494424} 00188{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536840494424} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1536840494424} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1536840494424} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/0 ~~ skipped flows.............: 0 @@ -14,10 +14,10 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 193 chars -~~ json string max len.......: 496 chars -~~ json string avg len.......: 341 chars +~~ json string max len.......: 555 chars +~~ json string avg len.......: 373 chars diff --git a/test/results/irc.pcap.out b/test/results/irc.pcap.out index 02b7dd22a..a61c7640a 100644 --- a/test/results/irc.pcap.out +++ b/test/results/irc.pcap.out @@ -1,12 +1,12 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"irc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1387554241634} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1387554241634} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1387554241634,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1387554241634,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1387554241634,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241634,"pkt":"AAAMB6wBABNyxPHhCABFAAA8\/+BAAEAGJjUKtJz5JuVGFLNhH0BpMfDFAAAAAKACOQj\/0AAAAgQFtAQCCAq+wg8lAAAAAAEDAwc="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1387554241665,"pkt":"ABNyxPHhANAr0XYACABFAAA8AABAADIGNBYm5UYUCrSc+R9As2GRFS01aTHwxqASFqAOiAAAAgQFtAQCCAowSCUOvsIPJQEDAwY="} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1387554241665,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1387554241665,"pkt":"AAAMB6wBABNyxPHhCABFAAA0\/+FAAEAGJjwKtJz5JuVGFLNhH0BpMfDGkRUtNoAQAHNTYQAAAQEICr7CD0QwSCUO"} 00872{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1387554241634,"flow_last_seen":1387554241695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":114,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1387554241695,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} 00917{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1387554241634,"flow_last_seen":1387554256201,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7015,"flow_avg_l4_payload_len":241,"midstream":0,"thread_ts_msec":1387554256201,"l3_proto":"ip4","src_ip":"10.180.156.249","dst_ip":"38.229.70.20","src_port":45921,"dst_port":8000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"IRC","breed":"Unsafe","category":"Chat"}} -00469{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1387554256201} +00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":29,"source":"irc.pcap","alias":"nDPId-test","packets-captured":29,"packets-processed":29,"total-skipped-flows":0,"total-l4-data-len":7015,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1387554256201} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 29/29 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682687 bytes -~~ total memory freed........: 4682687 bytes +~~ total memory allocated....: 4682711 bytes +~~ total memory freed........: 4682711 bytes ~~ total allocations/frees...: 101173/101173 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/ja3_lots_of_cipher_suites.pcap.out b/test/results/ja3_lots_of_cipher_suites.pcap.out index f945fd35d..5a0941288 100644 --- a/test/results/ja3_lots_of_cipher_suites.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites.pcap.out @@ -1,5 +1,5 @@ 00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1557818846743} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1557818846743} 00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846743} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="} 00202{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846744} @@ -22,7 +22,7 @@ 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="} 00203{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846965} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1557818846965} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1557818846965} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/0 ~~ skipped flows.............: 0 @@ -31,8 +31,8 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 207 chars diff --git a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out index ea41fc4d6..4808b983b 100644 --- a/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out +++ b/test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -1,5 +1,5 @@ 00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00490{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1505724520744} +00569{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1505724520744} 00255{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1505724520744} 00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -32,7 +32,7 @@ 00256{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526501} 00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526501,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="} 00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} -00499{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":35,"global_ts_msec":1505724526702} +00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1505724526702} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -41,8 +41,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680581 bytes -~~ total memory freed........: 4680581 bytes +~~ total memory allocated....: 4680605 bytes +~~ total memory freed........: 4680605 bytes ~~ total allocations/frees...: 101170/101170 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 260 chars diff --git a/test/results/kerberos.pcap.out b/test/results/kerberos.pcap.out index d90d6dac4..924b814ef 100644 --- a/test/results/kerberos.pcap.out +++ b/test/results/kerberos.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1549337929790} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1549337929790} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00774{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":293,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":293,"pkt_l4_len":259,"thread_ts_msec":1549337929790,"pkt":"pB9ywglqAAgCHEeuCABFAAEXABdAAIAGkNisEAjJrBAICMAFAFiynbRHbznTnlAYAQAf5QAAAAAA62qB6DCB5aEDAgEFogMCAQqjFTATMBGhBAICAICiCQQHMAWgAwEB\/6SBwTCBvqAHAwUAQIEAEKEYMBagAwIBAaEPMA0bC2pvaG5zb24tcGMkohAbDmhhcHB5Y3JhZnQub3JnoyMwIaADAgECoRowGBsGa3JidGd0Gw5oYXBweWNyYWZ0Lm9yZ6URGA8yMDM3MDkxMzAyNDgwNVqmERgPMjAzNzA5MTMwMjQ4MDVapwYCBE7AFheoFTATAgESAgERAgEXAgEYAgL\/eQIBA6kdMBswGaADAgEUoRIEEEpPSE5TT04tUEMgICAgICA="} 00721{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1549337929790,"flow_last_seen":1549337929790,"flow_idle_time":7440000,"flow_min_l4_payload_len":239,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":239,"midstream":1,"thread_ts_msec":1549337929790,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49157,"dst_port":88,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"johnson-pc","domain":"happycraft.org","username":""}} @@ -189,7 +189,7 @@ 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337931220,"flow_last_seen":1549337931221,"flow_idle_time":7440000,"flow_min_l4_payload_len":227,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":487,"flow_avg_l4_payload_len":243,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49174,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SMBv23","breed":"Acceptable","category":"System"}} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1549337952282,"flow_last_seen":1549337952283,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":356,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":308,"midstream":1,"thread_ts_msec":1549337952283,"l3_proto":"ip4","src_ip":"172.16.8.201","dst_ip":"172.16.8.8","src_port":49194,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-data-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-events-serialized":192,"global_ts_msec":1549337952283} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":77,"source":"kerberos.pcap","alias":"nDPId-test","packets-captured":77,"packets-processed":77,"total-skipped-flows":0,"total-l4-data-len":24133,"total-not-detected-flows":2,"total-guessed-flows":23,"total-detected-flows":11,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":36,"total-idle-flows":36,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":192,"global_ts_msec":1549337952283} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 77/77 ~~ skipped flows.............: 0 @@ -198,8 +198,8 @@ ~~ total active/idle flows...: 36/36 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4763751 bytes -~~ total memory freed........: 4763751 bytes +~~ total memory allocated....: 4763775 bytes +~~ total memory freed........: 4763775 bytes ~~ total allocations/frees...: 101350/101350 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/kerberos_fuzz.pcapng.out b/test/results/kerberos_fuzz.pcapng.out index e2db6e0ae..cb7ae7036 100644 --- a/test/results/kerberos_fuzz.pcapng.out +++ b/test/results/kerberos_fuzz.pcapng.out @@ -1,10 +1,10 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1633884084000} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1633884084000} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} 00808{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":288,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":288,"pkt_l4_len":268,"thread_ts_msec":1633884084000,"pkt":"RSYBIAFKAAAABn0BfgQBABMAAAAAWNGOAAAAAAAAAQAgAQAAAAAAAGZfRk9VTgAGA0QNChsbGxsbGxsbGxsbJwYGBgYGBgYGBhsbG10bGwYGBgYGBgYGBg0K\/\/\/\/\/05NRWGMG2VyMUnz8\/NDQQEAAAAAAABdKgC3MFD\/AAAAAABfAAAAAAAAAEVhjGlkO\/\/\/\/\/\/\/b2VyWQAAAAAAAABNRQAAAAAAAAAAAAAAAAAAAAAATUxAU0m3MFCjL1MuMlQg80NBTk1FYYxpZDsNCv\/\/\/\/9OTUVhjBtlcjFJ8\/P\/\/\/\/\/AAAAAAAAXSoAtzBQoy9TLkFOTUVhjGlkOw0K\/\/\/\/\/zsNCv\/\/\/\/8vUy4yVEFUIPNDQU5NRWGMaWQ7DQr\/\/\/\/\/"} 00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Kerberos","breed":"Acceptable","category":"Network"},"kerberos": {"hostname":"","domain":"r1ica","username":""}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633884084000,"flow_last_seen":1633884084000,"flow_idle_time":7440000,"flow_min_l4_payload_len":260,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":260,"midstream":1,"thread_ts_msec":1633884084000,"l3_proto":"ip4","src_ip":"126.4.1.0","dst_ip":"19.0.0.0","src_port":88,"dst_port":53646,"l4_proto":"tcp","flow_datalink":228,"flow_max_packets":3} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1633884084000} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"kerberos_fuzz.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":260,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1633884084000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars ~~ json string max len.......: 813 chars -~~ json string avg len.......: 629 chars +~~ json string avg len.......: 630 chars diff --git a/test/results/log4j-webapp-exploit.pcap.out b/test/results/log4j-webapp-exploit.pcap.out index 7310f388a..425352632 100644 --- a/test/results/log4j-webapp-exploit.pcap.out +++ b/test/results/log4j-webapp-exploit.pcap.out @@ -1,5 +1,5 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1639425815407} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639425815407} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815407,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815407,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADxjYEAAPQamLqwQ7gGsEO4KB8AfkHmWgrEAAAAAoAL68JU2AAACBAW0BAIICq34shoAAAAAAQMDBw=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} @@ -51,7 +51,7 @@ 00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1639425815910,"flow_last_seen":1639425815918,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":146,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48444,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} 00942{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639425834639,"flow_last_seen":1639425834642,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1352,"flow_tot_l4_payload_len":1756,"flow_avg_l4_payload_len":135,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":48534,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"4": {"risk":"Binary Application Transfer","severity":"Severe","risk_score": {"total":250,"client":225,"server":25}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Download"}} 00836{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1639425815682,"flow_last_seen":1639425833591,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":147,"flow_tot_l4_payload_len":294,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1639425834697,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"LDAP","breed":"Acceptable","category":"System"}} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-data-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-events-serialized":54,"global_ts_msec":1639425834697} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":426,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","packets-captured":426,"packets-processed":422,"total-skipped-flows":0,"total-l4-data-len":5830,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1639425834697} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 426/422 ~~ skipped flows.............: 0 @@ -60,8 +60,8 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4703648 bytes -~~ total memory freed........: 4703648 bytes +~~ total memory allocated....: 4703672 bytes +~~ total memory freed........: 4703672 bytes ~~ total allocations/frees...: 101596/101596 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars diff --git a/test/results/long_tls_certificate.pcap.out b/test/results/long_tls_certificate.pcap.out index fe5510f43..e077da074 100644 --- a/test/results/long_tls_certificate.pcap.out +++ b/test/results/long_tls_certificate.pcap.out @@ -1,5 +1,5 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"long_tls_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1609756181300} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1609756181300} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1609756181300,"flow_last_seen":1609756181300,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1609756181300,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609756181300,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181300,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGqknAqAE8ag9ke9glAbsIXeEZAAAAALAC\/\/9qjwAAAgQFtAEDAwUBAQgKDpRqEwAAAAAEAgAA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609756181671,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1609756181671,"pkt":"KDc3AG3IEBMx8Tl2CABFAABAAABAACsGv0lqD2R7wKgBPAG72CWlbC1xCF3hGrASMqDiugAAAgQFrAEBAQEBAQEBAQEBAQEBAQEEAgAA"} @@ -8,7 +8,7 @@ 00927{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":1969,"flow_avg_l4_payload_len":328,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 05065{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":12,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1609756181300,"flow_last_seen":1609756182035,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":7375,"flow_avg_l4_payload_len":614,"midstream":0,"thread_ts_msec":1609756182035,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"beacon-api.aliyuncs.com","server_names":"*.aliyun.com,manager.channel.aliyun.com,*.ace.aliyun.com,*.acs-internal.aliyuncs.com,*.acs.aliyun.com,*.aicrowd.aliyun.com,*.alibabacloud.co.in,*.alibabacloud.com,*.alibabacloud.com.au,*.alibabacloud.com.hk,*.alibabacloud.com.my,*.alibabacloud.com.sg,*.alibabacloud.com.tw,*.alicdn.com,*.alicloud.com,*.aligroup.aliyun.com,*.alimei.com,*.alink.aliyun.com,*.alios.aliyuncs.com,*.aliplus.com,*.alitranx.aliyun.com,*.aliyun-iot-share.com,*.aliyuncs.com,*.alyms.cn,*.ap-northeast-1.aliyuncs.com,*.ap-south-1.aliyuncs.com,*.ap-southeast-1.aliyuncs.com,*.ap-southeast-2.aliyuncs.com,*.ap-southeast-3.aliyuncs.com,*.ap-southeast-5.aliyuncs.com,*.api.aliyun.com,*.apm.aliyun.com,*.app.aliyun.com,*.asmlink.cn,*.banma.aliyuncs.com,*.base.shuju.aliyun.com,*.bi.aliyun.com,*.biz.aliyun.com,*.bridge.aliyun.com,*.ccc.aliyuncs.com,*.center.aliyun.com,*.citybrain.aliyun.com,*.cloudapp.aliyun.com,*.cloudeagle.cn,*.cloudgame.aliyun.com,*.cn-beijing.aliyuncs.com,*.cn-chengdu.aliyuncs.com,*.cn-guizhou.aliyuncs.com,*.cn-haidian.aliyuncs.com,*.cn-hangzhou-finance.aliyuncs.com,*.cn-hangzhou.aliyuncs.com,*.cn-hongkong.aliyuncs.com,*.cn-huhehaote.aliyuncs.com,*.cn-ningxia.aliyuncs.com,*.cn-north-2-gov-1.aliyuncs.com,*.cn-qingdao-nebula.aliyuncs.com,*.cn-qingdao.aliyuncs.com,*.cn-shanghai-finance-1.aliyuncs.com,*.cn-shanghai.aliyun.com,*.cn-shanghai.aliyuncs.com,*.cn-shenzhen-cloudstone.aliyuncs.com,*.cn-shenzhen-finance-1.aliyuncs.com,*.cn-shenzhen.aliyuncs.com,*.cn-sichuan.aliyuncs.com,*.cn-zhangjiakou.aliyuncs.com,*.connect.aliyun.com,*.console.alibabacloud.com,*.console.alicloud.com,*.console.aliyun.com,*.cs.aliyun.com,*.cschat-ccs.aliyun.com,*.data.aliyun.com,*.dataapi.aliyun.com,*.dataq.aliyuncs.com,*.datav.aliyun.com,*.datav.aliyuncs.com,*.devlops.aliyun.com,*.devops.aliyun.com,*.ditu.aliyun.com,*.domain.aliyun.com,*.dyiot.aliyun.com,*.ebs.aliyun.com,*.emas.aliyun.com,*.emr.aliyun.com,*.enterprise.aliyun.com,*.env.aliyun.com,*.et-industry.aliyun.com,*.eu-central-1.aliyuncs.com,*.eu-west-1.aliyuncs.com,*.fc.aliyun.com,*.feedback.console.aliyun.com,*.gts-x.aliyun.com,*.gts.aliyun.com,*.help-ccs.aliyun.com,*.ialicdn.com,*.in-mumbai.aliyuncs.com,*.iot.aliyun.com,*.jp-fudao.aliyuncs.com,*.linkedmall.aliyun.com,*.linkwan.aliyun.com,*.living.aliyun.com,*.luban.aliyun.com,*.m.aliyun.com,*.market.aliyun.com,*.maxcompute.aliyun.com,*.me-east-1.aliyuncs.com,*.media.aliyun.com,*.microdingtalk.aliyun.com,*.mit.aliyun.com,*.mobile.aliyun.com,*.msea.aliyun.com,*.mts.aliyun.com,*.mvp.aliyun.com,*.nebula.aliyun.com,*.nls.aliyuncs.com,*.odps.aliyun.com,*.ons.aliyun.com,*.ose.aliyun.com,*.pai.data.aliyun.com,*.pcs-gw-cn-beijing.aliyun.com,*.pcs-gw-cn-shanghai.aliyun.com,*.phpwind.com,*.phpwind.net,*.pre-sg-purchase.aliyun.com,*.prepub.aliyun.com,*.product.center.aliyun.com,*.pts.aliyun.com,*.r-app-cn-beijing-data.aliyun.com,*.r-app-cn-hangzhou-data.aliyun.com,*.r-app-cn-shenzhen-data.aliyun.com,*.r-app-data.aliyun.com,*.rdc.aliyun.com,*.rds.aliyun.com,*.reid.aliyun.com,*.sc-cmdb.aliyuncs.com,*.scsp.aliyun.com,*.sg.aliyuncs.com,*.shuju.aliyun.com,*.smart.aliyun.com,*.soc.aliyun.com,*.soc.aliyuncs.com,*.sparenode.com,*.supet.com,*.tburl.in,*.teambition.com,*.teambition.net,*.teambitionapis.com,*.tianchi.aliyun.com,*.toolkit.aliyun.com,*.tv.aliyun.com,*.tw-gaoxiong.aliyuncs.com,*.us-east-1.aliyuncs.com,*.us-west-1.aliyuncs.com,*.webide.aliyun.com,*.yuntu.aliyun.com,account.www.net.cn,alibabacloud.co.in,alibabacloud.com,alibabacloud.com.au,alibabacloud.com.hk,alibabacloud.com.my,alibabacloud.com.sg,alibabacloud.com.tw,alicdn.com,alicloud.com,alimei.com,aliyun-iot-share.com,aliyuncs.com,dc.www.net.cn,dmp.www.net.cn,dns.www.net.cn,panda.www.net.cn,pandavip.www.net.cn,phpwind.com,phpwind.net,scdnphi6.com,sparenode.com,supet.com,tburl.in,teambition.com,teambition.net,teambitionapis.com,tianchi-global.com,whois.www.net.cn,aliyun.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"eee3d2bf5f17d17548ac36ba1872951f","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2","subjectDN":"C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com","alpn":"h2,http\/1.1","fingerprint":"2B:C6:82:22:E9:94:09:24:34:E1:5C:F1:24:76:98:75:45:78:53:DA"}} 00700{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1609756181300,"flow_last_seen":1609756183162,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":12100,"flow_avg_l4_payload_len":257,"midstream":0,"thread_ts_msec":1609756183162,"l3_proto":"ip4","src_ip":"192.168.1.60","dst_ip":"106.15.100.123","src_port":55333,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Alibaba","breed":"Acceptable","category":"Web"}} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-data-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1609756183162} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":47,"source":"long_tls_certificate.pcap","alias":"nDPId-test","packets-captured":47,"packets-processed":47,"total-skipped-flows":0,"total-l4-data-len":12100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1609756183162} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 47/47 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5078429 bytes -~~ total memory freed........: 5078429 bytes +~~ total memory allocated....: 5078453 bytes +~~ total memory freed........: 5078453 bytes ~~ total allocations/frees...: 101383/101383 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars diff --git a/test/results/malformed_dns.pcap.out b/test/results/malformed_dns.pcap.out index 704e45217..289b1d696 100644 --- a/test/results/malformed_dns.pcap.out +++ b/test/results/malformed_dns.pcap.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_dns.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1591551760342} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591551760342} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591551760342,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1591551760342,"pkt":"AAAAAAAAAAAAAAAACABFAAA4nToAAEAR33h\/AAABfwAAAcUDADUAJP43hLQBAAABAAAAAAAAA3d3dwJ4dANjb20AAAEAAQ=="} 00760{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591551760342,"flow_last_seen":1591551760342,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1591551760342,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -7,7 +7,7 @@ 00893{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1591551760342,"flow_last_seen":1591551760357,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":1416,"flow_avg_l4_payload_len":708,"midstream":0,"thread_ts_msec":1591551760357,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.xt.com","num_queries":2,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"0.0.0.0"}} 02650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591551760372,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1430,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1430,"pkt_l4_len":1396,"thread_ts_msec":1591551760372,"pkt":"\/\/\/\/\/\/\/\/AAAAAAAACABFAAWIAAEAAEARd2J\/AAABfwAAAQA1xQMFdLSchLSBAAACAAIAAAAAA3d3dwJ4dANjb20AAAEAASJBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBPwAAAAA\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AQD0+Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wEHAQjs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/P8BDwETARcBGNzg5Ojs8PT4\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz\/AR8BIwEnASsBLwEzATcBOLzAxMjM0NTY3ODk6Ozw9Pj8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/Pz8\/wE\/AUMBRwFLAU8BUwFXAVsBXwFjAWcBawFvAXMBdwF4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9PsBfwGDAYcBiwGPAZMBlwGbAZ8BowGnAasBrwGzAbcBuwG\/AcMBxwHLAc8B0wHXAdsB3wHjAecB6wHvAfMB9wH4AAQABwAwAAQABAAAAAAAEQkJCQsAMAAUAAQAAAAAATANBQUE\/MDAwMDEwMDAyMDAxMTAwMTIwMDIxMDAyMjAxMDEwMjAxMTEwMTEyMDEyMTAxMjIwMjAyMTEwMjEyMDIyMTAyBQAAAAAAwP8="} 00798{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1591551760342,"flow_last_seen":1591551765368,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":5608,"flow_avg_l4_payload_len":934,"midstream":0,"thread_ts_msec":1591551765368,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":50435,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1591551765368} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"malformed_dns.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":5608,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1591551765368} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679972 bytes -~~ total memory freed........: 4679972 bytes +~~ total memory allocated....: 4679996 bytes +~~ total memory freed........: 4679996 bytes ~~ total allocations/frees...: 101149/101149 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/malformed_icmp.pcap.out b/test/results/malformed_icmp.pcap.out index a5b9650a6..6debd191b 100644 --- a/test/results/malformed_icmp.pcap.out +++ b/test/results/malformed_icmp.pcap.out @@ -1,10 +1,10 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malformed_icmp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1593066612951} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593066612951} 00554{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00438{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1593066612951,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":42,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":42,"pkt_l4_len":8,"thread_ts_msec":1593066612951,"pkt":"AFUir8Y3AERm\/CmvCABFAAAcAAEAAEABXqPamLPV2pizNqUAWv8AAAAA"} 00733{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00772{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1593066612951,"flow_last_seen":1593066612951,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1593066612951,"l3_proto":"ip4","src_ip":"218.152.179.213","dst_ip":"218.152.179.54","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1593066612951} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"malformed_icmp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":8,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1593066612951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 443 chars ~~ json string max len.......: 777 chars -~~ json string avg len.......: 589 chars +~~ json string avg len.......: 590 chars diff --git a/test/results/malware.pcap.out b/test/results/malware.pcap.out index 6d8bca35b..46ef0bd8f 100644 --- a/test/results/malware.pcap.out +++ b/test/results/malware.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"malware.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1569571466977} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569571466977} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569571466977,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1569571466977,"pkt":"CGoKOl4eMFLLbJwbCABFAABcg9cAAEARLQnAqAcHAQEBAaWCADUASMoKC6QBIAABAAAAAAABA3d3dw9pbnRlcm5ldGJhZGd1eXMDY29tAAABAAEAACkQAAAAAAAADAAKAAjrBFAObfGpig=="} 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571466977,"flow_last_seen":1569571466977,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571466977,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"www.internetbadguys.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -10,7 +10,7 @@ 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569571470672,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":5.297900} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569571476362,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569571476362,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","src_port":33706,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"malware.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1569571476362,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569571476362,"pkt":"CGoKOl4eMFLLbJwbCABFAAA0sPtAAEAGObHAqAcHkIv33IOqAFCfbfb4AAAAAIAC+vBQPgAAAgQFtAEBBAIBAwMH"} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-events-serialized":13,"global_ts_msec":1569579408876} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":196,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":3,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1569579408876} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00891{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":383,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":383,"pkt_l4_len":349,"thread_ts_msec":1569579408876,"pkt":"CGoKOl4eMFLLbJwbCABFAAFxQQlAAEAGkCXAqAcHQ9dc0r0KAFDJvdSn63fGVVAYAfZpvAAAR0VUIC8gSFRUUC8xLjENCkhvc3Q6IHd3dy5pbnRlcm5ldGJhZGd1eXMuY29tDQpVc2VyLUFnZW50OiBNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBydjo2OC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzY4LjANCkFjY2VwdDogdGV4dC9odG1sLGFwcGxpY2F0aW9uL3hodG1sK3htbCxhcHBsaWNhdGlvbi94bWw7cT0wLjksKi8qO3E9MC44DQpBY2NlcHQtTGFuZ3VhZ2U6IGVuLVVTLGVuO3E9MC41DQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCkROVDogMQ0KQ29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KVXBncmFkZS1JbnNlY3VyZS1SZXF1ZXN0czogMQ0KDQo="} 00837{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569579408876,"flow_last_seen":1569579408876,"flow_idle_time":7440000,"flow_min_l4_payload_len":329,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":329,"flow_avg_l4_payload_len":329,"midstream":1,"thread_ts_msec":1569579408876,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OpenDNS","breed":"Acceptable","category":"Web"},"http": {"hostname":"www.internetbadguys.com","url":"www.internetbadguys.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Windows NT 10.0; rv:68.0) Gecko\/20100101 Firefox\/68.0"}} @@ -28,7 +28,7 @@ 00647{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569571470672,"flow_last_seen":1569571470672,"flow_idle_time":120000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"144.139.247.220","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1569579408876,"flow_last_seen":1569579409087,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":329,"flow_tot_l4_payload_len":373,"flow_avg_l4_payload_len":186,"midstream":1,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"67.215.92.210","src_port":48394,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569571466977,"flow_last_seen":1569571467001,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1569579417280,"l3_proto":"ip4","src_ip":"192.168.7.7","dst_ip":"1.1.1.1","src_port":42370,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":31,"global_ts_msec":1569579417280} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":26,"source":"malware.pcap","alias":"nDPId-test","packets-captured":26,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":6587,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":4,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":31,"global_ts_msec":1569579417280} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 26/26 ~~ skipped flows.............: 0 @@ -37,8 +37,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4723960 bytes -~~ total memory freed........: 4723960 bytes +~~ total memory allocated....: 4723984 bytes +~~ total memory freed........: 4723984 bytes ~~ total allocations/frees...: 101245/101245 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/memcached.cap.out b/test/results/memcached.cap.out index d13bbd68c..e88be4c9d 100644 --- a/test/results/memcached.cap.out +++ b/test/results/memcached.cap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"memcached.cap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1534343745954} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1534343745954} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8pT5AAEAGl3t\/AAABfwAAAejUK8sskd7QAAAAAKACqqr+MAAAAgT\/1wQCCAopIHvuAAAAAAEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAASvL6NTLJnx6LJHe0aASqqr+MAAAAgT\/1wQCCAopIHvuKSB77gEDAwc="} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1534343745954,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pT9AAEAGl4J\/AAABfwAAAejUK8sskd7RyyZ8e4AQAVb+KAAAAQEICikge+4pIHvu"} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1534343745954,"flow_last_seen":1534343745954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1028,"flow_tot_l4_payload_len":1035,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1534343745954,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":59604,"dst_port":11211,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Memcached","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1534343745954} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"memcached.cap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":1035,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1534343745954} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682136 bytes -~~ total memory freed........: 4682136 bytes +~~ total memory allocated....: 4682160 bytes +~~ total memory freed........: 4682160 bytes ~~ total allocations/frees...: 101154/101154 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/modbus.pcap.out b/test/results/modbus.pcap.out index 86f9b950e..0f7a71611 100644 --- a/test/results/modbus.pcap.out +++ b/test/results/modbus.pcap.out @@ -1,12 +1,12 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"modbus.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1223541953927} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1223541953927} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953927,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/1AAIAGEGjAqG6DwKhuiggaAfZB0urG4RU6zlAY\/MYAMgAAANEAAAAGAQMAAQAB"} 00645{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1223541953927,"flow_last_seen":1223541953927,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1223541953927,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":65,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":65,"pkt_l4_len":31,"thread_ts_msec":1223541953929,"pkt":"AArkxYMKABzAX0kKCABFAAAzO9pAAIAGYIzAqG6KwKhugwH2CBrhFTrOQdLq0lAY++v\/BAAAANEAAAAFAQMCAAA="} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1223541953929,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1223541953929,"pkt":"ABzAX0kKAArkxYMKCABFAAA0i\/5AAIAGEGfAqG6DwKhuiggaAfZB0urS4RU62VAY\/LsAJgAAANIAAAAGAQMAAAAB"} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":102,"flow_first_seen":1223541953927,"flow_last_seen":1223541977037,"flow_idle_time":7440000,"flow_min_l4_payload_len":11,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":1173,"flow_avg_l4_payload_len":11,"midstream":1,"thread_ts_msec":1223541977037,"l3_proto":"ip4","src_ip":"192.168.110.131","dst_ip":"192.168.110.138","src_port":2074,"dst_port":502,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Modbus","breed":"Acceptable","category":"IoT-Scada"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-data-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1223541977037} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"modbus.pcap","alias":"nDPId-test","packets-captured":102,"packets-processed":102,"total-skipped-flows":0,"total-l4-data-len":1173,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1223541977037} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 102/102 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682756 bytes -~~ total memory freed........: 4682756 bytes +~~ total memory allocated....: 4682780 bytes +~~ total memory freed........: 4682780 bytes ~~ total allocations/frees...: 101245/101245 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/monero.pcap.out b/test/results/monero.pcap.out index febfd531a..1fe099b1a 100644 --- a/test/results/monero.pcap.out +++ b/test/results/monero.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"monero.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1514196188350} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1514196188350} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196188350,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196188350,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196188350,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188350,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196188430,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196188430,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="} @@ -10,10 +10,10 @@ 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196196745,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1514196196745,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"} 00882{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196196437,"flow_last_seen":1514196196745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":98,"flow_tot_l4_payload_len":98,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1514196196745,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"monero.pcap","alias":"nDPId-test","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-data-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-events-serialized":13,"global_ts_msec":1514196819733} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"monero.pcap","alias":"nDPId-test","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-data-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1514196819733} 00928{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":47,"flow_first_seen":1514196196437,"flow_last_seen":1514197261597,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1444,"flow_tot_l4_payload_len":7711,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} 00929{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":272,"flow_first_seen":1514196188350,"flow_last_seen":1514197279769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":138379,"flow_avg_l4_payload_len":508,"midstream":0,"thread_ts_msec":1514197279769,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-data-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":16,"global_ts_msec":1514197279769} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"monero.pcap","alias":"nDPId-test","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-data-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1514197279769} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 319/319 ~~ skipped flows.............: 0 @@ -22,8 +22,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4702225 bytes -~~ total memory freed........: 4702225 bytes +~~ total memory allocated....: 4702249 bytes +~~ total memory freed........: 4702249 bytes ~~ total allocations/frees...: 101469/101469 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 454 chars diff --git a/test/results/mongodb.pcap.out b/test/results/mongodb.pcap.out index 719e754b1..0478b0c88 100644 --- a/test/results/mongodb.pcap.out +++ b/test/results/mongodb.pcap.out @@ -1,32 +1,32 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mongodb.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1483459978959} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1483459978959} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483459978959,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483459978959,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQHp6QAA\/BrGvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1483459978959,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483459978959,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQHp6QAA+BrKvCgoKCgoKCgvKbmmJmGzsIgAAAACwAv\/\/ouIAAAIEBVABAwMFAQEICm\/8XGwAAAAABAIAAA=="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1483459979210,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483459979210,"pkt":"ABsXAAIwACKDPxfFgQABLAgARQAAPAAAQAA1BjYuCgoKCwoKCgppicpuPpqGQZhs7COgEmjf5dgAAAIEBSYEAggKXOpDgG\/8XGwBAwMH"} 00642{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483459979301,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1483558834969} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":247,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1483558834969} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483558834969,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483558834969,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"AABeAAEBABsXAAIwgQABLAgARQAAQPlkQAA\/Bn5pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1483558834969,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483558834969,"pkt":"PIqwbyfFPIqwbyfMgQAAMggARQAAQPlkQAA+Bn9pCgoKDAoKCg3ZHmmJO1oRNAAAAACwAv\/\/WNkAAAIEBVABAwMFAQEIChY4dS8AAAAABAIAAA=="} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1483558835050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483558835050,"pkt":"ABsXAAIwPIqwbnfFgQABLAgARQAAPAAAQAA0BoLSCgoKDQoKCgxpidkeO6pi7TtaETWgEhagavwAAAIEBbQEAggKjPy8NBY4dS8BAwMJ"} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483459978959,"flow_last_seen":1483459979301,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1483558835131,"l3_proto":"ip4","src_ip":"10.10.10.10","dst_ip":"10.10.10.11","src_port":51822,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":15,"global_ts_msec":1483726705497} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":306,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1483726705497} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483726705497,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483726705497,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1483726705497,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483726705497,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAAQCMwQAA9BrgMCgoKDgoKCg\/wP2mJBNDEtQAAAACwwv\/\/uGgAAAIEBWoBAwMFAQEICjJ1xd4AAAAABAIAAA=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1483726705499,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483726705499,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAA4BuBACgoKDwoKCg5pifA\/z9O+JwTQxLagUnEgLR0AAAIEBbQEAggKGQyESzJ1xd4BAwMH"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483726705503,"pkt":"ABsXAAEkACKDPxfFgQAAZAgARQAANDYCQAA9BqVGCgoKDgoKCg\/wP2mJBNDEts\/TviiAEBAavSkAAAEBCAoydcXkGQyESw=="} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1483558834969,"flow_last_seen":1483558835131,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1483726705503,"l3_proto":"ip4","src_ip":"10.10.10.12","dst_ip":"10.10.10.13","src_port":55582,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-events-serialized":22,"global_ts_msec":1483737232974} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":364,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_msec":1483737232974} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483737232974,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483737232974,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1483737232974,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483737232974,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAAQB7UQAA6BjnMCgoKEAoKChHInmmJ0eCpcgAAAACwAv\/\/iv8AAAIEBWoBAwMFAQEICj5g2FMAAAAABAIAAA=="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1483737232975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1483737232975,"pkt":"ACKDPxfFABsXAAEkgQAAZAgARQAAPAAAQAAyBmCkCgoKEQoKChBpicie7T3P\/tHgqXOgEkXqkCgAAAIEBbQEAggKAY8GyD5g2FMBAwMI"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1483737232979,"pkt":"ABsXAAEkLGv11hfFgQAAZAgARQAANFg1QAA6BgB3CgoKEAoKChHInmmJ0eCpc+09z\/+AEBAa9MAAAAEBCAo+YNhYAY8GyA=="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483726705497,"flow_last_seen":1483726705503,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1483737232979,"l3_proto":"ip4","src_ip":"10.10.10.14","dst_ip":"10.10.10.15","src_port":61503,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-events-serialized":29,"global_ts_msec":1483814916005} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":633,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":4,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1483814916005} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1483814916005,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1483814916005,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFABsXAAIwgQABLAgARQAAQILYQAA\/BvoMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1483814916005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":82,"pkt_l4_len":44,"thread_ts_msec":1483814916005,"pkt":"LGv11hfFLGv11hfMgQAAMggARQAAQILYQAA+BvsMCgoKEgoKChP8NnUwNO8EYwAAAACwAv\/\/CB0AAAIEBVABAwMFAQEICh4cp5sAAAAABAIAAA=="} @@ -34,7 +34,7 @@ 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1483814916005,"flow_last_seen":1483814916108,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":73,"flow_tot_l4_payload_len":73,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.18","dst_ip":"10.10.10.19","src_port":64566,"dst_port":30000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1483737232974,"flow_last_seen":1483737232979,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":269,"flow_tot_l4_payload_len":269,"flow_avg_l4_payload_len":67,"midstream":0,"thread_ts_msec":1483814916108,"l3_proto":"ip4","src_ip":"10.10.10.16","dst_ip":"10.10.10.17","src_port":51358,"dst_port":27017,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MongoDB","breed":"Acceptable","category":"Database"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":37,"global_ts_msec":1483814916108} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"mongodb.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":706,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1483814916108} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -43,8 +43,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686117 bytes -~~ total memory freed........: 4686117 bytes +~~ total memory allocated....: 4686141 bytes +~~ total memory freed........: 4686141 bytes ~~ total allocations/frees...: 101183/101183 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/mpeg.pcap.out b/test/results/mpeg.pcap.out index 3a0067299..60e52ad9b 100644 --- a/test/results/mpeg.pcap.out +++ b/test/results/mpeg.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpeg.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1434379491040} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1434379491040} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1434379491040,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1434379491040,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1434379491040,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1434379491040,"pkt":"yGyHABajPBXCt3IOCABFAABAOE9AAEAGJUTAqFCgLmWdd9n8AFBP68YoAAAAALAC\/\/\/OTgAAAgQFtAEDAwUBAQgKFSiGAAAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1434379491117,"pkt":"PBXCt3IOyGyHABajCABFAAA8AABAADIGa5cuZZ13wKhQoABQ2fyPIjpcT+vGKaAScSAIFwAAAgQFqAQCCAoAu5vaFSiGAAEDAwhf8g=="} @@ -7,7 +7,7 @@ 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1434379491040,"flow_last_seen":1434379491117,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":148,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1434379491117,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Network"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":0,"content_type":"","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1434379491040,"flow_last_seen":1434379491158,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":1584,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1434379491158,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"},"http": {"hostname":"luca.ntop.org","url":"luca.ntop.org\/0.mp3","code":200,"content_type":"audio\/mpeg","user_agent":"Wget\/1.16.3 (darwin14.1.0)"}} 00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1434379491040,"flow_last_seen":1434379491221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1436,"flow_tot_l4_payload_len":9363,"flow_avg_l4_payload_len":492,"midstream":0,"thread_ts_msec":1434379491221,"l3_proto":"ip4","src_ip":"192.168.80.160","dst_ip":"46.101.157.119","src_port":55804,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.ntop","breed":"Safe","category":"Media"}} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1434379491221} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"mpeg.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":9363,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1434379491221} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680407 bytes -~~ total memory freed........: 4680407 bytes +~~ total memory allocated....: 4680431 bytes +~~ total memory freed........: 4680431 bytes ~~ total allocations/frees...: 101165/101165 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/mpegts.pcap.out b/test/results/mpegts.pcap.out index 9f3e96d9c..3c4a31636 100644 --- a/test/results/mpegts.pcap.out +++ b/test/results/mpegts.pcap.out @@ -1,10 +1,10 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mpegts.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1435209297954} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1435209297954} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1435209297954,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1362,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1362,"pkt_l4_len":1324,"thread_ts_msec":1435209297954,"pkt":"AQBeSMkXrPHfGMSBgQANHwgARQAFQAAAQAAHEaScCgEQMObIyRefIQTSBSxl6UcBARcAD7wd249nI5BqMCydEQCD1YeFyAwoYGMeHIwcYCWAHEkET\/taR\/5YANOTSagKaodBkABeSU4ooP2cAgISCfI7GswCLhYGUDAuoQXALotIDoDAaSxnQetyw1wSf\/AKkMmAETWkokF4lgj\/+lAZSgnOA6QAiGVAYA8goTB50WWTRpqMHIxOOJ8\/G9fR\/gRwAyKEkesyBkAB8oyaCwrrgKE0mAZ74p+4IoA5RfCyWS8HBk6egclHP3xARwEBGEEXVAcUcasfHBwWuxBEA0AR3\/itnAslgP4YRyyuCUAHIGOdlcBl0VAUgAPrJ4fANDAD4iy\/w8TBHHBQGqzAH4UZAHtGCiNQgPA1JISSwngX6AHm4Jf\/mKVIQhIaSD8CMAMGBoJf\/aEdACJNQ4OIkGi0bLH9Meczk8i+AAAAAQ4ShEUQIiWUxLGqxZhYCkaHcmBJHgFBLPZRvGhAjlBpCLwBHUOLiXyWkJ41IhP4BH1T\/uSXFhIJn\/tHAQEZ0kepcDEADUYFzAA1cjMHnioWBMyEDwGRt7NwM5CBuOLJQCnAKi98MAR7oiygHZNJiEoKSG4lmBgaTAxKQSf+iYWQguoQIAGwERxFmI3UAusNyXAUqSlbJ5X4WGOUAQUpObs+A8kBs4JQAaEE6oSWAdQMP\/9ghf9DiGSh5LAYDApaSdFFANnYrBjoHYtBPLLKRUBQDgP0DT\/\/ORgDyJQaGBg0vAKAK8BxyZ0AZ4JIBBDDOFjeKiGBUEcBARooBUCpMQWTeQxgYA46QHYBoSgCIhAOgHYCcAhDKgLuTwFgEYGcAGAZAG8AmQkA1JqS0AOwG5KwBKBQAa\/Alf+AOvwSQA\/sLgKAB+GoBCAGJrko0b0gVRwSf9QHYDoNQCQAIMqMFwDWAfgQnBg\/\/mSg85hwCgAiQkoDIXkxWGAeSTGBGAFG4YCT\/6WQ+AQpqEegNiL\/GrDRqRZackiI5OrlAZ43r4E0jenh7oKAIKjCCsBbeNw5Yo42RwEBGwAfQcAcRNBC\/5Z3JpRQI\/\/QCAlBZTk2chBKACsMQM4Iv\/Q0sAiADYCqACG5YMNXMdDDQLDOOlKiWGYBLwLsCN\/1yL7bI7FfbAAoJBHItxAyYj9CFdLCexAmGGF7vB7MBLz9L5WGDsERwDwKSQJIfcYImKe4c7uIjWFSGKP7CWSAC2zwgfUBhAEzwVP\/g6IJ5OIEAD+DAC0NAQgh\/9kMhk0B1uxSAKllJDAEQYAZFAUAQgk\/+DYh9IBHH\/8Q\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/0cf\/xD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/"} 00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1435209297954,"flow_last_seen":1435209297954,"flow_idle_time":180000,"flow_min_l4_payload_len":1316,"flow_max_l4_payload_len":1316,"flow_tot_l4_payload_len":1316,"flow_avg_l4_payload_len":1316,"midstream":0,"thread_ts_msec":1435209297954,"l3_proto":"ip4","src_ip":"10.1.16.48","dst_ip":"230.200.201.23","src_port":40737,"dst_port":1234,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MPEG_TS","breed":"Fun","category":"Media"}} -00469{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1435209297954} +00548{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"mpegts.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1316,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1435209297954} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars ~~ json string max len.......: 2722 chars -~~ json string avg len.......: 1519 chars +~~ json string avg len.......: 1520 chars diff --git a/test/results/mqtt.pcap.out b/test/results/mqtt.pcap.out index 7892080f1..b35ab162a 100644 --- a/test/results/mqtt.pcap.out +++ b/test/results/mqtt.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mqtt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1643014009283} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643014009283} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014009283,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1643014009283,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643014009283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1643014009283,"pkt":"AAAAAAAAAAwATSywCABFAAA8AABAADQGcggKCgoBwKgAAQdbo6QZpJjZwwPwU6AS\/oijvAAAAgQFtAQCCArcK3DSu1+3wwEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1643014009286,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1643014009286,"pkt":"AAAAAAAAAAwATSywCABFAAB2fFxAAD8G6nHAqAABCgoKAaOkB1vDA\/BTGaSY2oAYAOXxcQAAAQEICrtfuBTcK3DSEEAABk1RSXNkcAPCABQAFmNiYWFiY2JhYmFjYmJiYmJhYWFhYWIADDAyRDUwNTAyMjNEMwAMMDJENTA1MDIyM0Qz"} @@ -10,7 +10,7 @@ 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1643014349216,"flow_last_seen":1643014349216,"flow_idle_time":7440000,"flow_min_l4_payload_len":285,"flow_max_l4_payload_len":285,"flow_tot_l4_payload_len":285,"flow_avg_l4_payload_len":285,"midstream":1,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"100.67.35.238","dst_ip":"51.137.28.239","src_port":35035,"dst_port":1883,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} 00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1643014009283,"flow_last_seen":1643014010972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":392,"flow_tot_l4_payload_len":590,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643014349216,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":1883,"dst_port":41892,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MQTT","breed":"Acceptable","category":"RPC"}} -00467{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-data-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":13,"global_ts_msec":1643014349216} +00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"mqtt.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":9,"total-skipped-flows":0,"total-l4-data-len":875,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1643014349216} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 9/9 ~~ skipped flows.............: 0 @@ -19,8 +19,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680931 bytes -~~ total memory freed........: 4680931 bytes +~~ total memory allocated....: 4680955 bytes +~~ total memory freed........: 4680955 bytes ~~ total allocations/frees...: 101155/101155 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/mssql_tds.pcap.out b/test/results/mssql_tds.pcap.out index c38a2be88..81435fd51 100644 --- a/test/results/mssql_tds.pcap.out +++ b/test/results/mssql_tds.pcap.out @@ -1,11 +1,11 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mssql_tds.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1240877917888} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1240877917888} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00725{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1240877917888,"pkt":"AAwpiUrKAFBWwAABCABFAADynIJAAEAGGaUKb29vCgAAAQRXBZk+5C72WSFQkoAYAFx5qQAAAQEICgQLsN8AAVvMAQEAvgAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAIABzAGUAdAAgAHQAcgBhAG4AcwBhAGMAdABpAG8AbgAgAGkAcwBvAGwAYQB0AGkAbwBuACAAbABlAHYAZQBsACAAIAByAGUAYQBkACAAYwBvAG0AbQBpAHQAdABlAGQAIAAgAHMAZQB0ACAAaQBtAHAAbABpAGMAaQB0AF8AdAByAGEAbgBzAGEAYwB0AGkAbwBuAHMAIABvAGYAZgAgAA=="} 00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1240877917888,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"flow_min_l4_payload_len":190,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":190,"midstream":1,"thread_ts_msec":1240877917888,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":1111,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1240877917888,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1240877917888,"pkt":"AFBWwAABAAwpiUrKCABFAABWA25AAIAGc1UKAAABCm9vbwWZBFdZIVCSPuQvtIAYQa2\/wgAAAQEICgABW8wEC7DfBAEAIgA1AQD9AQD5AAAAAAAAAAAA\/QAAugAAAAAAAAAAAA=="} 00863{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1240877917918,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":358,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":358,"pkt_l4_len":324,"thread_ts_msec":1240877917918,"pkt":"AAwpiUrKAFBWwAABCABFAAFYnINAAEAGGT4Kb29vCgAAAQRXBZk+5C+0WSFQtIAYAFxIvAAAAQEICgQLsOcAAVvMAwEBJAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAA\/\/8NAAAAAAEmBAQAAAAAAADnQB8JBNAANDQAQABQADAAIABuAHYAYQByAGMAaABhAHIAKAA0ADAAMAAwACkALABAAFAAMQAgAGkAbgB0AAAA50AfCQTQADSQAHMAZQBsAGUAYwB0ACAAKgAgAGYAcgBvAG0AIAB0AGUAcwB0AF8AdABhAGIAbABlAF8AMQAgAHcAaABlAHIAZQAgAG4AYQBtAGUAIAA9ACAAQABQADAAIABhAG4AZAAgAGkAZAAgAD0AIABAAFAAMQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAAAA50AfCQTQADQGAHoAegB6AAAAJgQEAgAAAA=="} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1259762400004} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":874,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1259762400004} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":98,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":98,"pkt_l4_len":64,"thread_ts_msec":1259762400004,"pkt":"ABj+dhvGERERERESCABFAABUAAdAAEAGtr4Kb29vCgAAAQiuBZn\/ymPG\/zlOU1AYEAArKgAAAQEALAAAAQBDAE8ATQBNAEkAVAAgAFQAUgBBAE4AUwBBAEMAVABJAE8ATgA="} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762400004,"flow_last_seen":1259762400004,"flow_idle_time":7440000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":1,"thread_ts_msec":1259762400004,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":2222,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} @@ -32,7 +32,7 @@ 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00580{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1259762482456,"pkt":"ABI\/\/61OABI\/\/6gdCABFAACA6VZAAIAGjUIKb29vCgAAASK4BZmoWq7z77DJrlAY\/kP\/5gAAAwkAWAAAAQAWAAAAEgAAAAIAAAAAAAAAAAABAAAAGwBwAF8ARwBlAHQATQB5AEUAeABhAG0AcABsAGUAVABhAGIAbABlAFIAbwB3AEMAbwB1AG4AdAAAAA=="} 00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":34,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1259762482456,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-data-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-events-serialized":35,"global_ts_msec":1278068444584} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":35,"packets-processed":34,"total-skipped-flows":0,"total-l4-data-len":13137,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":8,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1278068444584} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":272,"pkt_l4_len":238,"thread_ts_msec":1278068444584,"pkt":"ADAFzckRADAFzck9CABFAAECT7tAAIAGJlwKb29vCgAAAScPBZlFt6JP51MRDlAY+rgBzgAAAwEA2gAAAQAkAHAAcgBvAGMAXwBHAGUAdABNAHkARQB4AGEAbQBwAGwAZQBUAGEAYgBsAGUAUwBhAG0AcABsAGUATQBlAHQAYQBEAGEAdABhAAAAAAAkEBAzIhEAVUR3ZoiZqrvM3e7\/AAAfAADnAAAJBAABMgAAAACnJAAJBAABMiQAQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVphYmNkZWZnaGlqAAAmBAQBAAAAAAAmCAgtAAAAAAAAAAAApQwADAABI0VniavN7\/7cupgAACYEBGwAAAA="} 00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":35,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278068444584,"flow_last_seen":1278068444584,"flow_idle_time":7440000,"flow_min_l4_payload_len":218,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":218,"midstream":1,"thread_ts_msec":1278068444584,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":9999,"dst_port":1433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} @@ -57,7 +57,7 @@ 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1259762474884,"flow_last_seen":1259762474884,"flow_idle_time":7440000,"flow_min_l4_payload_len":339,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8339,"flow_avg_l4_payload_len":1191,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":6666,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1278068444666,"flow_last_seen":1278068444666,"flow_idle_time":7440000,"flow_min_l4_payload_len":320,"flow_max_l4_payload_len":320,"flow_tot_l4_payload_len":320,"flow_avg_l4_payload_len":320,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":33333,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1259762482456,"flow_last_seen":1259762482456,"flow_idle_time":7440000,"flow_min_l4_payload_len":88,"flow_max_l4_payload_len":88,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1278068444666,"l3_proto":"ip4","src_ip":"10.111.111.111","dst_ip":"10.0.0.1","src_port":8888,"dst_port":1433,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MsSQL-TDS","breed":"Acceptable","category":"Database"}} -00480{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-events-serialized":60,"global_ts_msec":1278068444666} +00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"mssql_tds.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":14142,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":11,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":12,"total-idle-flows":12,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":60,"global_ts_msec":1278068444666} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -66,8 +66,8 @@ ~~ total active/idle flows...: 12/12 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4730029 bytes -~~ total memory freed........: 4730029 bytes +~~ total memory allocated....: 4730053 bytes +~~ total memory freed........: 4730053 bytes ~~ total allocations/frees...: 101223/101223 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/mysql-8.pcap.out b/test/results/mysql-8.pcap.out index 21b8b16c2..3721c55b6 100644 --- a/test/results/mysql-8.pcap.out +++ b/test/results/mysql-8.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"mysql-8.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946708780103} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946708780103} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946708780103,"flow_last_seen":946708780103,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":946708780103,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA8OA9AAEAGI6zAqAFpCioSxiIiDOqSBUElAAAAAKACchDH0wAAAgQFtAQCCAoAA3kqAAAAAAEDAwY="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":946708780103,"pkt":"REREREREIiIiIiIiCABFAAA8AABAAD8GXLsKKhLGwKgBaQzqIiISTcRTkgVBJqAScSDgsQAAAgQFtAQCCAoAARFeAAN5KgEDAwc="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946708780103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":946708780103,"pkt":"IiIiIiIiRERERERECABFAAA0OBBAAEAGI7PAqAFpCioSxiIiDOqSBUEmEk3EVIAQAcl+1QAAAQEICgADeSoAARFe"} 00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":946708780103,"flow_last_seen":946708780104,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":87,"flow_tot_l4_payload_len":87,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":946708780104,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"10.42.18.198","src_port":8738,"dst_port":3306,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MySQL","breed":"Acceptable","category":"Database"}} -00467{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":87,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":946708780104} +00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"mysql-8.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":87,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946708780104} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -15,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679914 bytes -~~ total memory freed........: 4679914 bytes +~~ total memory allocated....: 4679938 bytes +~~ total memory freed........: 4679938 bytes ~~ total allocations/frees...: 101147/101147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars ~~ json string max len.......: 680 chars -~~ json string avg len.......: 560 chars +~~ json string avg len.......: 561 chars diff --git a/test/results/nats.pcap.out b/test/results/nats.pcap.out index 2cb62d67a..ce210efc0 100644 --- a/test/results/nats.pcap.out +++ b/test/results/nats.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nats.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1586288040558} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1586288040558} 00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1586288040558,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1586288040558,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAB1iQQfvCJzTwAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iAAAAAAQCAAA="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1586288040558,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1586288040558,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABEH7WJA7LPw3wic09sBL\/\/\/40AAACBD\/YAQMDBQEBCAo2lJ5iNpSeYgQCAAA="} @@ -12,7 +12,7 @@ 00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1586288040575,"flow_last_seen":1586288040577,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":309,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1586288040577,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} 00666{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1586288040558,"flow_last_seen":1586288040570,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":450,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54820,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} 00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1586288040575,"flow_last_seen":1586288042776,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":309,"flow_tot_l4_payload_len":462,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1586288042776,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54821,"dst_port":4222,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nats","breed":"Acceptable","category":"RPC"}} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1586288042776} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"nats.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":912,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1586288042776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 27/27 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685549 bytes -~~ total memory freed........: 4685549 bytes +~~ total memory allocated....: 4685573 bytes +~~ total memory freed........: 4685573 bytes ~~ total allocations/frees...: 101175/101175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 455 chars diff --git a/test/results/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/ndpi_match_string_subprotocol__error.pcapng.out index 5705eef92..b679dedbd 100644 --- a/test/results/ndpi_match_string_subprotocol__error.pcapng.out +++ b/test/results/ndpi_match_string_subprotocol__error.pcapng.out @@ -1,15 +1,15 @@ 00489{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00496{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1258162014557} +00575{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1258162014557} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1258162014557,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1258162014557,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1258162014557,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1258162014557,"pkt":"AFBWmXinAB9to6gACABFAAA0MZpAADwGZloKAwkTCkSJdp64H5sCrVC3AAAAAIACwej09wAAAgQFZAEDAwABAQQC"} 01989{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1180,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1180,"pkt_l4_len":1146,"thread_ts_msec":1258162014576,"pkt":"AFBWmXinAB9to6gACABFAASOMZxAADwGYf4KAwkTCkSJdp64H5sCrVC4lwIqi1AYwhBuiwAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aWNlIEhUVFAvMS4xDQpTT0FQQWN0aW9uOiANCkNvbnRlbnQtdHlwZToAQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogOTQ4DQoNCjxzb2FwZW52OkVudmVsb3Bl2nhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpCb2R5PgogICAgPG5zOmNvbmZpZ3VyZT4KICAgICAgPG9iamVjdE5hbWQ+TldNMzoxLTEtMS0xNy4wLjA8L29iamVjdKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} 00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} -00499{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1258165452647} +00578{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1258165452647} 00234{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542,"global_ts_msec":1258165452669} 01070{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"thread_ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2179,"flow_avg_l4_payload_len":167,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00505{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":2179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":12,"global_ts_msec":1258165452688} +00584{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":2179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_msec":1258165452688} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/13 ~~ skipped flows.............: 0 @@ -18,8 +18,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680266 bytes -~~ total memory freed........: 4680266 bytes +~~ total memory allocated....: 4680290 bytes +~~ total memory freed........: 4680290 bytes ~~ total allocations/frees...: 101159/101159 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 239 chars diff --git a/test/results/nest_log_sink.pcap.out b/test/results/nest_log_sink.pcap.out index ba60994a5..ea2be527f 100644 --- a/test/results/nest_log_sink.pcap.out +++ b/test/results/nest_log_sink.pcap.out @@ -1,13 +1,13 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nest_log_sink.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1536712992228} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1536712992228} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536712992228,"flow_last_seen":1536712992228,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536712992228,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1536712992228,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536712992228,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2IAAP8GYxrAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1536712992289,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1536712992289,"pkt":"GLQwJjRAAJD7JidrCABFAAAoNpRAAC0G7egjrlLtwKjyDytX92zEgGGFCKi\/QFAQgdDz\/QAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1536713052295,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1536713052295,"pkt":"AJD7JidrGLQwJjRACABFAAAoL2MAAP8GYxnAqPIPI65S7fdsK1cIqL8\/xIBhhVAQD+Vl6gAAAAAAAAAA"} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":1536713593921} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":51,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1536713593921} 00668{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00669{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":52,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1536712992228,"flow_last_seen":1536713593982,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536713593982,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":10,"global_ts_msec":1536714195599} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":101,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1536714195599} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1536714602587,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536714602587,"pkt":"AJD7JidrGLQwJjRACABFAABEL4kAAP8RJr3AqPIPwKjyAc5xADUAMKk+CwgBAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536714602587,"flow_last_seen":1536714602587,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536714602587,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -32,10 +32,10 @@ 00710{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1536712992228,"flow_last_seen":1536714607385,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63340,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"NestLogSink.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":72,"flow_first_seen":1536714602612,"flow_last_seen":1536714607322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":14831,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63342,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":274,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1536714610253,"flow_last_seen":1536714615546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2786,"flow_avg_l4_payload_len":132,"midstream":0,"thread_ts_msec":1536714735752,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63344,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-events-serialized":35,"global_ts_msec":1536714800447} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":276,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":276,"packets-processed":215,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1536714800447} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":278,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536714602587,"flow_last_seen":1536714607527,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536714795433,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-events-serialized":37,"global_ts_msec":1536715402175} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-events-serialized":38,"global_ts_msec":1536716003807} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":326,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":326,"packets-processed":245,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":37,"global_ts_msec":1536715402175} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":376,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":376,"packets-processed":275,"total-skipped-flows":0,"total-l4-data-len":21968,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":5,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1536716003807} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1536716402804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536716402804,"pkt":"AJD7JidrGLQwJjRACABFAABEL\/cAAP8RJk\/AqPIPwKjyAc5xADUAMDxpd90BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536716402804,"flow_last_seen":1536716402804,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536716402804,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -61,8 +61,8 @@ 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":71,"flow_first_seen":1536716402828,"flow_last_seen":1536716406969,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":14853,"flow_avg_l4_payload_len":209,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63345,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00698{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":543,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536716409847,"flow_last_seen":1536716412657,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":2259,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536716532891,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63347,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1536716402804,"flow_last_seen":1536716407116,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":282,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1536716592575,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-events-serialized":64,"global_ts_msec":1536716652586} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-events-serialized":65,"global_ts_msec":1536717254253} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":547,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":547,"packets-processed":424,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":64,"global_ts_msec":1536716652586} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":595,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":595,"packets-processed":452,"total-skipped-flows":0,"total-l4-data-len":43270,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":9,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1536717254253} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1536717427961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1536717427961,"pkt":"AJD7JidrGLQwJjRACABFAABEME8AAP8RJffAqPIPwKjyAc5xADUAMGWoTp4BAAABAAAAAAAADXdlYXZlLWxvZ3NpbmsEbmVzdANjb20AAAEAAQ=="} 00784{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536717427961,"flow_last_seen":1536717427961,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536717427961,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weave-logsink.nest.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -82,7 +82,7 @@ 00696{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":78,"flow_first_seen":1536716407119,"flow_last_seen":1536717449999,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":677,"flow_tot_l4_payload_len":3908,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63346,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":707,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536717428089,"flow_last_seen":1536717431514,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":9343,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1536717572672,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63348,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":711,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1536717427961,"flow_last_seen":1536717450088,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":322,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1536717632764,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00485{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-data-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-events-serialized":85,"global_ts_msec":1536717873194} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":727,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":727,"packets-processed":562,"total-skipped-flows":0,"total-l4-data-len":56297,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":12,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":12,"total-idle-flows":11,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":85,"global_ts_msec":1536717873194} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1536718052990,"flow_last_seen":1536718052990,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1536718052990,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63350,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":745,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1536718052990,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1536718052990,"pkt":"AJD7JidrGLQwJjRACABFAAAsMIsAAP8GYe3AqPIPI65S7fd2K1cJGivXAAAAAGACEgAGSAAAAgQEgAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":747,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1536718053059,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1536718053059,"pkt":"GLQwJjRAAJD7JidrCABFAAAsAABAAC0GJHkjrlLtwKjyDytX93aQyd5SCRor2GASaQM+4wAAAgQFtA=="} @@ -113,11 +113,11 @@ 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1536718202984,"flow_last_seen":1536718206546,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":679,"flow_tot_l4_payload_len":9459,"flow_avg_l4_payload_len":193,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63351,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":892,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1536718209313,"flow_last_seen":1536718211968,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":678,"flow_tot_l4_payload_len":2258,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1536718332214,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.188.154.186","src_port":63353,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":896,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1536718202959,"flow_last_seen":1536718202959,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1536718392405,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"192.168.242.1","src_port":52849,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-events-serialized":116,"global_ts_msec":1536718512170} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-events-serialized":117,"global_ts_msec":1536719113902} -00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-events-serialized":118,"global_ts_msec":1536719715232} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":900,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":900,"packets-processed":713,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":116,"global_ts_msec":1536718512170} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":950,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":950,"packets-processed":743,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":117,"global_ts_msec":1536719113902} +00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":773,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":17,"total-idle-flows":16,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":118,"global_ts_msec":1536719715232} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":96,"flow_first_seen":1536718206572,"flow_last_seen":1536719715232,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":676,"flow_tot_l4_payload_len":3846,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1536719715232,"l3_proto":"ip4","src_ip":"192.168.242.15","dst_ip":"35.174.82.237","src_port":63352,"dst_port":11095,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NestLogSink","breed":"Acceptable","category":"Cloud"}} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-events-serialized":120,"global_ts_msec":1536719715232} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nest_log_sink.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":774,"total-skipped-flows":0,"total-l4-data-len":75380,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":17,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":17,"total-idle-flows":17,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_msec":1536719715232} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/774 ~~ skipped flows.............: 0 @@ -126,8 +126,8 @@ ~~ total active/idle flows...: 17/17 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4740772 bytes -~~ total memory freed........: 4740772 bytes +~~ total memory allocated....: 4740796 bytes +~~ total memory freed........: 4740796 bytes ~~ total allocations/frees...: 101977/101977 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/netbios.pcap.out b/test/results/netbios.pcap.out index 9dc7377b8..e2a617d74 100644 --- a/test/results/netbios.pcap.out +++ b/test/results/netbios.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1447772210350} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1447772210350} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1447772210350,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1447772210350,"pkt":"\/\/\/\/\/\/\/\/ABj+bLz3CABFAABOYvYAAIARuScKAASDCgAF\/wCJAIkAOr8ep0kBEAABAAAAAAAAIEZJRkRGRUZDRUZFQkVORlBFSUZKQ0FDQUNBQ0FDQUFBAAAgAAE="} 00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1447772210350,"flow_last_seen":1447772210350,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1447772210350,"l3_proto":"ip4","src_ip":"10.0.4.131","dst_ip":"10.0.5.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} @@ -70,7 +70,7 @@ 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1447772251795,"flow_last_seen":1447772251795,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":225,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.1.87","dst_ip":"10.0.4.24","src_port":57921,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1447772216537,"flow_last_seen":1447772216537,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1447772269972,"l3_proto":"ip4","src_ip":"10.0.4.24","dst_ip":"10.0.4.131","src_port":139,"dst_port":1398,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-data-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-events-serialized":73,"global_ts_msec":1447772269972} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":260,"source":"netbios.pcap","alias":"nDPId-test","packets-captured":260,"packets-processed":260,"total-skipped-flows":0,"total-l4-data-len":13727,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":15,"total-idle-flows":15,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":73,"global_ts_msec":1447772269972} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 260/260 ~~ skipped flows.............: 0 @@ -79,8 +79,8 @@ ~~ total active/idle flows...: 15/15 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4701594 bytes -~~ total memory freed........: 4701594 bytes +~~ total memory allocated....: 4701618 bytes +~~ total memory freed........: 4701618 bytes ~~ total allocations/frees...: 101446/101446 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/netbios_wildcard_dns_query.pcap.out b/test/results/netbios_wildcard_dns_query.pcap.out index 25b545976..6856d10fb 100644 --- a/test/results/netbios_wildcard_dns_query.pcap.out +++ b/test/results/netbios_wildcard_dns_query.pcap.out @@ -1,10 +1,10 @@ 00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00484{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1597866040493} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1597866040493} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00518{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1597866040493,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1597866040493,"pkt":"AAkPCQEKAFBWvdjVCABFAABOhIlAAEARHAYKAUP6CgFCFKF3ADUAOgSEgPAAEAABAAAAAAAAIENLQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBAAAhAAE="} 00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ckaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1597866040493,"flow_last_seen":1597866040493,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1597866040493,"l3_proto":"ip4","src_ip":"10.1.67.250","dst_ip":"10.1.66.20","src_port":41335,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00487{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1597866040493} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netbios_wildcard_dns_query.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":50,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1597866040493} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 482 chars ~~ json string max len.......: 804 chars -~~ json string avg len.......: 624 chars +~~ json string avg len.......: 625 chars diff --git a/test/results/netflix.pcap.out b/test/results/netflix.pcap.out index 446c1f7cb..78774b693 100644 --- a/test/results/netflix.pcap.out +++ b/test/results/netflix.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1484319030789} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1484319030789} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319030789,"flow_last_seen":1484319030789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1484319030789,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.24.87.6","src_port":52929,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1484319030789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1484319030789,"pkt":"gCqoTGHM5JjWH70UCABFAAA0e0NAAEAGcrPAqAEHNBhXBs7BAbvkIOdkTYzTZoAREADl8AAAAQEICh9kr+C2r\/ET"} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"netflix.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1484319032865,"flow_last_seen":1484319032865,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1484319032865,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":51543,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -405,7 +405,7 @@ 00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1484319033943,"flow_last_seen":1484319064790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":10490,"flow_avg_l4_payload_len":291,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"54.69.204.241","src_port":53119,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} 00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1484319064711,"flow_last_seen":1484319096924,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":24950,"flow_avg_l4_payload_len":554,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"52.37.36.252","src_port":53203,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.NetFlix","breed":"Fun","category":"Video"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1484319064683,"flow_last_seen":1484319064699,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":247,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1484319120726,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"192.168.1.1","src_port":60962,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.NetFlix","breed":"Fun","category":"Video"}} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":6999,"packets-processed":6999,"total-skipped-flows":0,"total-l4-data-len":5686857,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":52,"total-updates":0,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-events-serialized":408,"global_ts_msec":1484319120726} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6999,"source":"netflix.pcap","alias":"nDPId-test","packets-captured":6999,"packets-processed":6999,"total-skipped-flows":0,"total-l4-data-len":5686857,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":60,"total-detection-updates":52,"total-updates":0,"current-active-flows":0,"total-active-flows":61,"total-idle-flows":61,"total-compressions":4,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":408,"global_ts_msec":1484319120726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6999/6999 ~~ skipped flows.............: 0 @@ -414,8 +414,8 @@ ~~ total active/idle flows...: 61/61 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5039814 bytes -~~ total memory freed........: 5039814 bytes +~~ total memory allocated....: 5039838 bytes +~~ total memory freed........: 5039838 bytes ~~ total allocations/frees...: 108540/108540 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/netflow-fritz.pcap.out b/test/results/netflow-fritz.pcap.out index 85f123a1e..7f08760b0 100644 --- a/test/results/netflow-fritz.pcap.out +++ b/test/results/netflow-fritz.pcap.out @@ -1,10 +1,10 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflow-fritz.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1498072707863} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1498072707863} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00688{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1498072707863,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":222,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":222,"pkt_l4_len":188,"thread_ts_msec":1498072707863,"pkt":"AAwRERERAAwRIiIiCABFKADQAABAAD8R1PvAqAABwKgBAVtYCAcAvAAAAAoAtFlKxZ0CWWXEAAQBAAACAHABzQAWAAEABIDPAAQAAGjygMz\/\/wAAaPKAzf\/\/AABo8gAHAAIACwACAAYAAgCxAAEAsAABALQAAgC1AAIAAgAEAM0AAgC5AAQAuAAEAAgABAAMAAQANgAEAFgAAgAEAAEAwAABgAH\/\/wAAaPIAAwA0AdIABwABAI8ABAApAAgAKgAIACgACAEwAAIBMQAEATIABAHTAAIAAQCOAAQAUv\/\/"} 00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1498072707863,"flow_last_seen":1498072707863,"flow_idle_time":180000,"flow_min_l4_payload_len":180,"flow_max_l4_payload_len":180,"flow_tot_l4_payload_len":180,"flow_avg_l4_payload_len":180,"midstream":0,"thread_ts_msec":1498072707863,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"192.168.1.1","src_port":23384,"dst_port":2055,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1498072707863} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"netflow-fritz.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":180,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1498072707863} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,8 +13,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/netflowv9.pcap.out b/test/results/netflowv9.pcap.out index 94c7522de..a3fad043f 100644 --- a/test/results/netflowv9.pcap.out +++ b/test/results/netflowv9.pcap.out @@ -1,12 +1,12 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"netflowv9.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1568213026961} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1568213026961} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":180000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"thread_ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02297{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568213026961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBZAAEARgqbAqAKGwKgC3r31CAkFaHVWAAkAECROCO5dZ6gMFm+miAAAAAEBAwQkAAoEJE1qKCRNaigAAAAAAAAAKAAAAAAAAAABBo0ou7J9QF7TxAskWgIAkwAAlYsAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp1CRNjMsAAAAAAAUbtAAAAAAAAASjBhdDjcSK9gL7ko0BuxoAkwAAMhAAAFHMhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJEzp3CRNjKAAAAAAAB2wnwAAAAAAAAZqBor2AvsXQ43EAbuSjRoAkwAAUcwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1ybSRNcm0AAAAAAAAAKAAAAAAAAAABBoOfghRcdiVS2B5evAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1rLyRNay8AAAAAAAAAKAAAAAAAAAABBor09llcdiVKtb1pkQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2QhyRNkIcAAAAAAAAAKAAAAAAAAAABBor0qxxcdiVS2B5S8QIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2JWyRNiVsAAAAAAAAAKAAAAAAAAAABBoOfWVu53tNywXcEGgIAkwADMXgAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qjSRNao0AAAAAAAAALAAAAAAAAAABBor2xOMr4aaiqY0AFgIAkwAAseAAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2OYCRNjmAAAAAAAAAAKAAAAAAAAAABBo1UlODIXai05wABvQIAkwAAS+UAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAACRwAAAAAAAAAKBoG7\/klQ1h8GKsoBuxsAkwAAFSIAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11kyRNdisAAAAAAAAWPwAAAAAAAAAIBlDWHwaBu\/5JAbsqyh4AkwAAMhAAABUihHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTSRNh00AAAAAAAAAKAAAAAAAAAABBor1FpC5r10bvgPWnAIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2Q4yRNkOMAAAAAAAAAKAAAAAAAAAABBoOfV4ZcdiVS2B5ZXgIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNhcskTYXLAAAAAAAAAHoAAAAAAAAAARHN+8cOjVQJ2YZdADUAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAQcA1AAKBiRNJ\/YkTYzBAAAAAAAAELEAAAAAAAAADwYgARa4LRoyANRG8rtzEZ1EIAFMoAAAAQMAAAAAgbv\/\/PfhAbvbAGwAACKxAAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAAoGJE0n9iRNjMEAAAAAAAAIZQAAAAAAAAAMBiABTKAAAAEDAAAAAIG7\/\/wgARa4LRoyANRG8rtzEZ1EAbv34RsAbAAAMhAAACKxhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAA="} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568213026961,"flow_last_seen":1568213026961,"flow_idle_time":180000,"flow_min_l4_payload_len":1376,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":1376,"flow_avg_l4_payload_len":1376,"midstream":0,"thread_ts_msec":1568213026961,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} 02225{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568213026961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1366,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1366,"pkt_l4_len":1332,"thread_ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAVILBdAAEARgtnAqAKGwKgC3r31CAkFNLI1AAkAECROCO5dZ6gMFm+miQAAAAEBAwTEAAoEJE2HcCRNh3AAAAAAAAAAKAAAAAAAAAABBoOf7vm5sBu2oskXJAIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2RayRNkWsAAAAAAAAAKAAAAAAAAAABBo0oBklcdiVS2B5jWQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10SSRNdEkAAAAAAAAAKAAAAAAAAAABBor2SWJcdiVKtb25AgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE10KiRNdCoAAAAAAAAAKAAAAAAAAAABBoOfXsy5sBu2oskPGwIAkwADHowAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2NbCRNjWwAAAAAAAAAKAAAAAAAAAABBor1CjVZ+KxV434I\/gIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HTiRNh2kAAAAAAAAArQAAAAAAAAACBhH8TA+K9gIpwNYUZxgAkwAAMhAAAALKhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2HWyRNh1sAAAAAAAAAnQAAAAAAAAACBor2AikR\/EwPFGfA1hgAkwAAAsoAADIQ2GfZGI\/ahHisFZ1CAAAAAAACAAAAAAAAAAAAAAAAAAoEJE1ycCRNcnAAAAAAAAAAKAAAAAAAAAABBor0oRm5sBu2oskF8wIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1qhiRNaoYAAAAAAAAAKAAAAAAAAAABBo1Umhq5r10JuVyC6gIAkwAAiv4AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KayRNin8AAAAAAAAAcwAAAAAAAAACBlCeJjiK9gKwnKIUZxgAkwAAMhAAAIUmhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2KeiRNinoAAAAAAAAASwAAAAAAAAABBor2ArBQniY4FGecohgAkwAAhSYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1v8SRNb\/EAAAAAAAAAKAAAAAAAAAABBor0mjxcdiVS2B5xQQIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2M1CRNjNQAAAAAAAAAKAAAAAAAAAABBo0otfJcdiVS2B5oFAIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1yviRNcr4AAAAAAAAAKAAAAAAAAAABBor0xzO5sBu2oskgMwIAkwADHowAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+PiRNfj4AAAAAAAAAKAAAAAAAAAABBor2SCBcdiVS2B5xvwIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAECAFQACgQkTYXUJE2F1AAAAAAAAAFBAAAAAAAAAAERjVQJ2c37xw4ANYZdAJMAAEB9AAAyENhn2RiP2oR4rBWdQgAAAAAAAAAAAAAAAAAAAAAAAA=="} 02298{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1568213026961,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1418,"pkt_l4_len":1384,"thread_ts_msec":1568213026961,"pkt":"ACWQ1Mz5rB9rrWosCABFAAV8LBhAAEARgqTAqAKGwKgC3r31CAkFaPcdAAkAECROCO5dZ6gMFm+migAAAAEBAwQkAAoEJE18UiRNfFIAAAAAAAAAKAAAAAAAAAABBor1GIyKxVabf\/8hYQIAkwAANu0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE188iRNfPIAAAAAAAAALAAAAAAAAAABBor1b6tTbs2s6Q\/qYQIAkwAAFQgAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b5CRNjsgAAAAAAAAD+QAAAAAAAAAKBtg6zy6Bu8nv4FQBux4AkwAAMhAAADtBhHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE0b7CRNjscAAAAAAAAH0wAAAAAAAAAIBoG7ye\/YOs8uAbvgVBoAkwAAO0EAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE13qiRNd6oAAAAAAAAAKAAAAAAAAAABBoG7U8O55eBgf\/8hYQIAkwAAodwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAAoEJE2RLCRNkSwAAAAAAAAAKAAAAAAAAAABBoOfCHdcdiVS2B5lPQIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2C\/iRNhM0AAAAAAAAG0wAAAAAAAAAIBiOxkHGNVP4E02gBuxoAkwAAMhAAAEB9hHisFZ1C2GfZGI\/aAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2DFCRNhM0AAAAAAAATxgAAAAAAAAAJBo1U\/gQjsZBxAbvTaBoAkwAAQH0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE11DSRNdQ0AAAAAAAAALAAAAAAAAAABBor2Qvpdrl9qcVMffAIAkwADFrkAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2BfSRNgX0AAAAAAAAAKAAAAAAAAAABBo1UDOe5B+tq\/5UAUAIAkwAAISwAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1+qyRNfqsAAAAAAAAALAAAAAAAAAABBor1Lmtlbfp7vHIBvQIAkwAAXaEAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE2AYyRNgGMAAAAAAAAAKAAAAAAAAAABBo1UHwVcdiVS2B5nAgIAkwAAixYAADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEJE1t3iRNbd4AAAAAAAAAKAAAAAAAAAABBoOfiSJcdiVKtb1noAIAkwAAixYAAzG32GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAAAAAoEAQIAVAAKBCRNg0AkTYNAAAAAAAAAApoAAAAAAAAAARGDn7MEo6zlqFf+E8QAkwAAMkwAAzG32GfZGI\/ahHisFZ1CAAAAAAAgAAAAAAAAAAAAAAAAAQcA1AAKBiRNI9AkTYY5AAAAAAAAALUAAAAAAAAAAwYgAUygIAMBAAAAAAAAAAEzKgX1AAAQAQEAAAAAuT+RAcrSAbsRAGwAADIQAAA4TYR4rBWdQthn2RiP2gAAAAAAAAAAAAAAAAAAAAAAAAoGJE0j2SRNhkIAAAAAAAABGwAAAAAAAAAEBioF9QAAEAEBAAAAALk\/kQEgAUygIAMBAAAAAAAAAAEzAbvK0hkAbAAAOE0AADIQ2GfZGI\/ahHisFZ1CAAAAAAAAAAAAAAAAAAAAAAA="} 00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1568213026961,"flow_last_seen":1568213026962,"flow_idle_time":180000,"flow_min_l4_payload_len":1320,"flow_max_l4_payload_len":1376,"flow_tot_l4_payload_len":13468,"flow_avg_l4_payload_len":1346,"midstream":0,"thread_ts_msec":1568213026962,"l3_proto":"ip4","src_ip":"192.168.2.134","dst_ip":"192.168.2.222","src_port":48629,"dst_port":2057,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"NetFlow","breed":"Acceptable","category":"Network"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1568213026962} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"netflowv9.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":13468,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1568213026962} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680088 bytes -~~ total memory freed........: 4680088 bytes +~~ total memory allocated....: 4680112 bytes +~~ total memory freed........: 4680112 bytes ~~ total allocations/frees...: 101153/101153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/nintendo.pcap.out b/test/results/nintendo.pcap.out index 88452fd47..ace2eec0e 100644 --- a/test/results/nintendo.pcap.out +++ b/test/results/nintendo.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"nintendo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1500731320644} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1500731320644} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1500731320644,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1500731320644,"pkt":"AA6OGXEMfLuKifuECABFAABYEUEAAEARTg7AqAxyWwjzI8uXwRgARM2+MquYZAJWA8uWATPgxkj4NJP7aMnpzfBBRQUJGYsmvR+Tfti6\/9NW0mVVtdYfmAlO0lOZx8+qpE3Q9Qrr"} 00634{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1500731320644,"flow_last_seen":1500731320644,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":60,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1500731320644,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"91.8.243.35","src_port":52119,"dst_port":49432,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} @@ -129,7 +129,7 @@ 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1500731320764,"flow_last_seen":1500731321914,"flow_idle_time":180000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":156,"flow_tot_l4_payload_len":1332,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"192.168.12.114","dst_ip":"134.3.248.25","src_port":52119,"dst_port":56955,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Nintendo","breed":"Fun","category":"Game"}} 00652{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1500731343274,"flow_last_seen":1500731343874,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":324,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.98","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00654{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1500731342860,"flow_last_seen":1500731343591,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":756,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1500731348756,"l3_proto":"ip4","src_ip":"151.6.184.100","dst_ip":"192.168.12.114","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":996,"total-skipped-flows":0,"total-l4-data-len":289225,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-events-serialized":132,"global_ts_msec":1500731348756} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1000,"source":"nintendo.pcap","alias":"nDPId-test","packets-captured":1000,"packets-processed":996,"total-skipped-flows":0,"total-l4-data-len":289225,"total-not-detected-flows":0,"total-guessed-flows":7,"total-detected-flows":15,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":132,"global_ts_msec":1500731348756} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1000/996 ~~ skipped flows.............: 0 @@ -138,8 +138,8 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4737962 bytes -~~ total memory freed........: 4737962 bytes +~~ total memory allocated....: 4737986 bytes +~~ total memory freed........: 4737986 bytes ~~ total allocations/frees...: 102212/102212 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars diff --git a/test/results/no_sni.pcap.out b/test/results/no_sni.pcap.out index b8e1ce6bf..88c6e3223 100644 --- a/test/results/no_sni.pcap.out +++ b/test/results/no_sni.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"no_sni.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1604822444474} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1604822444474} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604822444474,"flow_last_seen":1604822444474,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":1,"thread_ts_msec":1604822444474,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.249.249","src_port":51331,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00501{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1604822444474,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1604822444474,"pkt":"EBMxuRBeeDHBvV4kCABFAABPAABAAEAGFoDAqAF3aBD5+ciDAbvkc0fPNh\/971AYEABWfwAAFwMDACKpSo7n5l1NtXHPvYJ17DEID+iXo6vcSBPbb4QBvLt6N\/RR"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1604822444475,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1604822444475,"pkt":"EBMxuRBeeDHBvV4kCABFAABAAABAAEAGFo\/AqAF3aBD5+ciDAbvkc0f2Nh\/971AYEAB\/fAAAFwMDABPsQXLhLYpNcnxO3uEm2chWzCNj"} @@ -55,7 +55,7 @@ 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":785,"flow_first_seen":1604822444913,"flow_last_seen":1604822448604,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":480607,"flow_avg_l4_payload_len":612,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.16.124.96","src_port":51612,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447227,"flow_last_seen":1604822447785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51635,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":23,"flow_first_seen":1604822447249,"flow_last_seen":1604822447807,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":4696,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1604822448604,"l3_proto":"ip4","src_ip":"192.168.1.119","dst_ip":"104.17.198.37","src_port":51636,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1185,"packets-processed":1185,"total-skipped-flows":0,"total-l4-data-len":523130,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-events-serialized":58,"global_ts_msec":1604822448604} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1185,"source":"no_sni.pcap","alias":"nDPId-test","packets-captured":1185,"packets-processed":1185,"total-skipped-flows":0,"total-l4-data-len":523130,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":7,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":58,"global_ts_msec":1604822448604} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1185/1185 ~~ skipped flows.............: 0 @@ -64,8 +64,8 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4739187 bytes -~~ total memory freed........: 4739187 bytes +~~ total memory allocated....: 4739211 bytes +~~ total memory freed........: 4739211 bytes ~~ total allocations/frees...: 102375/102375 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/ocs.pcap.out b/test/results/ocs.pcap.out index dcb27b15a..dc788dee7 100644 --- a/test/results/ocs.pcap.out +++ b/test/results/ocs.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocs.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1449652784341} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1449652784341} 00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652784341} 00328{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPKbzQABABiV4wKi0AkDpuLy6UxRsAv3YCQAAAACgAjkIdPYAAAIEBbQEAggKADWBtgAAAAABAwMG"} 00169{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652786071} @@ -1892,7 +1892,7 @@ 00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":945,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9qQABABgLYwKi0ArL40NKmXgBQrzComDk0Q6ywEAgkkQkAAAEBCAoANZnyGkFqZAEBBQo5NE6EOTRT8A=="} 00171{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","global_ts_msec":1449652846380} 00338{"packet_event_id":1,"packet_event_name":"packet","packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":64,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":64,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAQD9rQABABgLXwKi0ArL40NKmXgBQrzComDk0Q6ywEAgki50AAAEBCAoANZnyGkFqZAEBBQo5NE6EOTRZXA=="} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":1895,"global_ts_msec":1449652846380} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":946,"source":"ocs.pcap","alias":"nDPId-test","packets-captured":946,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1895,"global_ts_msec":1449652846380} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 946/0 ~~ skipped flows.............: 0 @@ -1901,8 +1901,8 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 174 chars diff --git a/test/results/ocsp.pcapng.out b/test/results/ocsp.pcapng.out index 9493ac6b4..3ac028478 100644 --- a/test/results/ocsp.pcapng.out +++ b/test/results/ocsp.pcapng.out @@ -1,11 +1,11 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ocsp.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1623221248283} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1623221248283} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623221248283,"flow_last_seen":1623221248283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623221248283,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623221248283,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623221248283,"pkt":"pJGxgjQ56CrqthSFCABFAAA07YhAAIAG7ObAqAHjbUbwgsKVAFBAnkIeAAAAAIAC+vAOKQAAAgQFtAEDAwgBAQQCGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARhcrEQ=="} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623221248292,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":28,"thread_ts_msec":1623221248292,"pkt":"6CrqthSFpJGxgjQ5CABFAAAwAABAADUGJXRtRvCCwKgB4wBQwpWhnw3QQJ5CH3ASOQg1lwAAAgQFtAEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx3fu3"} 00529{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623221248311,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":20,"thread_ts_msec":1623221248311,"pkt":"pJGxgjQ56CrqthSFCABFAAAo7YlAAIAG7PHAqAHjbUbwgsKVAFBAnkIfoZ8N0VAQAgGYawAAAAAAAAAAGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjLK1pA=="} 00903{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623221248283,"flow_last_seen":1623221248318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":385,"flow_tot_l4_payload_len":385,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623221248318,"l3_proto":"ip4","src_ip":"192.168.1.227","dst_ip":"109.70.240.130","src_port":49813,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"ocsp07.actalis.it","url":"ocsp07.actalis.it\/VA\/AUTH-ROOT\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSw4x5v4bTlizjNRmTdkYSy7q0R9gQUUtiIOsifeGbtifN7OHCUyQICNtACEEWXMtjzGMt1k6L0aA%2BQ6tk%3D","code":0,"content_type":"","user_agent":"Microsoft-CryptoAPI\/10.0"}} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-data-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1623222699655} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":24,"packets-processed":23,"total-skipped-flows":0,"total-l4-data-len":8359,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1623222699655} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623222699655,"flow_last_seen":1623222699655,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623222699655,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1623222699655,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699655,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8N6FAAEAG+ZTAqAGAjvq4Y9OKAFA7VkTpAAAAAKAC+vDDlAAAAgQFtAQCCAqSLZmsAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx0lW5"} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1623222699659,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623222699659,"pkt":"PKn0qB\/spJGxgjQ5CABFgAA8l3UAADkG4ECO+rhjwKgBgABQ04qgD55GO1ZE6qAS\/\/9O2gAAAgQFlgQCCAovwgGfki2ZrAEDAwgZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAACT46ug"} @@ -29,7 +29,7 @@ 00833{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":122,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623223091709,"flow_last_seen":1623223091739,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":389,"flow_tot_l4_payload_len":389,"flow_avg_l4_payload_len":97,"midstream":0,"thread_ts_msec":1623223091739,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.usertrust.com","url":"ocsp.usertrust.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} 00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1623222785863,"flow_last_seen":1623222909833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":889,"flow_tot_l4_payload_len":2550,"flow_avg_l4_payload_len":70,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"92.122.95.235","src_port":43728,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":128,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623222699655,"flow_last_seen":1623222892672,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":702,"flow_tot_l4_payload_len":2192,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1623223091773,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"142.250.184.99","src_port":54154,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Cloud"}} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-data-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-events-serialized":32,"global_ts_msec":1623226796047} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":158,"packets-processed":157,"total-skipped-flows":0,"total-l4-data-len":15999,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":5,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_msec":1623226796047} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623226796047,"flow_last_seen":1623226796047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623226796047,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1623226796047,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796047,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8IiFAAEAGHJ3AqAGAXbjcHbsgAFDKwHZTAAAAAKAC+vANzwAAAgQFtAQCCArJnn0eAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2uJMq"} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1623226796050,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623226796050,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8OIIAADgGTjxduNwdwKgBgABQuyB0cdYZysB2VKAS\/\/931wAAAgQFtAQCCAqXTK79yZ59HgEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApvHVR"} @@ -37,7 +37,7 @@ 00830{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623226796047,"flow_last_seen":1623226796057,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":387,"flow_tot_l4_payload_len":387,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623226796057,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.digicert.com","url":"ocsp.digicert.com\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} 00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223090984,"flow_last_seen":1623223156084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":728,"flow_tot_l4_payload_len":1592,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34320,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":165,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623223091709,"flow_last_seen":1623223156800,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":472,"flow_tot_l4_payload_len":1306,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1623226796065,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.139.128.14","src_port":34340,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-data-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-events-serialized":40,"global_ts_msec":1623227471703} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":208,"packets-processed":207,"total-skipped-flows":0,"total-l4-data-len":19557,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":40,"global_ts_msec":1623227471703} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623227471703,"flow_last_seen":1623227471703,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623227471703,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"52.85.15.92","src_port":49382,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":208,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1623227471703,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471703,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8CDlAAEAGLKrAqAGANFUPXMDmAFDpM3mLAAAAAKAC+vAljwAAAgQFtAQCCArD2jnWAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAU0JsT"} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":209,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1623227471715,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623227471715,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8PJoAAPMGhUg0VQ9cwKgBgABQwOYt\/4+26TN5jKAS\/\/9VQwAAAgQFoAQCCAoCPQtLw9o51gEDAwkZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrMGLg"} @@ -49,7 +49,7 @@ 00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":217,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1623227472218,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":32,"thread_ts_msec":1623227472218,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0cD1AAEAGbnTAqAGAl2UCheoSAFClxR9WcxTjBIAQAfagEQAAAQEIClxJqx0CSmlaGYERCQAgACABAAABAAAACAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyyO91A=="} 00851{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":218,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623227472211,"flow_last_seen":1623227472219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1623227472219,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"151.101.2.133","src_port":59922,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.globalsign.com","url":"ocsp.globalsign.com\/gsrsaovsslca2018","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} 00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":224,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1623226796047,"flow_last_seen":1623226963037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":799,"flow_tot_l4_payload_len":3558,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1623227472228,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"93.184.220.29","src_port":47904,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-data-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-events-serialized":52,"global_ts_msec":1623229632695} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":275,"packets-processed":274,"total-skipped-flows":0,"total-l4-data-len":23358,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":8,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":52,"global_ts_msec":1623229632695} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623229632695,"flow_last_seen":1623229632695,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623229632695,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1623229632695,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632695,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA82G5AAEAGQmzAqAGAbUbwcrHKAFDtwUNWAAAAAKAC+vAcMQAAAgQFtAQCCAoRKRyhAAAAAAEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZRLNb"} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":276,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1623229632706,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":40,"thread_ts_msec":1623229632706,"pkt":"PKn0qB\/spJGxgjQ5CABFAAA8AABAADUGJdttRvBywKgBgABQscrfcozQ7cFDV6AScSAwDQAAAgQFtAQCCAq9uUvmESkcoQEDAwcZgREJACAAIAEAAAEAAAAIAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAADSBFoQ"} @@ -64,7 +64,7 @@ 00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":302,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1623229850956,"flow_last_seen":1623229850973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":386,"flow_tot_l4_payload_len":386,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1623229850973,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"},"http": {"hostname":"ocsp.entrust.net","url":"ocsp.entrust.net\/","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko\/20100101 Firefox\/89.0"}} 00682{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":320,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1623229632695,"flow_last_seen":1623229697742,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":2724,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1623229853240,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"109.70.240.114","src_port":45514,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} 00681{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":46,"flow_first_seen":1623229850956,"flow_last_seen":1623229968257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":7031,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1623229968257,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"23.12.96.145","src_port":49034,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.OCSP","breed":"Safe","category":"Network"}} -00480{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-data-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-events-serialized":67,"global_ts_msec":1623229968257} +00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":344,"source":"ocsp.pcapng","alias":"nDPId-test","packets-captured":344,"packets-processed":344,"total-skipped-flows":0,"total-l4-data-len":33113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":67,"global_ts_msec":1623229968257} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 344/344 ~~ skipped flows.............: 0 @@ -73,8 +73,8 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4699254 bytes -~~ total memory freed........: 4699254 bytes +~~ total memory allocated....: 4699278 bytes +~~ total memory freed........: 4699278 bytes ~~ total allocations/frees...: 101562/101562 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/ookla.pcap.out b/test/results/ookla.pcap.out index 08c90f2ee..06b68dce4 100644 --- a/test/results/ookla.pcap.out +++ b/test/results/ookla.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ookla.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1491069108756} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1491069108756} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491069108756,"flow_last_seen":1491069108756,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069108756,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491069108756,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1491069108756,"pkt":"gCqojWksxCwDBkn+CABFAABAClpAAEAGAADAqAEHLiz9u8gHAFAHQx4AAAAAALAC\/\/\/tyQAAAgQFtAEDAwUBAQgKDd4HoAAAAAAEAgAA"} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491069108793,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1491069108793,"pkt":"xCwDBkn+gCqojWksCABFAAA8AABAADMGWiUuLP27wKgBBwBQyAdRUNK1B0MeAaASOJAJ5wAAAgQFrAQCCAp\/4XDqDd4HoAEDAwU="} @@ -12,7 +12,7 @@ 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1491069115107,"flow_last_seen":1491069115172,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491069115172,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} 00830{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5066,"flow_first_seen":1491069115107,"flow_last_seen":1491069155251,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4346133,"flow_avg_l4_payload_len":857,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51215,"dst_port":8080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"Ookla","breed":"Safe","category":"Network"}} 00582{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":20,"flow_first_seen":1491069108756,"flow_last_seen":1491069114084,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":457,"flow_tot_l4_payload_len":2980,"flow_avg_l4_payload_len":149,"midstream":0,"thread_ts_msec":1491069155251,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"46.44.253.187","src_port":51207,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":5086,"packets-processed":5086,"total-skipped-flows":0,"total-l4-data-len":4349113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1491069155251} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5086,"source":"ookla.pcap","alias":"nDPId-test","packets-captured":5086,"packets-processed":5086,"total-skipped-flows":0,"total-l4-data-len":4349113,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1491069155251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5086/5086 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4838436 bytes -~~ total memory freed........: 4838436 bytes +~~ total memory allocated....: 4838460 bytes +~~ total memory freed........: 4838460 bytes ~~ total allocations/frees...: 106236/106236 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/openvpn.pcap.out b/test/results/openvpn.pcap.out index ee9dcde93..e95061118 100644 --- a/test/results/openvpn.pcap.out +++ b/test/results/openvpn.pcap.out @@ -1,18 +1,18 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"openvpn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1467904946700} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1467904946700} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467904946700,"flow_last_seen":1467904946700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1467904946700,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467904946700,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946700,"pkt":"hCYVLjtSAA6OGXEMCABFAAA8ANVAAEAGYbLAqAFNLmXn2ursAbu+lXueAAAAAKACchBbjAAAAgQFtAQCCAoADXtLAAAAAAEDAwE="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467904946755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1467904946755,"pkt":"AA6OGXEMhCYVLjtSCABFoAA8AABAADQGbecuZefawKgBTQG76uxsxVWWvpV7n6AScSBx2QAAAgQFtAQCCAoANCgCAA17SwEDAwE="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1467904946755,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1467904946755,"pkt":"hCYVLjtSAA6OGXEMCABFAAA0ANZAAEAGYbnAqAFNLmXn2ursAbu+lXufbMVVl4AQOQjYsgAAAQEICgANe1AANCgC"} 00778{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1467904946700,"flow_last_seen":1467904947753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":56,"flow_tot_l4_payload_len":100,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1467904947753,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":96,"packets-processed":95,"total-skipped-flows":0,"total-l4-data-len":9094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1470218591746} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":96,"packets-processed":95,"total-skipped-flows":0,"total-l4-data-len":9094,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1470218591746} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1470218591746,"flow_last_seen":1470218591746,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1470218591746,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1470218591746,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1470218591746,"pkt":"mAyC0zx8AAjKQoXqCABFAABG3rhAAEARTXXAqCsMizuXiaIjNXAAMosJOLAsz\/G18BdPwJFmbjsSS62jkXMxe5OXItH+Y74AAAABV6HBXwAAAAAA"} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1470218591941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1470218591941,"pkt":"AAjKQoXqmAyC0zx8CABFAABSYIhAADIR2ZmLO5eJwKgrDDVwoiMAPhWBQPd\/wu\/b4j9X3sTI1WVNByO\/jAvlQThWMnDPrhMAAAABV6HBXwEAAAAAsCzP8bXwF08AAAAA"} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1470218591746,"flow_last_seen":1470218591941,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":96,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1470218591941,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":98,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1470218591942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1470218591942,"pkt":"mAyC0zx8AAjKQoXqCABFAABO3uZAAEARTT\/AqCsMizuXiaIjNXAAOpZEKLAsz\/G18BdPyDdJemqNaU65YLasCHjnV9mH+DAAAAACV6HBXwEAAAAA93\/C79viP1c="} 00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":1467904946700,"flow_last_seen":1467905010834,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":9094,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1470218600860,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"46.101.231.218","src_port":60140,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00476{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-data-len":19167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":15,"global_ts_msec":1472334890224} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-data-len":19167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1472334890224} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1472334890224,"flow_last_seen":1472334890224,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":42,"flow_tot_l4_payload_len":42,"flow_avg_l4_payload_len":42,"midstream":0,"thread_ts_msec":1472334890224,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1472334890224,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1472334890224,"pkt":"mAyC0zx8MFLLbJwbCABFAABGe8pAAEARsF3AqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZfF5v2e87DGOeGNd7GPORrKCUl+wAAAABV8IMKgAAAAAA"} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1472334892420,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1472334892420,"pkt":"mAyC0zx8MFLLbJwbCABFAABGfNNAAEARr1TAqCsSizuXiTVwNXAAMg7DOGYO4pqkkLBZptsOrY2Z8Me\/lrzRmp5vsU3x26QAAAACV8IMKgAAAAAA"} @@ -20,7 +20,7 @@ 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":181,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1472334890224,"flow_last_seen":1472334892467,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":138,"flow_avg_l4_payload_len":46,"midstream":0,"thread_ts_msec":1472334892467,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00828{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":248,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1470218591746,"flow_last_seen":1470218600860,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1172,"flow_tot_l4_payload_len":10073,"flow_avg_l4_payload_len":121,"midstream":0,"thread_ts_msec":1472334896789,"l3_proto":"ip4","src_ip":"192.168.43.12","dst_ip":"139.59.151.137","src_port":41507,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} 00829{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1472334890224,"flow_last_seen":1472334909465,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1245,"flow_tot_l4_payload_len":23132,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1472334909465,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"139.59.151.137","src_port":13680,"dst_port":13680,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"OpenVPN","breed":"Acceptable","category":"VPN"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":298,"total-skipped-flows":0,"total-l4-data-len":42299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":23,"global_ts_msec":1472334909465} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":298,"source":"openvpn.pcap","alias":"nDPId-test","packets-captured":298,"packets-processed":298,"total-skipped-flows":0,"total-l4-data-len":42299,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1472334909465} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 298/298 ~~ skipped flows.............: 0 @@ -29,8 +29,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4692232 bytes -~~ total memory freed........: 4692232 bytes +~~ total memory allocated....: 4692256 bytes +~~ total memory freed........: 4692256 bytes ~~ total allocations/frees...: 101448/101448 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/os_detected.pcapng.out b/test/results/os_detected.pcapng.out index aea3dff16..31d13dedb 100644 --- a/test/results/os_detected.pcapng.out +++ b/test/results/os_detected.pcapng.out @@ -1,10 +1,10 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"os_detected.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1611427514609} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1611427514609} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1611427514609,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1611427514609,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAUAZdFAAEAR\/ePAqAGACAgICJuNAbsE7AYLxP8AAB0Inw\/JO07eNjIIgxX\/XKNBIUIARMqZ8UiDvq\/ZLsUdz0scSMu9YDA5XC\/EJ\/VWdcKmIJjpSLXMxg05sWM0HmWuizvek0EXnlQzmUN9ovr2\/hk4L4+drmSHxo9NOB+GUfgxVDY8jS5sYut7pzwyS1v0Tzd0E1TyJIWDsBfvZlI4bbIIRlefQgOB0WdUqMEfHzxzcbGs6dNO+9vDaznNJ4dGUWqyjTrP1xrbA5ARI5dTVb4R+7D0v8orWpuNvxjoiVb36LCsfL0SbVo2GhqQoHke+Z\/B2D+0+r7INWQc1iHzAG+HeNlA1LtOtYyHAJVB+P59vqKsfmDTE8RgVpXe1x30lS+4YR7jaekw9qCyZHC0kKXvmsPCqZ\/9qa5gMMsfGTjnOTdcid5WA6CyHhSK2HTQW4GkzXHYPreaFIFRc0y9+aMq1Mfl97S1vnvDvIbG91Np67AM6LV1xuilkclYvUim1l1JoFQCUfe6m3PyP+gIQTFerpfrZHjXHVmed8ZubnloXre0\/Z3B2Oh1fmjBjrSNQGdC4YK\/DVld8Ug+FRG0kxgDMCgRJ2S9dOYEMkKgzq\/BKvgwUYmMidXS+F+tMJvoHQSzv3bhpGgehHuZOqNIC3d6Rty6h0nPb+BYsf5E1IpIcwzMB2CvZbT77jViKMoAt5RtufWUmoQ2qymcAa7AXbvCL5L7qI\/1oplTPNm0Ysi0JSUXXf61rlCNL1vc+XNbLSeTg2Vz2fPTbPH7hg\/8qinCri68WhuYiT\/rvuXkVqGxWKJq5b1oM\/AIky7+yMfObOfk9kQ3thgac0pRO1LAAwjECH\/XdGHuEsxIejknnknLjBpjmS+2c+909N0TGc\/NPsDPdaLmN10HnCVLaT1WmruOxWZDa3gV1s3K4IKU6NwqVeHNSYO5xx5HEC7tZU+y4E74cmfLayIxxbdgkahHRv9ATyXrtMLRAHqK8ZsoIIw0D9NAPBA355APW3UhJ\/Z9ZHxppKcR2\/OPN1KQqoIrhRGT9bUzB7Xkn\/VMWRYSTXTiaAYMcb8dRkENbKtVWSIk9LJFrE8pIXivmB2tWlt1t6y+TR30oU1\/NUX3jGhxE7t44s+NhGXfBpl2YQbF4zUhYeZAUzU9QbWzyGdZYarMNxVUgYeW9stlVHB0y\/otPwbX9mpoJ+Dy1FXdgrsIv1LAkh1\/3bdSFFfKVJUwX6EGqQRQU02j\/r+E7RZ0bE01QtNNSuMRMdJX2zJtopXBwZLz8h67datSO+I1wfoRzj4VUG35Q8hcFywG\/xq04McVVySWGNnMos9RmQkhysf\/lc3FuHHnMMA\/XcGqeB2biYiiwAKDCGuBCGTLrEYhV1yIzE4vEhvJvg325fJl3DNeUSuAwqKe9SjUjQtv+EVpEiYxaR6X90zwFDBlHdBDDCfh3iS1o2jSGLUvocncy0jQz8qak7nPw6oMW\/gU8WvBhkEaY\/b26hw+tYWakl5yNVwxnF\/7PKfJyyyPpmjSH2ycL45nydbEY1t1GYpcV+P7AunIs6enuyUp9NNdtbH\/d0RuYFGsVW1287YLi13LwF56RtlC\/tVGquwfxdqcbniCbYb8LvlGF6r32UjuoiuACdgmkrt6Wf7sAVkRHeYLY5bLkD+o6H+JIwDjoOA\/yI8iOw0QceAwvS35vC2IO56LiInTgA=="} 01026{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"user_agent":"Mozilla\/5.0 (Windows NT 5.2; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit\/531.21.10 (KHTML, like Gecko)","version":"TLSv1.3","alpn":"h3-29","ja3":"9addef84847d700f759746b237c405c8","tls_supported_versions":"TLSv1.3"}} 00820{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1611427514609,"flow_last_seen":1611427514609,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1611427514609,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"8.8.8.8","src_port":39821,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1611427514609} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"os_detected.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1611427514609} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,10 +13,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685376 bytes -~~ total memory freed........: 4685376 bytes +~~ total memory allocated....: 4685400 bytes +~~ total memory freed........: 4685400 bytes ~~ total allocations/frees...: 101158/101158 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars ~~ json string max len.......: 2155 chars -~~ json string avg len.......: 1257 chars +~~ json string avg len.......: 1258 chars diff --git a/test/results/pinterest.pcap.out b/test/results/pinterest.pcap.out index 857e340af..5344dc110 100644 --- a/test/results/pinterest.pcap.out +++ b/test/results/pinterest.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pinterest.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1605289710318} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1605289710318} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605289710318,"flow_last_seen":1605289710318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289710318,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:7854","src_port":33164,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605289710318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289710318,"pkt":"qtsDr8lk5EKm5WPyht1gCMmjACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXhUgYwBu9VDYL21LWgegBAB9TESAAABAQgKz6ojDMK4Yvg="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1605289710576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605289710576,"pkt":"5EKm5WPyqtsDr8lkht1gAAAAACAGPQBk\/5sAAAAAAAAAAJdleFQqAcsBIEmLB5kd7IUo3\/YpAbuBjLUtaB7VQ2C+gBALgY8wAAABAQgKwrkTpM+oCrY="} @@ -238,7 +238,7 @@ 00621{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289718347,"flow_last_seen":1605289718378,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80c::200a","src_port":57130,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00614{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605289722442,"flow_last_seen":1605289722621,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605289734948,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2600:1901::7a0b::","src_port":46918,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00495{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":17657,"packets-processed":17657,"total-skipped-flows":0,"total-l4-data-len":26490343,"total-not-detected-flows":0,"total-guessed-flows":17,"total-detected-flows":21,"total-detection-updates":31,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-events-serialized":241,"global_ts_msec":1605289734948} +00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17657,"source":"pinterest.pcap","alias":"nDPId-test","packets-captured":17657,"packets-processed":17657,"total-skipped-flows":0,"total-l4-data-len":26490343,"total-not-detected-flows":0,"total-guessed-flows":17,"total-detected-flows":21,"total-detection-updates":31,"total-updates":0,"current-active-flows":0,"total-active-flows":37,"total-idle-flows":37,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":241,"global_ts_msec":1605289734948} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17657/17657 ~~ skipped flows.............: 0 @@ -247,8 +247,8 @@ ~~ total active/idle flows...: 37/37 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6208431 bytes -~~ total memory freed........: 6208431 bytes +~~ total memory allocated....: 6208455 bytes +~~ total memory freed........: 6208455 bytes ~~ total allocations/frees...: 120103/120103 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/pop3.pcap.out b/test/results/pop3.pcap.out index 1a2307e18..399f7ccaa 100644 --- a/test/results/pop3.pcap.out +++ b/test/results/pop3.pcap.out @@ -1,12 +1,12 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pop3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1349776771892} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1349776771892} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1349776771892,"flow_last_seen":1349776771892,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1349776771892,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1349776771892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776771892,"pkt":"ABffs8QAAMCfw1sHCABFEAA8\/wtAAEAGdh2P4eW1StAFHInXAG5gksK3AAAAAKACFtDFsQAAAgQFtAQCCAoAYD28AAAAAAEDAwY="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1349776772030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1349776772030,"pkt":"AMCfw1sHABffs8QACABFAAA8AABAADUGgDlK0AUcj+HltQBuidcdXnV7YJLCuKASFqDzqQAAAgQFtAQCCApTpKX2AGA9vAEDAwk="} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1349776772030,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1349776772030,"pkt":"ABffs8QAAMCfw1sHCABFEAA0\/wxAAEAGdiSP4eW1StAFHInXAG5gksK4HV51fIAQAFzFqQAAAQEICgBgPkZTpKX2"} 00817{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1349776771892,"flow_last_seen":1349776780730,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":60,"flow_tot_l4_payload_len":142,"flow_avg_l4_payload_len":14,"midstream":0,"thread_ts_msec":1349776780730,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"},"pop": {"user":"cicciopernacchio@mail.com","password":"pippozzo"}} 00792{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1349776771892,"flow_last_seen":1349776799209,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1853,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1349776799209,"l3_proto":"ip4","src_ip":"143.225.229.181","dst_ip":"74.208.5.28","src_port":35287,"dst_port":110,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"POP3","breed":"Unsafe","category":"Email"}} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-data-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1349776799209} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"pop3.pcap","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-data-len":1853,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1349776799209} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682745 bytes -~~ total memory freed........: 4682745 bytes +~~ total memory allocated....: 4682769 bytes +~~ total memory freed........: 4682769 bytes ~~ total allocations/frees...: 101175/101175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/pps.pcap.out b/test/results/pps.pcap.out index 6bc52f0cd..9b4328247 100644 --- a/test/results/pps.pcap.out +++ b/test/results/pps.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"pps.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1467353136432} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1467353136432} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1467353136432,"flow_last_seen":1467353136432,"flow_idle_time":180000,"flow_min_l4_payload_len":1065,"flow_max_l4_payload_len":1065,"flow_tot_l4_payload_len":1065,"flow_avg_l4_payload_len":1065,"midstream":0,"thread_ts_msec":1467353136432,"l3_proto":"ip4","src_ip":"1.173.5.226","dst_ip":"192.168.115.8","src_port":22636,"dst_port":22793,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01878{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1467353136432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1107,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1107,"pkt_l4_len":1073,"thread_ts_msec":1467353136432,"pkt":"ABxCjnAxTF4M6gNlCABFAARFnt8AAHkRY4kBrQXiwKhzCFhsWQkEMf8ywISVs7ORwenTFHKVo6On5uSI0FSEcN6hpKSkpNyhoaGhoaGhpZUqLaxIFnIc1o9j1V\/jBxJYgTJzuNolbzVZ0R0xZInD9kisn9RUmqrxmfaOfWLidBLnlikkHNGned0J8w\/52jjY0bi7jWD1Ne30q1o07ZUYUv\/QbvJH0F4eDOmx08v7Bn20GVMFMCjodWpNTNXJ2SexjrFeI6FN4QYXCHMojb7c\/PEThAYazMCmu0O\/roaBRseEPs6rkTe8cp9cAvQ\/n5mjopI2U8mnsMzLdAnslhYT0HUp9qJVwLrEv01esKN2ht\/bwWWVF5TQquAB9v7Wt6e2OQ8vuih+Atb\/n4iLmHyAs8+DFzXEuSUKcpvamkMM7UM6hef8q9KNvY9qWQR1Tk9ycKmbR0smL1JeXfm85kJMbN\/EYgsXVxKaRK2Rv1yY1dyGePuc3UEjPL+KzMtadixFRQ2hL7UpDi17vDigTJ7AYF91J2Ja6BY8r45GbA0qcKjT\/2PMj0bcxGB5DZVExfvPgmT3pnLIXAIQCOuPxcK1euFQEq3Apr\/U+RUfsQg\/rkRxZFaG23hIOWdbuHAYWf162Ln84BIDQyIvmVPxm8HZfjSFxo5lT3SAnYhEraONvTPmIXSleQ0yKdGJXnTmaDvKNiI7tvMq4Ue8NItBFyrpaz\/ey7wisHK9g6RaTXC2Chi58N03IkAUbldcXIkAS5oXnhiCl8IRbYlSyiMzSearcyriLmt1A2oCZsMGjLI+Vg\/QQvFWKc8MUtJXDD\/3\/zP8XOVOsXbwqPjP0oQ7zs+cPcwh\/zsX++z5sEE67YjR9MZx16gb1c6v0nV6LooYTawJrbu4mQmfFZzBirmdYpVDc4DqSieyA3bfOctfLgZnR3dYSCqNYYEecOcnZB43DJPn8EapO45onRSmMzS98N7TjaXmivBMLMEYQUMWDdAQR+RohVRWZ8yz03QldhdX5BlmxjsyF+QH4XhdR0TNLGfQpBdbvPuC7brPT34pQ\/bB6DZ6ODmbu+A2bFlwaKRZQmJpDJEqSpl\/j8OazBmvo4z1ZZoiN2qDNKYSKtk5sX2V4oom7Mnsk9hlp\/P7QgLEBpxQ6BCZB+MVDHR5MiRiLZDeVw70iySjxEYrchS3jdcNstavegpWpk9whZhUojqFPGvCcQT6tmKjbQIj5Hu8ksUMNE+8BTHM8uZtK\/5DEb5Sp8gJi14\/rPknXLsL1+u4QhASTCXJWfbflBR6pE5s+QTIeXdrRWYqM9thmBhP+C3ZF+iPYB\/m3bwwcBgmvlLrzojH5FQZ4K8lHE7ijUN9HVDnNUbnZc73qehkk0VqLJlMqTyl7jKytXnNXEqS0p7S2OdJ0s12tQ48KCHUsQqmAui3sLr0tFku+q\/\/8h3kbG7OZisKcU6BzQvEtOBdMqyPELwAAAAA"} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"pps.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1467353136432,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1467353136432,"pkt":"TF4M6gNlABxCjnAxCABFAABBfzYAAIARgDbAqHMIAa0F4lkJWGwALVw+2oCeu7uZyeHbHHqdq6urqq6n\/nt+fn5+wr+\/v7+\/v7+7W6Rb\/w=="} @@ -563,7 +563,7 @@ 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1467353189784,"flow_last_seen":1467353196145,"flow_idle_time":180000,"flow_min_l4_payload_len":431,"flow_max_l4_payload_len":511,"flow_tot_l4_payload_len":8571,"flow_avg_l4_payload_len":476,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.5.38","dst_ip":"239.255.255.250","src_port":1900,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1467353136833,"flow_last_seen":1467353136834,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1467353203157,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"36.237.154.69","src_port":22793,"dst_port":4316,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","packets-captured":2557,"packets-processed":2557,"total-skipped-flows":0,"total-l4-data-len":2121102,"total-not-detected-flows":34,"total-guessed-flows":5,"total-detected-flows":68,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-events-serialized":566,"global_ts_msec":1467353203157} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2557,"source":"pps.pcap","alias":"nDPId-test","packets-captured":2557,"packets-processed":2557,"total-skipped-flows":0,"total-l4-data-len":2121102,"total-not-detected-flows":34,"total-guessed-flows":5,"total-detected-flows":68,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":107,"total-idle-flows":107,"total-compressions":34,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":566,"global_ts_msec":1467353203157} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2557/2557 ~~ skipped flows.............: 0 @@ -572,8 +572,8 @@ ~~ total active/idle flows...: 107/107 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4897701 bytes -~~ total memory freed........: 4897701 bytes +~~ total memory allocated....: 4897725 bytes +~~ total memory freed........: 4897725 bytes ~~ total allocations/frees...: 104224/104224 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars diff --git a/test/results/punycode-idn.pcap.out b/test/results/punycode-idn.pcap.out index d3f0e7d07..1ae4626e7 100644 --- a/test/results/punycode-idn.pcap.out +++ b/test/results/punycode-idn.pcap.out @@ -1,5 +1,5 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"punycode-idn.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1643874953669} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1643874953669} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953669,"flow_last_seen":1643874953669,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1643874953669,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1643874953669,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":69,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":69,"pkt_l4_len":35,"thread_ts_msec":1643874953669,"pkt":"BBjWBrNamAGnpQyTCABFAAA3T1gAAEARpYDAqAKMwKgCAbHQADUAI+SVpXsBAAABAAAAAAAAAWkEc2NkbgJjbwAAAQAB"} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1643874953669,"flow_last_seen":1643874953669,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":0,"thread_ts_msec":1643874953669,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"},"dns": {"query":"i.scdn.co","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -18,7 +18,7 @@ 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1643874953669,"flow_last_seen":1643874953689,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":113,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":45520,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Spotify","breed":"Acceptable","category":"Music"}} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1643874953695,"flow_last_seen":1643874953696,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":78,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"192.168.2.1","src_port":60156,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00679{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1643874961730,"flow_last_seen":1643874962305,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":711,"flow_tot_l4_payload_len":877,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1643874962305,"l3_proto":"ip4","src_ip":"192.168.2.140","dst_ip":"170.33.9.230","src_port":56011,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":21,"global_ts_msec":1643874962305} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":16,"source":"punycode-idn.pcap","alias":"nDPId-test","packets-captured":16,"packets-processed":16,"total-skipped-flows":0,"total-l4-data-len":1068,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1643874962305} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 16/16 ~~ skipped flows.............: 0 @@ -27,8 +27,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682049 bytes -~~ total memory freed........: 4682049 bytes +~~ total memory allocated....: 4682073 bytes +~~ total memory freed........: 4682073 bytes ~~ total allocations/frees...: 101168/101168 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/quic-23.pcap.out b/test/results/quic-23.pcap.out index 3e0eee015..7df1880c6 100644 --- a/test/results/quic-23.pcap.out +++ b/test/results/quic-23.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-23.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1568282515655} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1568282515655} 00639{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":180000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"thread_ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1568282515655,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_msec":1568282515655,"pkt":"nJcmWLFfnLbQWTW8ht1gDdl5BQgRQC5Kd00m\/X+beFstG0+KY8c7zJmR+rq64c0q4v2zvsWrxKMBuwUI0EbI\/wAAFwhgax2p4Mt\/UAjcZWkdxzWqcwBE5rEFViXUV0In7d2dXZD4W8++zjZDJBAgmoI+svdNaYLoeL2jqHl80IO9pEfUmkgFWLrT4IlQo8t\/87yXQq3IRCWsbaCVh5W99qNLF16ofVb625RKhJQKN3iU3vpP3WaISyCxGoJXiHsP7sj27ny7LXNNKzH3JhZ3bhiQLS2umcd29X6XChqhAWZjn23A4EHWtq4oNdhkFu8LZI\/zfG+rUZSQr5lxakbHyPuebWPbqVuz09T5esBIjonthwzDSYvYZa0ySbIdmaeXdhlU+E4gLC4WHroq5LZx9pnr7yREt9Dp2HJiUOt1EMzTCveDJnfcPHqR1d6\/YEuvBxkwGcxK7MQsgXVVjQjLsVYM3zgE\/nenut5XK3K7bJeAGfZxUrn\/Y\/S6NaLxM1FgdUyaPkXMATL13fHOLn2TPbUyanoNHsWUaGSz60C+oUnJItBjv49AfcrV5AnxAjninyCVT7ilbuKRBYQ5SPLHeBsT\/NbnYJzK0I1Zj3I7weUUkkcrweRBiR069XTJtWYqzSUqWU5sALkglRvuf6xbvYulQ0jX8ozHEripA5ju8KQBmPJZP7WSUIMlyS8g26Pb2k443GZRz9hlPYNrTsHRc88FbzG8+ahhy1UIvmg27b6gKLWKeoPRPqT\/23G0Wo1ikM4FoXKXzvnDWe1X8Z9PVn+LOSHYR1LqJoMp2f2mWQv847crRAwAw1YWxPVKlFpXb0rR+0hsSK+RIdQgAqDBA2QX26xlMLPLaV5FnoRKfTJi7o9j6TamnIQyR\/b\/g\/IDH2Be62ORQ7K4p27Oyqju5N6C9b0vid0F4+gZ13RNe5vPbvcGGwDUSCHzH5HuKrGh25US\/X91xJ8gist97L0Lrq0S80URKpcxHqC0QxbI4sgi04MOC\/6\/5f2icaiX5IcU\/hdojFqggO95m2grFOU8yda1Z+a+0B+UTPAWzUgGxyOkCthMdR1xVGZfRvlXwGjfBMd6dc\/vwfyp1b8YonfSnSW3vRZZoOvGgqRgE1cEyUD4uXR+I9J+U7b3lAENyqEE6S4PVFwPk4xcaNCNEAFsAmLQRfMnqgm4EclQ2fu\/X4rXYn\/w4VPhxSJ7gZUA4NgNeVynLRKqHUa727Gwo4yXA2fLLCZot4qNfI9GV8gEGhiMrmnJDuuHONvYi8VFwSgiQP9jsRAqGAnvDEEaUirzATf+CkE90c9u9BJN208aRmeL0Hgd\/ZHM6TlLySnssgUghAaObIZXCdBIsYxzkTGX3jv35junPGfSl4SRLk2gvnSptlPR\/Rn6scXnHyxcxY1Tth69QcUpqe9cAH3STuQaFNZjD1dVf2R7djGBGP8XFpAEp4Da6SL0QShqq2TI46wOMWpyGEWgp5CuFAlZyh9lsxPPSVCNRF6ZIHFDEA176ay7PnXocWlpL62qyFOm8ITDpOqmFNLCDdEm1Gb4uY5DgmlqhAIdCuIUzNcLPBAucHSIQlvc6jwsUov+EyqsbCmhoguNjYqYWkTXfROVcd+bJTmI+cPOgPBBwa2oOWk+BLrQ6aBz1dQvhb5YuoZMwA09AEkY+2M7NcQxKjjOU+yU4Hx1Fn0nTrg3sFfxY6wAlusfFhQgzHz4cuAwlvBXae00jqiXWXUvQQ1Rtfra3X+TNbZCCp1e2k+Vki2RypB\/ckwHS7gD9wnM+\/\/rgzF\/7w=="} 00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1568282515655,"flow_last_seen":1568282515655,"flow_idle_time":180000,"flow_min_l4_payload_len":1280,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":1280,"flow_avg_l4_payload_len":1280,"midstream":0,"thread_ts_msec":1568282515655,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"quic.aiortc.org","version":"TLSv1.3","alpn":"h3-22","ja3":"d9e7bdb15af8e499820ca74a68affd78","tls_supported_versions":"TLSv1.3"}} 02197{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1568282515692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1342,"pkt_l4_len":1288,"thread_ts_msec":1568282515692,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNBQgRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowUIuNfA\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtABAtpp6lo422zhpwEmkM9jMJwXgbUjN1owR7TPZ1JXY0x3to1D6g0dAafVV30k+fGVC\/0C4Lnu2sLDcx8bF+ojnk3GSUQTIdHu8ZX\/oVbrFn8IuIOJ3OaMKQNh30NDOQmduQ87svdAwpsnJ5RCWJgsXaKkJYeNxtTrcf\/UMkEEGwqmH7iXERiPPP6YaygHazOGgvsi3IgRqxtSyogodVJFIEF7\/I\/hK4c4fV\/Fp6TOnZq7yPU8RHUGd6f8AABcI3GVpHcc1qnMIRXPGBLrjR7REF+M5klzW6SVGEmXEZf3SgmWO3YJGZMJzHMMmsHpZMJuleNbNpwTfLHRv+w8U8jTxrick9JoK2C0BLjMMU4lyZBfsOtqy8CVjK71G6biWjirvwKveDUbbdnabD6oNKRkjU10KrpsRv07\/rr3\/DxiYNICA4+aqMz+EOwXWo58jzMZwzCPamN69kB0IxZj8SzHACrAvpI3mhJaTesCVi09n+Vjx8LN1j9+ciB82njpNGQqupy7Qg1DSJdzbPwEAh71uJyF2iB3iJGpO+cy2cML4KVvm81IPGXCiOmV58o3v5\/zmODjNmo2sfVOW9wf6PkvwpMzRrLhfpb7g\/8GFhwl4Yw4+ghn0eekbQWZnpZKkF4+ktWY8mTGVecRfIhXVpZaHrV6+jU8BF4DL68+dkgY\/AI15OZZ52IXevPDJv5nQvF4MBVYN4PDEtox+qpac1LTHNAeqQxSa69g15gLUO1TxuS1ywL2AY+BTIWioy9hE61HxGs\/ZqgzZK9mcRJcA1dvWBNaIUiSpdORjz8n0pKG8K\/4ou3pHJN8tLdmk66Qlvhq4T7hwQDIwVgb9q3keP6FrYLSeg\/J0qh+c2s9xPzmAsIVg9ZVDDHWX3Bcun6KxexZ4flHGnhxx5gihdcmy838IeEFcy7du2wwafPbat0Jj+jGrpEh+yIEM+DtfZqs9yQEdy\/MqTQFZpt+aZuMVHvsRxgp9ckGC0lTv66FWbXDl0UazKFBVhBALr2J0iQx9RaI2aenslg1ZNK4Bc+Cb91EVBWrZM10MM25SZ+fC29ATKbXKDxWyuH+nM3ACeSqc9x6e7lODjH2H79xEPA8nXIZozszF8WDBA9K6wgnma97DIVxV4gV9QTaSzRRZf7GOTqGIfycjVC4dW+EtiHjVND4FWrZia3IFSniSe\/c6Z8zy01Y4U7isxhUZE84FRn4gZ+V\/LlAqURAOifpcMdrbloG+azDOECnPpupOebIuXwWz7aOW1fuY\/H1I+R4NtFDR8J3Xw+payk7QhXdsFx5GWInJP3dTMaCf7cVsQwH9u0KYAcwhL8Cwh+DnwFPiuH4IialTTqxwU\/T+06FOuOrMPq+bKnPZ5FwJAgHNilWYjP7NfZyL47Oq9aVGecGeTMEVn1UOO1QiFCmqyGvATws+6y3jOAqvQGQaZwrrHaE+V+KOl6f9J9WMLa6SkuWVKt++KVL5CFRWylgx+1d9Uek8ct9jA8ZlmfNzZ9cA+5HqJ1DeuTlGJqOlBCtnXfinCTal7z1JN5uB10EcGFFvKfAbK7xwlVGsEn6XXUBj0DLCMr40cur5GW3A0wuiby+nlkq7AslBw7l3uUqOibKhCVQJrTyCrMLKjl7uaVf6toOqyI\/5H1Aamf9JQmaiBUuE66iZeoeNEFEyhhGDVA=="} 01764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1568282515692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1017,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1017,"pkt_l4_len":963,"thread_ts_msec":1568282515692,"pkt":"nLbQWTW8nJcmWLFfht1jg4MNA8MRKzvMmZH6urrhzSri\/bO+xasuSndNJv1\/m3hbLRtPimPHAbvEowPDFkLs\/wAAFwjcZWkdxzWqcwhFc8YEuuNHtEMUyYrBFar3hn3903Wyiwal5ts19EiC\/\/0o403TuQXHzpo07QLjQNsCS6rfVQ9h\/bhZfcPHM1NTnnZdcI\/w+qZX0yTnNRovgdVWw6cVvyMMf\/AR4wKYphPcoUgcwsn7KReOxOm3nR3LYOawLtgN5YWMmql7MzZUW1CzcSjBB+M6TJiRoKw93nPerpbhVcyLUx25I3\/NADqEJnBz21jEouIL682I+IDJYwKoa48yaEr6CLTsyyGj\/lts\/4JjTKWASRBqsw7OY\/PZ+1W1OwDSwb\/PFJvlZQUl\/G5xBYfmg9n3A5KSgPg+AWI0iah3p4kBgWKDCRmgMv5aLdZqf97KuUEYmV3E77OatXFisUIwNgupj2ZBePSzcVFv6BviacQ0eIFnW\/WBQ8G99nQvGQgIVYRbS86l3ozgh4LzmRsw5Qx1M20rfV7sH8J5eDfvoJvM8Kt39vBoA2a\/YDhQooz13TukgVejyLKskuIKc854y2yoygBAiap3h\/2UZI1Hy+ylvot5B+\/VTalIWeEUdzPMUhYFiTMO6\/2d1DRzWkipTCjRPVLHWEScPJdEJ+VMNpVWsin+bWqHvT4BQnmP9jratt0VWOV2ObUqvupTouCJiGV9bM1dHvlMD7MRwtSrbsmRdsKZ3s9ntmpvH57yloY2vd7s1jXD5Tju8J3B+9DUXz6xNltvws\/LFUo2CSsbLQjNtWY3s5dPyf5CxKUWscmwismYbV97k961UCmVvPNlUhdtJ0fKJNxq75eNdsxnG3\/awZI3OuFYwxViRQiZCNMdgzOZGSKYfAy7Lp\/MhmSQ7bAc+NzZptzeI2dGY6EavQ3CQJraclZiH\/R2wGoMhKXvX1vwKDaGVZ6fDICtnupheoKdKLVVe1JbFxgSvP1CvU\/Fz5zvnUrUFgqsCm6EqZc9b0Nx46hJuQ+nXvuD7J3wzTSb4pIdJo3654drX\/so2eyJPJ93U+qbVr7vq7ywwBxcwDyk3BB58zXgOMZkN4mMUtFH32aXAokBlkhQ6f8WPzuTxuiyG3qJM8aRb4I2zN7cmOkjaJPcEMZK3GVpHcc1qnNubgcg9n\/B+tCxShTYqf9BsxGc4HfmCIwhwjiuwdU27nolghC\/g0vijyYzvRU15Q2hMyPcrtTOsXP1UDcSAxAEOHoM9K86QNjMEWUkGPI0wcCBc5w6OEh9AHnk5JwjWpUceKbwoH7jh6GuoflfGRMbCEmAFjB4Wu0Zq5vel1+DIem2Tl+i"} 00732{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1568282515655,"flow_last_seen":1568282515762,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":5951,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1568282515762,"l3_proto":"ip6","src_ip":"2e4a:774d:26fd:7f9b:785b:2d1b:4f8a:63c7","dst_ip":"3bcc:9991:faba:bae1:cd2a:e2fd:b3be:c5ab","src_port":50339,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1568282515762} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-23.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":5951,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1568282515762} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685828 bytes -~~ total memory freed........: 4685828 bytes +~~ total memory allocated....: 4685852 bytes +~~ total memory freed........: 4685852 bytes ~~ total allocations/frees...: 101175/101175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/quic-24.pcap.out b/test/results/quic-24.pcap.out index dd4d468c1..cdd30c175 100644 --- a/test/results/quic-24.pcap.out +++ b/test/results/quic-24.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-24.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1574209133040} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1574209133040} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1574209133040,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1574209133040,"pkt":"ClnTQ78Jzivom94WCABFAAUA04pAAEARTk4KCQABCgkAAqHcAbsE7BkSw\/8AABgSKZqySaf1jUZ9aFypIIlM688aEfXDUlabjvj32ExHj28K\/LzWAES33jM5bR+MtpU1BLUazwIKZfi2UUsjupyQtwh0cwaTGSNsc3ziOvMvl5HeN7dnqFzrpWV5xSzaGXCCKPfdH3vP8j3J6ZLIzElZQZR3emJo528x+jgZIHOdaSnx3DWXxF2zh+YTIF4T7iX6QufVjaqbZGcqLfU2h5UhvDV4FwyX3uhlDNyKeZHYtgm98LQqq4\/RRT1KTyGKWwsLmYKiT2RZhGfdnj7cabAAzsX7Lk2p9chyJNCYC2rvLfiUJPAyxycnjNSX2Lj6Aqa8nfo2RgXdwfCaQgxab+TGB6bvb9v+EsUoxuSJh+r\/RN\/6YKeOx43w+asFLV8uu4y7ez42UTvh8WhWB9gu2sFvRZZAH2gXrPZjvaMUKjvUztSfZobDePj\/3bGH7ParnvadIlRAYU9Q2+DurqTinGpGLj1JdKLQoxeMx5eGSPtbuqNyirKapdyXJ8ZKCVjdL9m2B38WlanD9I0yGpWtoLvsOi8f8x\/fhHjJnp\/JSreuYABX7IvE9OH17Ka\/DYXSP3horLga3cmeawXPCcyfSVzp0vy3ZIaVNlu8tvkbFVJwffn9HIFK6HKNWjCpRF+ahuWdOTEeIZZ7i7JR8vw5bYFyaufxilZin8M6RIaJMeMrQc4vvfUfbDjsZuuyfMbD+CtkYjt3ODwFx3+9dnCnls3bcnN\/LK\/fVogu1W6dC2V8OgzkkQDp+glgaZFK3x1y9W9tAnAfcG86bUqaAVXac16E+jbjt3xUVxE3wSFwqpaXR87jZ7puVI7a++RK4x\/CPU7cBx4HxakipMRXAW7+Zzm5Uylji8R1ndMJge591UykzR\/a1rIFwcUFafwyzFwutVakAK\/iM4YhBMTpFZmHTyv44rZt\/SzvRW3ChO61o38I1VeCK0g8ZFXOiuIW\/pELm4Rr3xBh76iDlvWF6YcC0+i92ff1n2MDPlwUBp2JPBEhF9KRkoluOW0vEGZjgOTNF0WO0oSPjp6cRmPu7QFACVxUUAGGJ52pSjmae6FO4iTNFAYtrcv+HXjZLY56ae9mCQOyLL1m06CQPGFQiHOPr2CJqh4awJXrhUafIQCu5ugPi3shAySSxxSNpoi1XFyoXHmAfehBuKAMDEBi\/K2+sO4vF3gp9aph5gyVGEs0pc0rnIKidNla3xHEAlRzhJVd750Uscx9utTZFhNIJHFYbXnWol4tLG+jZZli4l18thfxYBatUVfQbpNdD\/lD+eYzZtOp7YtW1ZKF+ROaDrWxEjfCdVtcjK18Uyjgz5TeZuG7pFJ5t3qyXb+n\/5MzCAN9XPJPpQiYdvqPfvMUwezKWPFBlXc3KAr8TrBHXbzxwj68KugT8kPF6Hf1ZknvffVMbgWpKERCnzNCkdVDHz0qsfdTxN1E8gHLdnzTTb4wYHbDra2Qy1AzeGTZ5VuCqGVCxMyMSucpv1SUY2NRHw7nEKVm2pvwZDPcCeEad3kICbdC4XAMVUx0Mf\/rJlO1G38DhZUFTtkiOIXY+C24n5VM7VxZQ+dzu2YG1ROOR1dGwLm4sR7mTJIH6rldcwpGAOA19nihJl7wI7sV3QgaIXVtqDL9j\/YH7Q44xODtLK6dfnLZ9llZp8VromtwQj2StAFDoQ=="} 00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1574209133040,"flow_last_seen":1574209133040,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1574209133040,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-24","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} 00615{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1574209133041,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":177,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":177,"pkt_l4_len":143,"thread_ts_msec":1574209133041,"pkt":"zivom94WClnTQ78JCABFAACjQSNAAEAR5RIKCQACCgkAAQG7odwAjxS18P8AABgR9cNSVpuO+PfYTEePbwr8vNYSuDzEUSnLqX7jSNZH88cG3IWnEimaskmn9Y1GfWhcqSCJTOvPGgt6q75e4Qn+zUFJSyFY0SIiHRpQLjIDBESVGuKc8OTad8PhKZ1BA74OASFH4nOmQVGBciF1MYu4zBXJkM1rI\/zCp6CTKJAyA9IF"} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1574209133041,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1574209133041,"pkt":"ClnTQ78Jzivom94WCABFAAUA04tAAEARTk0KCQABCgkAAqHcAbsE7BkSzv8AABgSuDzEUSnLqX7jSNZH88cG3IWnEfXDUlabjvj32ExHj28K\/LzWQEoLequ+XuEJ\/s1BSUshWNEiIh0aUC4yAwRElRrinPDk2nfD4SmdQQO+DgEhR+JzpkFRgXIhdTGLuMwVyZDNayP8wqegkyiQMgPSBURs4UrqJXSOmdlzOQkT83Thm0cw7nGhY1Dqr9WBER804ydL76SsuNgGBxQl7a0HOKMMpAXLx8NIbh0fGKNE2byFJvnpcszX0hTK6rJr5u2g5MPDhCWVAqZWA\/ogTmUNM\/hiTPfQkeihINkuu2xiOaqPKq8sMuQjF678ZOS3GHn+0TKDo1\/YbLwJy\/ZpXJGxt30cfRSaAH1ZjGC\/le3BtTf6Ee25IG79XjyhHYyykWI2qhKWR0WZIipTrVnQ8OQ9VFey3MfNakIGaPPsyV69yfAmkmASAVXFu7Mo6y0Wz\/k+XakzO7FNz+SVS8r\/HampTgbi4jZsv70uNhIa7mA4qtW67mQ4Rtz5mrDrLhqz2cchVuQJJMooj0k2Xmg5SrVAA8L+yguIaKrDD971nuLq358VPAy8fRB724dILFO0lMVCte\/by\/Z5smTmpZsXjBALsYbcl4FVVEwEstKsA+gV11h+TKoi0PysZzUv4Co6O8\/IBnHMvA3aNldZ6T2\/ehbVZg8kV+TWp68hUC2ZNn0WR\/hIHa\/ud6KCIM2HuunHoyDST3M99tIIw9T05lx57290aLBbTURhE0FEw+sGowcXu3C80nVKiDimHMp1c6mqiWhDKZbGOAdpIWwpYqyGb1wbm5oAoXEAR7Mc+jjR0J8zJlFvt86aEVTtTJma3fejOJ3C6CfSBtcEM9aVUQVmL1wf7Fi6TTqbbFA9hnROhk7vqewbhtVmirjNaHoW3nHcl5Ky2MEXCHIhVYecuDZG8tKTrUF\/HFpCaGl9ktkqkasn0g56PGXthtx8q15PYDSjv9yWDxzwqk6QO6Yvxw5QtpcdW836IfXVH9twCWk7tokUrBa+jkGq4sxymyp8HJzlBaLvbaRQuaENeIm3CsGj3g9j2MS5rx5x6bLrNsqG7vyWFoKKK6rqr6vFuCF2irBVzzRdUFclg1SSHgOpaIic+xLUKXq+lZZKiY1RKji5vWjtQKTKYEV029kaxm787YffQ8yTZZB6Hh6BkDWEPJYKpvcHrYxyRBFLQRGWx4ITq5kdTA0MWD1a5s3\/Tz1ghAL0hkcPsti\/Um+kiW+XSNOONWqykERpHTJUdF9XR9VjidFyK82bmGKcNXGpEf6KxiEWWOfrwygEpxaXYc1XPpi+3jqe95\/5QRYGsINOcrD5IkF6QniULDRMMwwkr\/ECjICIiZDSB0yvurV+rIeACZwQwc9BCfZ20PoMtA9Sb0+HvwlI89lLwU1WoQ\/uQFCU2G+iaFma79WKu7nfdJy0UCSpgYk\/WwxenGfaRqde0duIKqJ4VQR7DQ\/1P+Fdg7iOLJglPQ16bgg\/VS+HMi5ElBV9H43KK0X9+d\/wx6yTnUwB9LBosIDE739HoREBuU9qFyhmlmKq9iiXdK9S72zzDVpgLdZ5NTJCzLKyehhNiJq3WHWlmpoiXXclIQS2qvLhF3s8CmoQTCIFD2YwbMLNLc3NR5kX4hROEBrWwC9+79LiHN5YezdiHlgZ3UHXQ0QcCITAtA=="} 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1574209133040,"flow_last_seen":1574209163081,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":7370,"flow_avg_l4_payload_len":491,"midstream":0,"thread_ts_msec":1574209163081,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":41436,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1574209163081} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-24.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":7370,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1574209163081} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685655 bytes -~~ total memory freed........: 4685655 bytes +~~ total memory allocated....: 4685679 bytes +~~ total memory freed........: 4685679 bytes ~~ total allocations/frees...: 101170/101170 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/quic-27.pcap.out b/test/results/quic-27.pcap.out index 701ceacbd..d53b69e2e 100644 --- a/test/results/quic-27.pcap.out +++ b/test/results/quic-27.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-27.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1592388075915} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388075915} 00622{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":180000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"thread_ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388075915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_msec":1592388075915,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6BFLF\/wAAGwh7p3UKjzv1VgAARSBBNb8rxExjuvv1Ye++hbc9om0DU4NnwSG\/3UebQzKe+\/ChMR6f65IjHiAPoLAAXROmLqaJFJBg9Sjii5GNpIY1s7jLmFqalAiGP2eQLOW5rgxDWycwtAoSDO71eI9T1Uq7EBmGHvnPmeSBFCTAwbphrP9uMLPyAc17USwCikZDlt2XGVMfiXze2ila5iBclIpM\/nqIjbZDUUYzdC34yYbr54VrUe33DQppusK5QzTfqS+3bRJeNmvfVjhputwGoNup+0y7rJDCwpxgcjG0dCKgMjLHOmSc3TOXpHySWsU8YrZhzLttd3CTZRM5WZ+WibgEID8\/Y94\/jmGwbweD3Pfo3Ppwfbm6t+wCItY8yBKRQ+H5v5jedjzP\/LjrRtljajhGcJZd6HJgjueiAiaEAdj7fx0T9yjCxPVImLtLHfXPo558xAwXVU83pzT9xavzftzVp99vYm\/GU\/kg1VYfnH4H1qpMlTlic\/Q6Q8iLnCNGJ9LIhtmYFfunAmiyObADRsU4B6j4HoJX3if+mucsKdp+8N3ugLjM4uwUvOF7XyACDpCZ\/G3\/5X5J\/zKZkqDPUYvuluMsSOj8B9WlMWtbGerp5EjqolIlNnjYomDTKeHIxZZRBaJp\/QOHxqWVWl+MlH9KWaLg+UuJ1tkD\/z7oSb+H1aPInCB0q4IOfY52jC5M0sAyNUCCRYRJtlGM\/qM0P8wM\/vcpX4GIrlML77jxP6dU5SrTUTaXASv8j9337neVie5dGU901jPeI0ibTEPO5jmp5JTAiUrtWT\/OPLGl6+AqDrvj2iLYI6MfHf54Ll0eSJwKxczdOyajjbkW+wF4mDNBcrHs+Iy+NLs84KPkQaEHysgP5fydEh4OpzytKTjbeDrjBTG9KcUWYmBar2q8HpPFclPVfMJzlgzmG1ymiPOmBJDgqQ3ZUM2g855ht6g7tzCMio0LrDHG0qDTQGyGwGnOACHMF4aRlNBHHPXjD0AWFg5ITC\/muG1btVnHCRMRKjcJbcwgB5knd4j3yLyF5jIDRSKNhE6Ac48oXpl\/X8QX7id\/RdTdMTE+I9ImLp3efowsLaCMtmIEe+7JeD8HXS\/DHY7CcQC7QJJxTExlt1pZ1J8VxZQ\/Rin8crO7sCUZAX\/MAmOTczrCmlYKxmfZCym\/VBLaEls1IO\/vlhGhIazJ4ec+unaATLsbpA8gpl3A6fA\/mtphj6B2kmQmdb4PDBkjLGlUB9TA\/hWCdu8okA42ElpefKLs7iaYvj9eGjbpH4CtZIsn81hYHam0KixsLnFD01WT2G3jWF4\/p32XASEAIX2fGqhIl42kT79V0gWU\/zHFYX4d1dqE0R0QvDLgaBR5adJ\/AQSCQX30uHxQBsrPiDAUle40F0f\/CKLbXDtfvQg3i0EyI3KXCW22kEkJyctCWU066Vqsp6MiM5DPCQw20QD2L38WJTrzFxYD7gmCe1AwoQFfD6gqTnrS3Tj0ht5GTD8vsEYZ0oezjMP8XuBMCjClE8hToMxgRyaUKQoJ4zuAen+tMutEa2m48+u5jHJEJljGjHC4LHZWMR3906vXde+zdCg1ShHY11L\/Bz5vKrplIBCiT9vl3ZYNjO6hBlbKS8VP\/yg6gsLQ9AigFTHxstN+VusbiYbo8JJgQWEcDGy2dI9GZZqPmAAFQeJAEQIBnrb965lc\/aHxPwoSZtBKWldoAMiE22ownQezP3boCQ596Xlhlq\/aTLkj8uddR096XdeUuOzAUI7eEPdA9iCr"} 00923{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388075915,"flow_last_seen":1592388075915,"flow_idle_time":180000,"flow_min_l4_payload_len":1330,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":1330,"flow_avg_l4_payload_len":1330,"midstream":0,"thread_ts_msec":1592388075915,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"beta Chrome\/84.0.4147.45 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} 02271{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388075921,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_msec":1592388075921,"pkt":"AAAAAAAAAAIA6W2Tht1gAAAABToROC89ZNGdWVSbAAAAAAAAIA4+9CGU9KY1A0DNBxQAV8TkAbv65QU6\/nTM\/wAAGwAIe6d1Co879VYARSBTj79W6cwNvYIa4eRJRqYVEF\/FFQs4\/YFJNsPxXKvEgdRDTO3utbDdVpsr9xE5Fa\/TpG177HOYaSrCAz5Jo2+BV5oFjmMd9bTEkWInl1UOdHKW2niDF5nMaLe02aYd0mp25Hmgx4h+P4ZNUU2g7lMQwO8oh5pyFwebO4ynZaVfKfuvlderCYi9W3A+nCI5swIBOg\/\/GR\/eRpRy+l1xUDMEIkXKJ9xm\/36tgV9mPj+QnGLik9ENPu+ZN+Me0EJ5sHt5U9N9HC21bIxbx2522Px9RzM8EV5k0bNaVeSUX6Kx86PSOGKlOzKToSyBuVcP\/8Y\/pj31FFMn4jXKSKIZkR4jdHKqC8A0U8JWz+lo5qygK0a0s0j3vnz5UfxKqxBqYcCTRyIv0ihPq9lNS2XBnJHxjyGSIIPIjQ8xsASU2vSfjgEk5w8+ci+un+2IlNQ9pkFNXyipoW9wTbokYSnOTxLk6sFfH3dsyfqGWWE1tcdt7fy7oyiEsvZGRhn\/L+h2S5jSKsdHx7NdNgIdO39fvhXOA8HjSqb3VALAtyj6ehundx3BZcRNfsuUa5ZwC219uau0CpTuX2Tcg4sLjnvZG2Lvryln9pXYVKexJ7M82YgjmrH3wKorHuQt5fR9o7MWyn4djeqsrjK1KyRTCzgfjFDh3HyEU84LAmn6y\/vAo6GV5tlhx7mhZNMKhoPxPwLQjI9LlPc\/eMbJSDiPSdtQN0Aka6OS5JgFtfkS4GGEZrqH3Wmy218ogEMrR323mHZfknuU+di+qZFkdH\/EQiWObuHXwvxT+d8mUKnyAB02BTcx6ikllxkk+7Anulz\/alZEZCKgpjN62uDEL1zgUQWaEwOMai6Bq8aLpyIjWmfI3mXlEoQL9YGtvFU3NA0ZJr0FsSmnF79XixoAiidGmVLveJwbz2v70EltiOw6GW4XT1Nx8GJbOHEb4lw8Nf+y1YmbiOSl6N6MqAV+LTudvCC93HluIlhU0E3uX9LGDS+ScDF\/SXTW4zk9DPu\/I2vtwGCJX81Rv1WV8uy3YU63ClpeYXvX7h3rAbpodg\/tjIJpSxX8PbWv2L+X7I9n9ASbVRLPybgw1VXro90q6rMYVQ\/J4rPmhLpWzdEAazqGLHFi9KCGNiyg\/RvVoTwUKLYJ2wN2A7fA5TkKjD7w9oSn095bN7P+h75McGVrIyVqdEh4yuOB+Tvz9c62lXezMJJBw0zLwBGL\/8fc+U1+0HGaZ8c8r\/a9gzaAu\/1hL\/GX6BDxGvNlvCbNJSR7uYc+tLK+p8LJwdEE6O1NRlrVaqPbBG+gZN39wLrBIi\/4C1PvaV8uwXWpwJT4\/2iKYJmYuzWYHqOYb26qPVfaWtKa8zR+ytS6h93OrCLmPemuHc\/JEUEpO0dp8igHMSUL1C+oRr6S3mhQFj3DoLOC25YV2Nz23shcZvt4jUGqP33atbdN9fs6Z6FU668dqDsydPhc\/SLsWEHLNI2dYaUpYVsKq4rnVyNmOwE\/6yXFioayjL1rahnUdwSUA+95p6JoySDTBjZ0UNSLSl7C2+U5OFwI7ckGRhoW0KKahovJhm17+fTYxdp+9HuvzWSSUY0fZvLQBV7yxLsR4PcQVPaqkZsrRSNzLBu5zsWgsJ7iTP5Pui\/izmglDfXm4vEH6laDbuG6URrQ7dv3yhcwEz\/QEq4E36vx+7mzPgws4U6N6vHcQkT\/3gkAaI1tEvZMgcRaUphUC3VFG3nl7XwQxFcW31F+TgbWi2aESvVU"} 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388075957,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1392,"pkt_l4_len":1338,"thread_ts_msec":1592388075957,"pkt":"AAAAAAAAAAgA1Oceht1gB9AaBToRPz70IZT0pjUDQM0HFABXxOQvPWTRnVlUmwAAAAAAACAO+uUBuwU6q+fA\/wAAGwh7p3UKjzv1VgAARSD7U2hL0O88k3UZXjUbrBBd+WZB0UG\/j7758xlBZzizfYUS+JxzLcKYGo8WQzFU7GyiuzvE8f9eov2KYsEVwanC7Vc9pLDljUq9fi2hrf+FzyyRcUlliaDQXxX7n1Ivm9KRXOqnnKdmfHVEvBFAffLmUIXWbO+YgkFjGfD8GnPXDCrAqvwlSSmWge5izab1xOS9Wo1XnWifp0lpGLQpE1MqqxNhBIDxbfaVbjuMEAWyrxRLEqh16GZ0\/jsodxxqlZew4w347xtEtqPzlLyHr4poFBV0Y0YYyCJ1yuoIhaXm+33Z+1T2cYWE7O6I9WEk+mBcGSHxZEZP4CaDr0T3d2jgKsNoKY7bkKT1W4j+vuMJDFuHBaV9SRkGAElCQfGPawy8Ys82dsHnmEEyzp8V6ce7FzsZZVA9JPutVgoejftdzH\/RLPkp8RBEvUi+HMOKcmfLfnWgmtZUoG2P5WRsd4keUAJzFzPu8JDFkn8Qz7I2ryzN2cOlRhia\/jz4PgIUt+4ZQKXncNfyTzS2OteWVaV9zMESXfyvD0pVAT08qEHRc6laTl0ufuUQBtHn5CKjoJYFHspiVeCiJegPMoj4HilpDrhpSZdELNW8O6lX\/+Ya\/E5+xP\/XiQg9mVqUhmMopCMRpiLIe2Y5jGt3vKxJGa5gox\/Ao+2MtfZQZSIoFcP8KluOAfCrb5sGinc+sTc+ZKeAOQmz2FRpTh4fxO1mAo2o9ZJLguqcLrOlyxUUSOHnuLgNLS7XObH1LUUip1vPpeYTmlqzrANNh9EYL2PlIErptyjoZYKQJ8rGcKFCKO11+88Wp\/LRi79APRPkY6RnAKucyRnsrN5ZraDdPgKee842vxIdbP4CvpQKByezNr0Y4u9e5janU208elx\/zNNPzGR9+gsEJIstRXxFey8H0re4AXkIgXjqAReUAEftPwSWT1yW9+jva9RQbrdrR5MlklIvCCr\/7U5+3OUw9\/43s\/O3pgzG2DXT5bg3D27JwIW8euuy95GFovl\/nwOfDJmNLw18bQ3hbUqIFcvmzSmF4CVgS8f8nD5zXQn0Y6t6H\/0dRw6m\/fNV\/hHkJp2gXqQ7165w9HG2aJNS+9mCFSeYNr4H2pXUCnIsj\/Pby8rM4BOGLZX6zg3e6S5gFfYBAXTKRGfLDh+HC8x9D89XnWP0cyQWheKUU2YWacOr4WVE0zJK4qj2v39Y03nQgSY7Oa54R2PRMjuzzTSkaITdQ1fo\/eapkrPXa1eGFgwwF6EMe47fkokLHjscKhQ9hUwVD1WZo132hEoWEgCk6GBm9kpFczYiEdZUPhpULGvCKI1iCSBgMjY4vkSPjkj\/CUDk9lkmQxFPWmRRIn5bNqB\/16pGMD5AZgW1l2kOJo5CYfNF1x84eGg+l3fSTIrHWDb7BvF8kmCbEpzK5xtWGHGjxOpk\/7a+pTOyHHSCngxZDzPdni8BcsxtcevFPBg2cOlxb2H\/0wK6HxkRNoGyDH5CwTV\/9XVHoipCcVdCRMqh2JweXzA8wyDxryIMQur2tx3A0CW64wtn\/h7BSyKnDTRXR1V+Wa7DymTTmnRiQ6l5f3ecwcceih\/JZP\/GSUvQLB1MZBKOprH4Whg11Rc2g4AjShZ7+YxYeeQtOgNFCRS53FA6JbVYqDpNySia3zORBhbds4Rqs3FtKCEuzx1fAYtgyzWdf8adqeSwRKSlOPPdqsVh5zsBNqK4beqT9\/RPVDkfR2bjUTRJesgqyVO6iWDbnnnAdtd3"} 00723{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388075915,"flow_last_seen":1592388084373,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1330,"flow_tot_l4_payload_len":11647,"flow_avg_l4_payload_len":582,"midstream":0,"thread_ts_msec":1592388084373,"l3_proto":"ip6","src_ip":"3ef4:2194:f4a6:3503:40cd:714:57:c4e4","dst_ip":"2f3d:64d1:9d59:549b::200e","src_port":64229,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1592388084373} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-27.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":11647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1592388084373} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685931 bytes -~~ total memory freed........: 4685931 bytes +~~ total memory allocated....: 4685955 bytes +~~ total memory freed........: 4685955 bytes ~~ total allocations/frees...: 101176/101176 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/quic-28.pcap.out b/test/results/quic-28.pcap.out index fe0bcde79..e8759aa11 100644 --- a/test/results/quic-28.pcap.out +++ b/test/results/quic-28.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-28.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1591267474847} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1591267474847} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":180000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1591267474847,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_msec":1591267474847,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsBAAEARSUwKCQACaBoL8OrKAbsEuILewf8AABwQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgmEZ7SPB63FDIt1\/BNmaABrW7\/a2mJ6Qg87qxio5qp+Au1rZycjjs1xq27TUqOstzWUVkmwpCYXpvpOqlbwTvnFsXueqMWKDAlTPVsrztIv2pHHHaD8h888fq\/JGG\/YMsyu4siFFo62sUPCzYnviiGb9Ejlp4qwUTq4AjO99Rthdv2GbNC\/OStXSWSDjD\/leZL9UJEZcJ3LhlgqAVgxUVrxuE0rbeF3i8aF9iakAqxlqpoDj1+5t7ILe8xHKg8FUG1XnL5zpn1\/qeTvTEm18Ejt5DZJvb7rSMM3y0kFKOsdK3+oTGrisBL0Fe\/eBZ9f4xHzZvM5y3BCl2N6qMFMX+sMnr8ggfIKSQlAxo6qy68ZM170NeiI1bIaY98nIrG3zZt3dnHbbcgfFiN6lFzYaQLJBtV\/WEYTHy0okUamYC\/5cNM9tSXVBXfneC5HIpPjBuuyE4+LzF5EWg6rp8zulZ5VOTIetNIdJsnU+GlxyeY+BVtCQCCyWElUlL9X91YgIZ8MpCHxRq8ZJCkmY4nF34gFHgfsegffKnBAav99zdzm50AvMu4lP1B1F6cRA2HMPmAvCgUL1IKMcacz2eCZBB7FWHguZbpDdL2+wruFSVOAWeB+lE\/kuyF3MF8D5tAMKtEitOKdhqy3C3qGvZcZVGOZKPWGr2BC7JbZdFGIyYmNwp\/bvvX8XvDggJHwe6xhqAz5sua3BsvUJ1vySN4kKaHQ3EYKLbPPRjDwQinHrO49sFr8oWJyt7OK1yq06uwrlP3p4sqV3\/tL4FsOHtHVAI5LvRB8KISYciiug2cmuSgzkDgaTo\/e3D\/u+rCXDQ3xoip3ktBsckfTnGfFRGZIYxKdaQnHhOXiTzFQ6mSTNof1wHefWEQube1a92cmaAPSGQOt3LWbH6N8\/qM1mTakjE+QJv0K3HWVx+nbk2qFqJc+rHv1Ie37Z2+wHGh0NjwgX3P+8AdCqq6tgRzOpAdLNRrnirmseM\/zZQ0+cDRuw83pFP+UWZ+PCK3wKRZu1IhQ2h6D6lcGAbZA9ehc5yOvz0v1LsR84aEk1FsEGNTqF56I+GB\/2xRH4N5F5aeUjnenJzGpEQkofmIzcU+knq+dcQuuDHuOTLNDIaiPO+4HYzT5IY6vCSgCHcPgQVRcUuuSg\/GpGaVSknd81XIsamcRfeqURHQ1MVwmLxgOMP3+I5HFeghmJ+ki2zeRb+13f3SNlS\/RoVNOTrzjA86oM8wlv5t\/i38dgJDMR2ZvO+tz4iV7y7Y3T7RFYvvK2F7LLOH5ZrOKSeJb1SNqfpAw6nEHN8am8q6WcZIClcZqDQiuuDV2HpT1RM8QezzenJxkksNL2P07lZwI9HU4P7Ayp4wWZ6zeiRYoRywRS5R5VWfF7StuaGYuXatUeylxdjHJ8UwmFRvFoXP+8SlDa8jkz\/qhABAK7x0AzjsV\/3jzRSi1nVL9yl92ydFm7OXWFMLaMdafTsMx6SG3eTR9qPpGQqQKfrm9F1wk7utXsAM9DKqSLm\/MYVhMIgqodecjchaLAXg4QPX1N"} 00826{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1591267474847,"flow_last_seen":1591267474847,"flow_idle_time":180000,"flow_min_l4_payload_len":1200,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":1200,"midstream":0,"thread_ts_msec":1591267474847,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.wireshark.org","version":"TLSv1.3","alpn":"h3-28,h3-27","ja3":"1e022f87823477abd6a79c31d70062d7","tls_supported_versions":"TLSv1.3"}} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1591267474861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1591267474861,"pkt":"bmImQfCg7jdRvai\/CABFAABL8YhAADkR0gRoGgvwCgkAAgG76soANzParQAAAAAUQMS6Zy9FF9Xn7IIP1UsQeHX9qMwQgoOBp4aIL+MPCXOdR4KiF\/8AABs="} 02063{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1591267474861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_msec":1591267474861,"pkt":"7jdRvai\/bmImQfCgCABFAATMbsJAAEARSUoKCQACaBoL8OrKAbsEuILewv8AABsQgoOBp4aIL+MPCXOdR4KiFxRAxLpnL0UX1efsgg\/VSxB4df2ozABEgps603pxkyOuWqOuDCBHqFD5j6Z3HbedH1LdiS7r9g7eF1q+4GbQDzwEnV9STArM0Em4niSxcOP14YGEMbCxBeurtCEC8Tmf6DBDqyOKEQqlh98RR0FuyctJCM99u6oRT6urYJjdL6PSSu3YTL8HY6NviKj+LkpdTz6KmCgYvbgKd7NEhPEXmVYO+dL7mTC6YtcnEsrAHQU704mlKvqtFGL2\/5msnq\/TWBIk6bybV0DxYkGzE2Dnlwtw+dvrt9SpZJQBYmvuqQWRkw7Xl0Ri5Ou\/YH0Nf3CEwfW93dKkzcyI\/xYg9i+2QKy1ICjIZ\/JAWTdEHFRK8O6Gl0vStYOHFWBxnM\/YifVgYZg0OsrKE2RfzjKKmCKUpNz\/eEInpy3g7Oy6BASDjgCLyqH4KHC0RkRyxMeAwO\/4Ueuev5PR+GIZT6RPX+8eDG+GEJz8bGHJ80oLKupj5MfUtk1+qegg2dzVfHgOvprBxIArXCNmBUVNivV7wlObqf87COabZiPrwNrq3bed\/ALhpVnLbXDu3mPYFozof6hWLQUSRUCvRIP+L3zyyxfAOLZZ711TySAZxpgSSNbMb5wMga2ZxBCZGIiJBujBs0RFh65ea1D90334s1gOATeyFD6G0Y5nni0vv93RqV0rCUx5NmKsmees6Lb5Tn92zzlLElQ0tJj8i0NV+A1o9UmRJisTfKPDHGhnjIKCy7tWmA\/6WnyjC5MVpEofvbOp6VSLzrYFEbs4xO0nP5EWcI9akrhkBkR4BVPvA3BR\/JNC6qdA6XjZq7vEC4PK42e5TCzz\/lS4AoqV6qY+iOUqeRm\/KZeFGwLXw2YBxOFGvLQSYLCrM0JT+ZZ\/+YM0cgNTb4UsfslWeAa\/dEDn2K0d5vlVIufoqB2DscZriUDfkBrMe3p2BYO28jOG0dIt\/\/+wVszbGGjaG2DAkiTDrcM67+fz7k2j14PiNbU6+l0I0CfyoRbB67XXdFnPllMtNEGiR4aBRcQCCchbCVwdD7xGfKg8VLCKykEzUES\/y7hiagE2xpKTSbAUtzMYTnIbSLikbFGyfUOpyFdt16r3gk3qkldqup8CI9vmdvD1rvxsFHFdQKlm4ct28WVqNsM7AcMCYS4IdY3fjlHdgQeFzGauOLiE2HquU8FAgRipNJCs2vXSgmlj6qxAuSretb3YYCFUtS5vV7VhzZ\/si5aRaf72K7CkGDHBs9yzIrPzdtDp1CIjAcpqkTgTiqw5a7bneWQdm6knt9coPgKABTdfR1Wfei0Q3edydbubwRd1QyG5zjI0T9bXVZf85BmVvZ\/oiH86E0oC1c6Hyl3M4ke1W9+ncVNagK7XEVU\/lQ9u6NvkLWq7c7LzCfIQKMjglkD6IZxuZzbgX+IVXu+2\/W0iJnR1BIZqRhI1sURkCMk5kSbefJtA\/3ss1rR1eV5WU9Nj63Lk8fki45wlDZBMYeXWKNBze+M4K2DVnLaUMILrXDsu6YTHRFaaXufk6rRMF0IUC\/p6LhqvtpFhBb7T6xRXz1tVkXrpMYBZz4xjGSbfGjFB"} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":253,"flow_first_seen":1591267474847,"flow_last_seen":1591267477602,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":236167,"flow_avg_l4_payload_len":933,"midstream":0,"thread_ts_msec":1591267477602,"l3_proto":"ip4","src_ip":"10.9.0.2","dst_ip":"104.26.11.240","src_port":60106,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Cloudflare","breed":"Acceptable","category":"Web"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","packets-captured":253,"packets-processed":253,"total-skipped-flows":0,"total-l4-data-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1591267477602} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":253,"source":"quic-28.pcap","alias":"nDPId-test","packets-captured":253,"packets-processed":253,"total-skipped-flows":0,"total-l4-data-len":236167,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1591267477602} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 253/253 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4692511 bytes -~~ total memory freed........: 4692511 bytes +~~ total memory allocated....: 4692535 bytes +~~ total memory freed........: 4692535 bytes ~~ total allocations/frees...: 101408/101408 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/quic-29.pcap.out b/test/results/quic-29.pcap.out index a51fecec4..90fdca167 100644 --- a/test/results/quic-29.pcap.out +++ b/test/results/quic-29.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-29.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1592171671664} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592171671664} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02130{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592171671664,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1592171671664,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z1AAEARMDsKCQABCgkAAo7sAbsE7BkSwv8AAB0S824HvwtwiO8oxx1Iisqv85\/8EUOUTtoYvrflSLONN1vzwqO8AES3Q7WQp5eFbP47Q12xYKXOiuR8OKc8Zd+z5\/wDTiaB2gylmmpfXoWWnW9m4cfo29uCTrqUeoQcDlNjFKjOZThrp+QrfaDvzF+TP2mbdVAn5DVFyc3TGw9yc6eNagzixiAUYroBLFYv1DYB54ctmkUUCF38C+LrP5XSP2Zcs3QEOQDdiNvhWKUx+vneyJD2Ddv1Of313oIRItyeXVn2LxKac2RjP4PRAhodOpWDrnkB66u8HOFxUv4Q9HU8anll\/ZatcRtN\/kzzFFzf5YoYXwbtiynEhfyRDYp9NIa5aU5ngHDoeAIY8EqAjkZzDBZrpJEN70XKdgxbZ09x248vkii\/BYPsm8gwjS+Z+NMDUp5BndSqJan6LYduiBKS1FQ2ECMHPifIAeRkFfGsYIjcHELHJvd3bjIuQ5jcLDQ11GM29Aqw0CMdlCZ0GZUFJPoOBYtbWkB+AArzMv7l1fpdC85LE6kYaNSupy\/kxn4q0Fd9nlOil4czF7np40hmUQT5zuUOIMe57G4ak0l7jLPPFgnjPcuJ5+bhZHgxqEou6YPiVeaRUocITEWkE47FVdJ4XctN7CMWrbtrVTRyiKoG5jKjipRDy+FAnWpWY5dsQU4VKty4nhdiXpcyaazCMiTBlzAZlJ+9vVzyUo2gVZTdT1AmyQCJjmCzYg+wq4NqxE5hDx4BVlFY7VlIfT+LOXZeM++nsIOJaY7JaSW2i+1ji7jGvwvZ+l6xB5JTnisqnUTdF8GRkRAiTg25HBspHwtWrq\/Po4lqvzDZYM3JiaCh5C8UbvK9JJyDT8vEGu5LZu4vyW+zCsCEy6HtYm+Tl+y0wBH9TYuhybK9k4L\/MkebKAkQQeZPvBNwHsBWnmGK44Fke47qlm10TFPJJuYjv3s2WkxpofqtAF0qtGkvoZjB6BMweDMLBzljRd+MpcpgKx6R7LMPjs6dfEoyR\/++4fMZPmZ5nKh9L2NomKnJgnI\/Q7cjkj8+4G7DpTq\/5CiPCn768EbsWDr31eOflbsg2q5K0cAqBbvuSWrrcKEWWT9pbchcsh+CF4s8+eUg6FJomv69IBBZDRAHTYWn3VGlccxntEoW7HpxMfIbSnMt1P6bfNeHK9ADAu1LaTZlKkjjmK+gbjyes7l1CGt0SYwE5uDE0ieZjOn+NT2n96TJjl6343hGsZGGMospEVXz6DJx68jscskAGRLftunAK4Wcrbm0MVyZUbf68HXckrAHSl5ZN\/gbwXjHwC\/6kW\/aiMNhQdY8NhboJQcKwTMbOAeVwKF1KGzLGKNIqA8cRIBh1T1WLCqei3k8gd\/C7bxKNgXzYeJGw\/scGAKCWrce0B8GF8XORgu1hVv6Mwd\/suBo\/oG9g9Uq0JP+2Gj4EQHkZYzIbeC00Rkd0VLJzec5p8sOl7k1oJ2JxQnDqWq6c8EgrVrSv8x08C46hCl\/izdOK7GvwGEQaUkOOkL0AriEREHoeCFJRFtP85AqwidJch8tbK+7ugQPN0bUklhiKNfnQ3Ch72i6f0K8Dx8w3Oub6KBk7WsmEtFBIijRDgwb5rVjtiIuJyF+6hegy2WW6xf3iWQ7NMMjWxMe231j5YtMgDPBTVbFARaKzxZnq\/YZAw=="} 00796{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592171671664,"flow_last_seen":1592171671664,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1592171671664,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"localhost","version":"TLSv1.3","alpn":"h3-29","ja3":"b3e43d74f4b790abca2f5fe7dd06e7cf","tls_supported_versions":"TLSv1.3"}} 00594{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592171671665,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":159,"pkt_l4_len":125,"thread_ts_msec":1592171671665,"pkt":"7jdRvai\/bmImQfCgCABFAACRmvtAAEARi0wKCQACCgkAAQG7juwAfRSj8P8AAB0RQ5RO2hi+t+VIs403W\/PCo7wSLpoy7UXJBmrU+awywdI8GeSAtpBzddspmsO4wBFhAc+lOZRs3AvW96rBMIqSb8d5pE1izlVnQvJ\/MknH+txz1mHxROZRbUIezbGG599\/tfDcAoDEnt9M4O+IUzLE"} 02135{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592171671666,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1592171671666,"pkt":"bmImQfCg7jdRvai\/CABFAAUA8Z5AAEARMDoKCQABCgkAAo7sAbsE7BkSzv8AAB0SLpoy7UXJBmrU+awywdI8GeSAEUOUTtoYvrflSLONN1vzwqO8O7aQc3XbKZrDuMARYQHPpTmUbNwL1veqwTCKkm\/HeaRNYs5VZ0LyfzJJx\/rcc9Zh8UTmUW1CHs2xhuffRHwK3nve7Gs3tZecUJrzqDFyJk9VgauDIb0Z+rvJbpolNkK6o7LgasAqmBRAbZcMPXVvUfKsLiSsD4SILcWD+XvuWr3Bh6tm+Qfkza+b6iZPubm3DVwSuys\/Xdp90g3J3Xk1P0fVr4\/DBW7XGGDkoxhXT\/JK9l4UPRIVyi5S\/s\/HCP+EDwylk5NF4afjQaGSFHvpGz1rfWgSbWW9+sMKYreG0NJGBDTiOkzrmoNuPwZsLcClKrT8DHkz+OgR9k4HlGmCBbxjhS5EqHAPTN0p9tNIZWR+C\/qUiEONzWWHajForYbyQn2DUiK6yBo+OQYvqxa3oZpGE1ifu6+st0otshaii7hYat8QkKrneLy15mdLcw7PZ9xSTYArs9hr4+vj1cqKUtxqRPTiLF4dCvRIhEX4wsiVHTQs1H5VlPwKxJq579LyeS+qFj4KdmvZBFiZFw+OSy3NncA0jvHpvDNazCZw8\/tYybqvtyop8EVUiQlHyJg8YNQ+aWO8ypOTwvNIGYKTaPxXZMvN35yLXrvtf4haVdzH0G1+kC1uUCGWP2BWNjQ\/TVG8grG7RsHGbnZn8RfXhU4qdScFjhJ31TwgAH0lYn4+u9lnJAIs5sT9WTUkrdZcS\/sM3LeHI6MKWpycP8D28jlxLUcx\/dMgCF27Jh3BsCbctlNdL8hYW38Zr2U49ykd7WZpXsGAA1nzsNfuIwfkQE4VyGHnLjXrXxRxrD6N7QDeL7eK3kUjZyC5W534QYFYrh0HWuZfiukwt3neFrc0vgyMMdUKTmaa96v1P5OJVaakJ7Ko50Ic\/ccvWMdP83+NPcs+7HRXK4yG1yRzMwkmF0e\/57Dhb4ZsYBnI3JAGnaJwAbPLn7nBCtX11JVis76ALA\/EFVyoyCMj1RVsAHT\/DccWKXtdquQdm5INifNuOA564SVFMA0ccofKzicAZJiC7kfXk6QXdl0MLrIa5kBoBc0Jy5c\/hRqi1jxPFSJ4InRQNc9l\/l2XOPXUXc7GNf40YnCF9ge02seRVw5QgAxzztym8sQ\/GYuUd0UgGwdukDWiwqiuJGtn0Mf0hSpoDxXo0GxXy5ROaCq+Yj9+rOhxfWf+y2j1esQpB+lboWDqRNGPph3H9QluST7Lui0v+n2oEV84+fsaSRoIRNleP\/qkuvCpXsIrFGtk7NdB1Z8Zdm3+Q8oB0824BsnbIqBS6PVSMa5uQ7IDT19Rii201P9HjbIFdWd6f4nkoa7QLBzeQZCl5mk4NmwWPlKeVRJy8VolVes2J755oyt5f4B18ZbY7A13RZDfxUDmg9vvPRXS5gGtrj7EEBsE5b+jNiBsYGPfCajHLvvXuZJzWTgs5GIF2fZMlW3pKokAdhk\/JtyHS9+vfZXldxcnCxBcwh\/+X5Jvp0OY666uN2Hix0VsHswxfto+CE3l1fROmKv5hQv6DrppojEXU\/Bywn1HyxPBMx4G4LIAeSl0XzQ9LpI\/snJgv3oFDbMQMXW6dKIL6toQLmRPmeW2MoTht4gvwKXj8RRQP4umFHd\/MZAMVQ=="} 00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1592171671664,"flow_last_seen":1592171671699,"flow_idle_time":180000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":583,"midstream":0,"thread_ts_msec":1592171671699,"l3_proto":"ip4","src_ip":"10.9.0.1","dst_ip":"10.9.0.2","src_port":36588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1592171671699} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"quic-29.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":8756,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1592171671699} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685655 bytes -~~ total memory freed........: 4685655 bytes +~~ total memory allocated....: 4685679 bytes +~~ total memory freed........: 4685679 bytes ~~ total allocations/frees...: 101170/101170 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/quic-33.pcapng.out b/test/results/quic-33.pcapng.out index 34b374acf..cede4a46c 100644 --- a/test/results/quic-33.pcapng.out +++ b/test/results/quic-33.pcapng.out @@ -1,12 +1,12 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-33.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1607938456563} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1607938456563} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1607938456563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1607938456563,"pkt":"AAAAAAAAAAAAAAAAht1gIDHwBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAByOYRWwTYBOvLAAAAAQiH9eh3C8+VTAijB72XkxHdoQBEtoviUAck6tyLLoPW9VDwFsyJg3YOj5\/ZBBxoLZq+uwOezSI+NQXptD5by+TGWuPRPrDAYZviuXsVHC7HmqDeEDG8QAq3dV\/xeXm5rkywye7b+vdo1p1fctM\/Oux9r7eV+Bkfx5+wJ0fdvlhyFGnTrwdcg8+4C7doPPgPdg\/HlJ+WJBdBNlB5bMDPwE7kBX2Dh4rUsRtMuI8UcuXEYHPlESOyFKyqmw1DOdGJ\/piVc003W0\/LEq1Eo7qm+0VXxD0O2HOCIiEHQSR0LHjT1VxLfzhAmJaat83P4NhBjDwwPEBaziMk5Xx7FlGTbjmQXwNdCCRvlZwHV8Z1FjV1KFEWUlByB6YIRcrWgtYq\/i+4joHr0arERD7m6OPY7fw34Aislp\/J5tfwN5lpBEW4eq0YBQWIW+o0WsbDygLLOE8qK7VrIW545\/s6vWmiqY\/nX3eqKbXLLa\/FVUoUAYah6VY+54jT2WSxlVbjRbKzNCmQ7iFaNpCpIEDqRUT3251KkF2ic95oNqA7SdIHar3DhA1BLknCroi9vMu8dB8ZQzinHdG0dXM7MT\/3xjsj6W1BusBxpaKNCgk4AWnV4woWWMHuv3AkSN3SkyzvUkLVvh69eozjggDPPRwSQSUAzHDWzbhw1M0maJHN9uf4A3ju1BNcFXtgNbzbLvZ8jRjuvbV5+sT2dKCIGszHbDe\/k7VIj14F5Oz9yEIDLSjcjUNYxAEtmmIW3gkE0URoURbr4fR+9IcL0qzkw6dXZu343bgbz5HR6MUnSxTpV9fqwSf9hnrNjraoPMA+2dRpP1Zgg8SJxppmH92oRToz9aDvX2GEC3Onm3NhLiCy9XRFGhGu\/fP4euaO\/LhZROPQcNzbK0KhgrgIkbbcdw+GG0U1DyrSN2MCSa0G\/gdd0iXjRkpuSltfEWcs6h5VKXYCs0nARTLsAmshRBI4tBnyE8czB9KDGhDi69S4dxLc2GhDvI7sBC3oYplXnPFpYJ5UZlYX4x4JzCNfzPKJLkB1GZ\/\/fH4d4Bdn3o+N0leV4SXwVyj8+XQXm2lqcn0l4280XR1PY9wT7WxHSwRDVHU1WF+J6uEthL0G\/TTOA8IENfk0c9FtN1gtuZbVqEenj8UavApG8YgiwEFLw3lw7QwEpdl2suMFgNMJ9GKiLgGbJ0iDoFumS7lgCZ\/nQNWC5kLAQ+6RwzRxTfyP7COmrj9VOCl2+wDLTe3MfV2rc9okYbhZWBQ90PNxn4RsPjc\/Y6ROnBtAhNHbhNOY4vkKTiqPf\/zXa6gyKLJwM4B2ikSmnMEc6pOt0km1BxO3IMATJR3y2TyvQwDT4h3LmpQf0gEdwRzggs5B+E7eqr4GF3leCUThvLN07bE6f2xjlfM9GVfW\/hyXIlfEkPiVHs0uNEuAtqja9wjv+TVSELvsqoLajQtysd2XscH\/uqkhI80k6EzletW\/z347Tefjbi7un6kw52zxXR3upATGEcY8WECkFSms+LV3Cbtq+fVkM8LR8ZIcoDoUWH511e8PHOE07KwOpTJwROur3JKswX2UtackuKBEnRIb2VrFAu8O8Bq\/G9385WeZn1kznfucxDKavwZd9obaQ66d2I\/H3+7RezClYA=="} 01093{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1607938456563,"flow_last_seen":1607938456563,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1607938456563,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1607938456566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1607938456566,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gTYBOuKAAAAAQijB72XkxHdoQg7VxcI2Jvc+wBAmyNACkF8YFqpKbrULKoDb19+uZg6qvjJtwEJ\/uOaQSa3OSU6O4kzdS3stlDlI1x0pxU6U1p+48IkszqoivEYtB69bd+ITaYbTkxaelp3jMONrgP7+RVKaRNSt1HkpjhOcLPrzWczoHNZnIhNfvDy2JT2t08AucggcJe2\/4B\/vdnrtpqK6V\/yqwGFTMu1rQIkxS92C6tKauoy9+VqrwAAAAEIowe9l5MR3aEIO1cXCNib3PtEAuCsTgG\/NlsvOl6GJP2fa9o99BT145OKWZuTcmr433tc4jI7eA6S9XkiunJFKo6ZwPI0CMllqhzpZg\/M2oExoGin\/1BGN9cmCUQfuYgNqfFCtG+9ndT9HYjrsBCdjtJLmxL7rPr9q0tjGpDyuXZi9R4mNROPUrln\/PkhZzgiM0sHtdd5p\/bNeUYtEqE7ldAVt6\/n44lU+YN3SU+JWXbqssVrfvVzr36h3ab7fYZ2wDsFWfe3UAXx72w0FuOOYB7+7UQe00b5Z0z5SyfSm4P9dPYqojw9+jCHeJHd8IAkR4khzwJfJ3q7ZLCXjemRtbjS+jOnIFHSC581L8cRfFE0puRn3ZcyA6eigK1\/b\/IulmnDweMhm5uzPfRzVpuYtDAmfupBBO\/lq0x9UE6G6aXlrZk5pUsV\/Pqkms2\/6G+WtFFZQVjHMyjk00Lt801D4RBFQF6Pahphh1rFyerbrHyGpVjzLCCjQyphY+Ef9GwnSwZSXfDtl5l6V75F8hdBb7eRQwoSsYy2TAPUn+5EgUUMa1L0FdqwqulhpTwuiKxlEjCwVmTxOQ9cg0ckmklTggiUpDihR6CGEJh4wbwQvtSQI7moaNImb3zhI+1KDCqOesSmC0luDPiQ6HVXRRmZBTcfdXaVe6yn8aOTSuCvFQcYVZJMmDXWA3tjd8oaA17lJRBbd52Hesk8cJ\/YJxx85q2dKnHlb3PDDd1GsYUOHckqW9oBPW3OnKOCPAmLbdAwZewxw5NCtlvRr65YuEBJebGFHlf1HDlzUGnZEYOFz7QCUVI0Cm1TQGPnrse0LdnJMU4XAsVFTZ0rmN1WZ7lpL6siOc2kDO70InGs0erREqxP56ACsZJMVSLIWh+Wtd1TXT7s1cqcJTYFE1niy2vrWekG6gLj5S6d+RexzQMJFxrY7r+11SACpmCHMFInRkZ2X9ItKQsY5EbZalkFRVlIPVyM4egzMKz9sn52T\/vMFKgNzwFrf2sp17iUQaz1IyM4BWPhByUmfVEtsPpNhTudVAjT+DAK93H3WyrArXi\/C2kIO6kQjQL8MrdQf21Vn+lMg29055+PrObIIyJyGedJEXiBJHhcPUZyzw5wKIN3qGujdkkwR3NWZGQsR9D9oFcHebuLVvyY9rfcmZsewBxwBuE+3j7ZET5hnurVax3LpMwvKOC7lHimTxsExq+Apn9MfGeNafcclrRpd8qOhu5Y\/D9oPxLb43JPWxWrwE9\/H\/\/i9MLl+t0zWNInh13oyE1g07E++NmYobon6Smh\/KGoGULC6seHfmLDTFHYkzCH+jMiW6zoYiu7MVxzW\/pT13bjivVb6\/E5Iu6Gt0D2z7Y6bkUG7P9GxtXA2I4cOhOe8m7St\/U9gg=="} 01473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1607938456566,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":805,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":805,"pkt_l4_len":751,"thread_ts_msec":1607938456566,"pkt":"AAAAAAAAAAAAAAAAht1gLBAvAu8RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvI5gLvAwKiAAAAAQijB72XkxHdoQg7VxcI2Jvc+0EX7RIgJstg2q\/pC81tAEQflatapq\/RZQEybKUVkOQrHxIiM3xbz3ZbafCyVgp9YFd+JrcvMCpFHqt9ha4UaWT\/CVOhVDMl+x8Qz2Pi7UbhXXzBIpETH8Z7GAVhwJp3720klhijkJwcoDMcJhlagIc47WtHZyC2\/NvYhyD6pe18qYPoUjuwqv+wJE\/ZuFV52ejpLWx76nNhIhGaoM22WiUW2N20UYQh0kubnK8ydedmguDEIxF73mmjfBjQU7d+\/kjc6w69nvaNM1WUtVe+1pIxu53jikC+jWmnb37byYPq9yuXiC3\/7jLmxfDtd9m0NACttAKJA\/JNnc1mj5nC7Y4hcumqIR3HrbC6nuLoYsXX2Zp0f9UgYV0fEqMHvZeTEd2hiKBY6bJdCuJKiCqdgeiTl8HqX5mvvlLWJPlmCEJCqIrxf4AkkUVGE4BSMBWdBgCOEniMLjdilc+qHYhwYNZ7tIGoZF6d6e+Y9Yje+rmHUnbpVz7jAirlBT5H70Gx8i7gxMgFdddmzogwCmelHc7wvmzlC3bbPNEkyFgFvBjt104z4kXXH0FdVNTjvLWqMrMbCISgSyaKcGImnAuSczuqI+IdDAVMV3KZetnbRYTODT0MnkiyhjZS2c2FGhXiSczCoL+nOf5G7u0IMQ1S2B5gWkWA4zkPvuFc+aQWgo\/5D9qUsPB6Q6\/Lj7MI5fOlLauhfzQmW9GNJRpuqdg3\/ZmECJ9z4HnHnfJd1luO6tXDuMawQhxYeD2xpO\/QqBEAH7sAsFTq\/abn1uTe8vqVNYsZRf0hwJAKRW\/BJxg25OGxhUlcywIb3vGZoq+dJmTxYWX\/eqXVDs+dco62ygOlroB9wJoypHt\/D+y7eYcgKaWYE3hnP28kNmmEQuWhfqoLHNJTZas1p5oY5kezaxnU27xSuQXqGdvZdYxhIaICM8EHXUKIOqW8fx5oue03v9+86w=="} 00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":992,"flow_first_seen":1607938456563,"flow_last_seen":1607938456578,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1279218,"flow_avg_l4_payload_len":1289,"midstream":0,"thread_ts_msec":1607938456578,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":51430,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":992,"packets-processed":992,"total-skipped-flows":0,"total-l4-data-len":1279218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1607938456578} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":992,"source":"quic-33.pcapng","alias":"nDPId-test","packets-captured":992,"packets-processed":992,"total-skipped-flows":0,"total-l4-data-len":1279218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1607938456578} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 992/992 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4714058 bytes -~~ total memory freed........: 4714058 bytes +~~ total memory allocated....: 4714082 bytes +~~ total memory freed........: 4714082 bytes ~~ total allocations/frees...: 102147/102147 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/quic-fuzz-overflow.pcapng.out b/test/results/quic-fuzz-overflow.pcapng.out index 0fdfeed62..e6623dc36 100644 --- a/test/results/quic-fuzz-overflow.pcapng.out +++ b/test/results/quic-fuzz-overflow.pcapng.out @@ -1,10 +1,10 @@ 00471{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00478{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1633957625000} +00557{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1633957625000} 00605{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3} 03011{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1633957625000,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1280,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":1280,"pkt_l4_len":1260,"thread_ts_msec":1633957625000,"pkt":"RSAFACAgIAAgESAg\/\/\/\/\/\/\/\/\/yAgICAgICAgIMhRMDI0ICAgICAgICAgICD\/\/yD\/\/\/\/\/\/yAgIAAAoAEgBENITE8gACAgVUFJRP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/yAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8gICAgICAgICAgICAgICAgIP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ICAgICAgICAgICAgICAgICA="} 00926{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 00956{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1633957625000,"flow_last_seen":1633957625000,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1633957625000,"l3_proto":"ip4","src_ip":"255.255.255.255","dst_ip":"255.255.255.32","src_port":8224,"dst_port":8224,"l4_proto":"udp","flow_datalink":228,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1633957625000} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"quic-fuzz-overflow.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":1252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1633957625000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,8 +13,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679827 bytes -~~ total memory freed........: 4679827 bytes +~~ total memory allocated....: 4679851 bytes +~~ total memory freed........: 4679851 bytes ~~ total allocations/frees...: 101144/101144 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 476 chars diff --git a/test/results/quic-mvfst-22.pcap.out b/test/results/quic-mvfst-22.pcap.out index 391df967e..0e611f97f 100644 --- a/test/results/quic-mvfst-22.pcap.out +++ b/test/results/quic-mvfst-22.pcap.out @@ -5,7 +5,7 @@ 02129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":24717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":24717,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAYAAEAR9MMfDVYICgACDwG7ixEE7JMhzPrOsAEACEhjA85S+SrVAETSp3xd4I3jcnRue9L34hUuKLzlfpPUk0DMF1\/VFxThZTibHyGTQPaeM6iOotElwwAC1lRX5vIn9ya6YsAZzR1T20xEKAiW3eJkBYrfQ3apmceqTTBCX0bJxPnVeRIzBODDHWoJM4cXlDC\/p3lohjBDIh+3Pmk8tNap58UqGgjHnaigatc5CgFJHJWL+Kd1f9qcpuyZT1uB\/ns\/WT+PLudF\/jQ9707j1mFbnqiURY6nhTe97ZArhq7t1JVJAsO33k150ABBjgVdT\/6wgI8ik0OKmmJMbfb2L+7Ixq0YAACyySDSzQt+wcslS6ksj5zkeJG1dT9Y35jxFQSLUO32yxmbwQFG+b4QvZMRJyJvqfQ7oSMncZe7gs3wgTuaXe5geZfkx17MmRYXTYrf9pvAukh+MM4Q8hjt2gZyy+8MqEokO31Taq32iXjDeFgjn7q\/sQ6rvlxCVyZt8Ccaw1VxzzUAQNXg6QrtjGJsnqKEgZqyevLn4vgbCyEPYSqzUTMTMLMrTP+YLSeAUyD\/0KlFtPE0vwwFCXwILzsVlF8Hrkegr6zVR+h\/fNZFiUKr8jA4htexop3\/TtMjF2PSObMi\/B\/O4yOQK7dMjsb7j6HNoUatgqnfa\/Ep22MPaFjhmHCE5j8WrQYwGpwTuF1k+FX+IBnWV4aUFnYpvfr221AiaeRWseWythbDWPKdPOoQEd\/nzlYGC5Oxk\/91qMZSP6Qi8tEzsAHdyiB9WngqFXo1pqCT6\/T6hHvEqNor+wZ910MK6fQ\/Z\/7idL3\/nnBnU9m8lqNNZM0XegQQnU8+PD\/XZhQjxUwoqqNWAXTx+KKl5uQmMcpN8TieU3aBwrb2x1xcZVNXnjwFxiEsI7kDQg0bAdgGrjrWKUk4cVimEMb0EC3L3V2ZK9Ef+8sswkJ6ekYpwvMTIYU4ZOYeN6c9agkkoqzbCCHeRQql9R0YriJFUFgYENUK5b9nwRNBW+A+lZE8ptuzw5xsFcuyBXpjCKYIgsmKcLlQPkBkV4L5QGZQzzBmN2GgfUAEzN8WWVN0hJqYa9YhcX7zxmRv9gsMitNksaFnr6AlihFLFZqlT9Y648AprztjF7njBZZ3u+CXpZkG7Px2yrrdTouwjAToPn\/AdVmPPTHV6xKp99fDbwaMyfL+yOcnJ2plbK+wkS1jsiP\/yDk9VzA04xL0657ViUEAuv3t4Pev7pI\/DIFdRVSmTSWKvywkuBVJ\/VJOp\/6cO+Cy5FlDhTQR7H8evMXUaEHp69QHfF8fPUAjUyJ7IMeXXtuK3UkzI7UvsOqWVYGkA2OumbWmFRfgS9XBGi3DmR5otgit5Y81MAvHsCQ0V0IB2P\/yq9sRuL6R8TwF63sAvaPwfsPjICjHyZ2krnIlWXUbArKvncQeHm1H6y9ztqgfn+NTwpQWRfi71aj5FP2C+U3RB9l5HqGgyZJ9tt\/Xiom3MonkmdTNfE9C0G+zTKbgAzuir0+laGJim+TV37+wtcreN2P4GKPPo2goOCnc140xbDBLn4BL2axie9RcUyuxXK9wAWvijAfXal3f1DydwVZ8LxwK8o06yHcTKFQ\/sXJaHnxv2HTtF\/v0IBQjQRHILVxnhCjAh73MlFUFSG3zJQ2aU164W5cGJFQS3\/OOJsBbuI1J+KjSFQ=="} 02126{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":24717,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":24717,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAAgAAEAR9MEfDVYICgACDwG7ixEE7GUmy\/rOsAEACEhjA85S+SrVAETSuH7quCgS8Qh0D\/bDO3gFDyLADGIuWnyCygbJxoXjp96KXvspho+865YDAISOGlOK6zOTsHDQAebkiFhwjAE3CGShccg0NcaDyS5u33R8Osm0onTcQUcavm+SMZHNxND0mAg59a7z7rYhXIsBKLYSznCIFNmBhvnQ+54HWzq4kDWVLL0ptfvb3giThFXk1AIMtBbaQwMGxHg\/8x0s7Ppw1zOCvbNuFb2SaGK8woqt2broJB\/xJJE2S1FwZCmQqqrE1mHTwDi+8M\/OC1IyVNxKVB8saqcFSbFe3BJEULgEgbvBwmfmNN7Wau\/J6gJxg5w745\/ujGtOLBoEAnkzp3XoTJN0Y42xyNe7RF+e2AS8staHpKBMbgG4b2fukqv0W5QWMOb9XdlK5lappO8kEpmoLvACo9Sy1bI0dfdz52edGlrvLjFy2h3zOMrwDHWDRiYmPSAbJ9pyo+VCqFMWVDhQI4ZmsKudQZcU+vReqpUp36fwM5gOtsh2Hk\/S0k+EHqDAZZLNzSF4Yr5ZabIDN\/R6biJU+FbtoUG+RJBpWcvmHAUftMbmErNWLgTpRpllj3nUl2F8eMASJGjRK8oYFrTV1fl7xjdeBam93XysGVWS92VND4SDvDULI6TRr\/337rNSj3EREqThlcSaMocH0kz+\/upNhJQxDeelV1RY26qv9bW8VdFma6p7uhfRK2roH3G5uc\/+tiG6qdmRct7WQoGsbTeaFFwB7Ji7Wtb9Amekof3OVUrPd+6iV+W3mM4hQL9kRTkFzHEd\/WA\/+8ZmZ+0XzQrpy3WwRvRc4DmvV7nvOYs8y+909LdGLV6CpRLEK1604OVZbyXxVxq8+mD19ElUn1g8QnbzGBFa3Eif7B0cGdFF8WqgYvqe7ufF46ZJs8QD63+SQv8gGxmUo3SJWQ3Yfj1uYEYSEfqi43AQxOFbKmd5oqszRdikvUk0Zh8XMjntw3CR4tWh1lqTR3LIN8Lt7A9gIRX8+3G76YoaDY2JIMjxOuLYIRBVe\/VWBuKPMLqRCv4wvIDach8GKJmbI9PTQ01q1Z5kL\/zM7jTdFAlentpckr6+ua\/D6t6rLd0nkkL8d+15pg8\/FKhrDBHA4Ml4BRHizjz4SpRJ2QEiV\/niWkbX1e0hkpcbZ2xmOFDZW\/9O8RjAOdM08kiCSbKZTUpnl9P0qLKtjystpZa5q8OrBMgSHUgHM1S7geU06smT7+czbBGnnd5A+6PV0mPwqueT\/OUV15fL2NUOxgfqhC8iKqRfJcjzm8CssrkrLVEfaPmw7D7KOm7\/2J64iyqOubriFO6KrbjP+1qKiLmCaqNeEy3JTylMKWsH5UVovtnGGCKeolJjanKSFdzQ0naGenN7GlArcfV78Zclt+QC9mK2mtHkEiOwhoeprg\/zQujUyWH4lxZTrhtEFhlJUvQKpPst4HYEqZgxQPGS5nmr51v1f2cwzcaORxf3cXeVVh\/GKwiwMjI8VaKzhRxAoKZZ3g1TUl61dqF4liU6GnZkX+YBlPJ80vXLVfIDc4zwsjaBUxk1pJO\/LOLCp5buKJ87EbzIoejsqFXfFarTVLwKw\/2KUHEIwDL1x1rU0t6Q+Ap29yyER+brp4OyVHhD6T7u9LrfjXexdQfUgnSNX1Ib4LZ7OO\/KrQ=="} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":490,"flow_first_seen":24710,"flow_last_seen":139922,"flow_idle_time":180000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":267723,"flow_avg_l4_payload_len":546,"midstream":0,"thread_ts_msec":139922,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"31.13.86.8","src_port":35601,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":490,"total-skipped-flows":0,"total-l4-data-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":139922} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":490,"source":"quic-mvfst-22.pcap","alias":"nDPId-test","packets-captured":490,"packets-processed":490,"total-skipped-flows":0,"total-l4-data-len":267723,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":139922} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 490/490 ~~ skipped flows.............: 0 @@ -14,8 +14,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4699436 bytes -~~ total memory freed........: 4699436 bytes +~~ total memory allocated....: 4699460 bytes +~~ total memory freed........: 4699460 bytes ~~ total allocations/frees...: 101645/101645 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/quic-mvfst-22_decryption_error.pcap.out b/test/results/quic-mvfst-22_decryption_error.pcap.out index f3d332ee0..adfb9e06c 100644 --- a/test/results/quic-mvfst-22_decryption_error.pcap.out +++ b/test/results/quic-mvfst-22_decryption_error.pcap.out @@ -1,5 +1,5 @@ 00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1593498296832} +00567{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1593498296832} 00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296832} 01981{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1260,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1260,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgE7B0GAABAEeVBCuYoqF5h4ZLy9AG7BNgTGcP6zrABCEACR1YBz3h7AABEvkgDSkdXT8KDRtZ6SuR9aklyes\/l4Sioa5nXAcPGveAb5Mb0k7uBERsrnzBa9uno+scwKQJ+8HaE7SwNRWaJ0B+VYq5sgzaHE9BksItfZB05b19PkWz3XaOJPeabOxbegkEde\/7BgQc2iMQiMZifq3YQkFbpelKpfZ8UxZbKFKO8T8enNpDFvm79StOLsc58r6VUI7R7RX2Dh+7UvHc8w55LVS4nFdKyvt+gLMAzuTrAqSRX04ucEX43SZLKcpJ+X+iK\/v9u1yLmGT\/8hHS\/A3VBUuWVRkAqUr3zRxflhV5CjsXky9idxKWm4C9Pn6cw4624LuYteYIUWOTHQHv3zV5\/rnXQxed5aHO337llijw0yLFxpnpOUEtoxTKtZZeNyR3\/hCIkY3n14k3gHfYXZl5t7DMoJYBnIHHhmdFCOK4sdCcKtpOlPKhDiv0BdCMImPxwr5CZ3d0NvKvNFKbylEYXGyw6diXHrADpP1Bpo7IsDo6OECekYHLzamw7fo5GRjTg4wyZ585sRHNOY5UQ14urjp6qTgyJaK+bJQKQXSG\/jPsJRoA3bT9RYwhd92VXr\/SRpMsMI1dgiAabVuN6aapjwqQ05GcX1xWXUOswELHBWeda+RZSG0ealfCxTmgk\/LmTIARNNTXtxke0sf\/IlfnV3ikcr9NqDIrI6of1G3cZfUQGBWE6gBVL5hH\/8pDG4T4ZpNiYz4Y0kEK9VRD1GZ0w6BCqlt\/kg2zd6ahgaI4n0T7BllqMO01YZ1t9pyXJShYy7a1\/GE3TCKsHNgIVU+OzGaBubO2O8foCsTRqluuqUPhG3n2E8MHmbHfrbqadkpRwbm5mHSUiRHvHPOMZ3uD3xF6j764aqPOQrl01dj1iQP+qGIcEY5l4ogPeALtV3hU5f7bpvLSDPKVoHsWvz++bxVzr7sgAnGREUzsxKt4SUYuRzz53icFmvd9rxNmgOaF+PEw\/dQIcNJqpxX8ulzLr4tUIjHsZy8Y3w0WHWlRvXX5BFt\/FNL6D1z9p+LMmNXuSPqVvh56LVqzeEf7uD4SQyYHHodFZUSZh4UJZfGLFC0eeFNy2qBWMNwCptrLdwN5PCZlQ07ewM1OmYFXib\/9zYOSk4B0N24Ml1I3V+BUt9Q\/f7In0Lo1bYVhzoFFJnm1wIhEDEaXvsKWXwZTHPIpl1Hz1I\/6Yq3hsX1N3dtM00S1An2mdoc9+06efV9TeSDkQwX8r+ZabNOKTRtHqXDe1Wl+aE\/ZahNHsuY3HnDuGINcHsBCTv1ovOmoDAi0RUdYM0lPaGHSMu61RpKW5cRQ0Cdy0+WZXfm0NBcMkEOs1K83zDl3Ni0ybs6vWiqa45kxw7H1vC362nLorQvhZdy7wTrE4RWiFGT0Xccp4Rl8QprALjpWqFcS7MPnifCUJZzLuwLuogz6ePAO7YscFlIza4b2sSjihSJrD9QLuOyhifjzSEn4amVk5ivqXVE+QZ1R7NVlYJU0wlh1SwakKVblsHRVpjkjVrp5to9V854cET1W0se7gIi2a7oXoLvW8CT8NdthxNrd\/AUaazo7KSGS96THBAG+HmraPSIMT5EEnSDc\/KXc1EWvMFe0xKOugeQC4v6tFGa5dLsgNI0TE"} 00196{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498296833} @@ -706,7 +706,7 @@ 02019{"packet_event_id":1,"packet_event_name":"packet","packet_id":352,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RTgFAAABQABZEakyXmHhkgrmKKgBu\/L0BOz\/LUEKQ\/69OwU7YOoEjfCU6PYIxZC0bpOhRpIoJJm+nxm46Oz7TPDsxFM7UHGJ5QaLSAhKzf2tpv2a5HzpBrqxZkSiLpkvtW4REvRhAhMuGxbt9FhZxZhIHGF10o7mZCkliyT+CXM+wsY5COnoW+BioHtzhcAIc1SFAJXC1KaM4VSZ8ASaGOMzV5qkDoWkMVkVXkOQ6Yl0LTSr13A63bczUxZ4x\/9td8rT9Hih4juaIs3wtx9OzII0pSe3pRJ8v5nPbycL23JcZMUYkOHwsu6clqBLaiq9uzdv\/UkVQvFLr6BSmz4hV8TUAuFVhlk3oYZs2jy6Lnt6JtjR5ON6UxO+amg\/oXRpYjT7\/s\/82ystuT3XOoq+c2sx+PqlbFaAug8yBeIXxzjgp2lJo8Dn7cBzcAWmBsn20IcWplQu\/4hhDQmNTcs9lGvcgAxJnM2csmvsuDDIgjoxXBsAJnRdBG4F9LcE1hvwc+6XBsAWPKCOhWZx77O45loQ1gYuo+R3lDHAKf90QLuXSeqS7ySxVsrZ+L7a1\/2Tl73hPIILFiYSrVVCHzHYbgEUR2FnZ4qJgdQANm6k7VQ0rAPZS4Ff7rLCFjiBY2VdunBzvH6VM\/NX+cTlx1jb7f7Wh6sAmS0N0688HZF+ZdGgNb1St2MKd3xCgefqsoo9gdXG2luGBB8uIrpDx8vlKjebGmswm82uvSnkBm88PHSXeyNp1Ioepnm4O68qayYBVG+iAtGK\/h2X8G6Wg+5WHs2CPDKp010y+tL4bXI\/jK\/L89DvTSjGtCgSvLSk26jjus8LpnO9B\/aHf6B01+\/SmQOwjduO6DVQTR6pMffT98puv41RE2MWaIXsUJ3OateqyC7GqFBCr9HOvE5\/NIl6bGlJXUzDzbdQLmwoz9sYVr6PF6GsR1JU2ugkt3UmReS2wXdOSS9hXah6T42MrRWMXe\/ARn13rDog1mp9T6XY8r0PSZfoQyBd2qN5kdphBGqJIpIMqN5J4YQPdQczKr5yScja69FMzXUv3N7x5BcJ8byhRJO6AE6UTdr30x\/vsJ1+Loriv8M8xjI3b2XXY6HpYOirlmqm5b69wcLMv2kF4rqgcmgYFz11w4Pqsb5ucrmsiLJ0fFoUoiv8B22nMAg3lMihc214tPUWdMLyVUp0SBD+8AedmwVe8ClnTE+67lkrkpE5ZoIiAmqghJWQAsp\/3+zrUNinfvOtmp5KRe7g+ixZkqfSbN3\/O7\/rrF8qj03MiOryAEcKIDOVs0otnfjQQDIcHrixxFrXIPPdGeo\/XNXdT3rturTw5WbN\/T7ZNRDVoUCZkojyCHGSq+6jEEoijN1F2WOeBaQk\/9OE5UvfkN\/r3ew5dBxJn7UeNtS6rQ6gpPlYGbk8rUIIk2X5DqTqywbIe+RRiAuXYogwHvBaICuBnHfCM4wLTs7WZY+xJ7wiOlrjzYZvWZ9+r8Vip7nUVupQLi7sKHDfUAs9w8qngy9zGa5N55ILdyVFSStLbilI\/iUXT7Tr9z+Cx4eECmVq3sUzbveAsOaoWqQkCuLcGZ\/r3b9\/045kgK0m5LNouE+KaDM6gbEl25MY6AnLD8wZtHVXWVADD+fBzWPy+iywEnphzQirOW\/3upT7dSCactXPxZrNxFWfPymhPYu0Krc2ivZ465hUCU0ekKodOQt6rIA="} 00198{"error_event_id":3,"error_event_name":"Unsupported datalink layer","datalink":12,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","global_ts_msec":1593498297036} 02015{"packet_event_id":1,"packet_event_name":"packet","packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1280,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1280,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAFAAACQABZEalpXmHhkgrmKKgBu\/L0BOxzEVh\/\/F+FsvgskZSJEq72gHo10TdgNOHV3qtvLr34ysT4\/BQu08NXy68awukgm428CY+3uFIa\/SsYHOQWYv\/6hMCX46sHEfK3FsGd9B4aOMTDZmbct0Hi6B5hFbC0RysqpiuCGv72ybkRYMTkkmBSpKkaxMd628mXMhcYd517jH\/CS6rxLyjH721TKnNGFMFZJpKZW05u1pmo9F74UGjuzXEO89ZOXqanGwo8ZLmQTCj85x1E1RZX9aigKv5BEr63ws6yLhHIXtPDYscZDNmE2ULVjoz3kzJuZzMzTW64HxXlwsMaX6uzVAwAX\/DVkW2gqZT9R4oqnG1iUCq0cb0MR6letAQ\/fU12ToEri5STxN\/eLewgY07DxQqjTUjGstGtGCNM\/FfDTgRtPzwTJZih3hD1CfW1YEkB9tXv3wCFGUyLRPlE7MbrU8qTOcUAn41czqUHKXgJpSWqjRlqdsmuAgafgOGhqdjw1Dm38vteZONnaZ0QujAZ7ZN3UoLVU\/0h2yR1MEUH\/ATH25T5lgD9ffI\/fHDa86FcEH0enSe06V9t2jUIcvqLGVwSzjxtjTGJjrQ5mZ9ZuX\/RsW9eLUa5XcOl6q9p1sCAM956+nfVkS7tt1A7eldJbVXEI+ZcnDnBu\/HfhQghjRReyowO0uY88d1b6J5BW747Za2CrWV3An3xcrcgJ3r7Eegcow70EpRrR+5W8ayOPOR2SGTCLovooCpYeUYQ6T838f5KeN4CcXxx7FVrW0hCqLV+HJCGz2o\/AeBkwyRwIR35fIDm64HoUOpCMEB3l7n2WMd9lZS2DQtlFlThLuIymsnTAeZZCutQ7DJyF72B2wkJ9WAmyRaM7Nq+x0zpTQHmxR9xaamH9bBNq6ua2oCT5qfTkzoaG+IHmszzghAt5peXz7eqEaFqSW9OSi6Rt7nXeWpRnZS0xwrMxUtgUDclrW\/KBEJo0yZx1nkaOYHw9iwtzDJs2GBWmR94yQl7wvUuGIY6KjXTfn457StRyrcmSAcZVTUGxz7jG3KLfU2hiD2i+hGp67x8HUPue8RVimCp3M+CVhljP3AEXbJYiKYJq17hw\/NXXqU+vH3l4Ac+JioVTo5Q3+FwrWO7xRdRizXH89EUM4LwVRIVqhBY5DmxiNvI\/yxCgFw19mN2hP7yR4ixoyVHHevKc24iODyxhVIi2laJWFJ5DG5knu8grskOXH1flWjfxJBK\/\/3jC1BdMicLllb+efDa9SzMy\/3dPDg61ZXUXioRNvGC9lAdQLPrOxjvJhrN1U4tovGRi4vfa\/M+cLnYZdFxrakeiE5p5Ge8ewqhhgDnypGVxiKqOhWMtyl1pD7cCSKY+KDEUtztnzSKJJP5e5q2vmnfhsLtwxqp4YcMsGrDdwcy+whkFVB73zRViDcA8nfxNKx3ksom\/BzlnliiQ1AdXWXCf1pFpesZUDEc3UwYuqXdIonQnRDiCYrlhZ4tAO39+6nh8o7UbXxKCT7JVAC8TwzVqp8T9mo3m+mofsKgSIEYSKy38vRMDGMM9v4WJ+IK5iuL78dmEipzGMd1w89fuz3c5cxVfZRr1V7++wg3gzWDHZREzG0PMXkvJzh3OJ9rs93FmzU64537zWQLvOws8sCivE3d4H+qISlUIyJMOC5xzhRlbFKhIzWtB8ba5COlFqmJ\/NM="} -00496{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":353,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":709,"global_ts_msec":1593498297036} +00575{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":353,"source":"quic-mvfst-22_decryption_error.pcap","alias":"nDPId-test","packets-captured":353,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":709,"global_ts_msec":1593498297036} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 353/0 ~~ skipped flows.............: 0 @@ -715,8 +715,8 @@ ~~ total active/idle flows...: 0/0 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4678926 bytes -~~ total memory freed........: 4678926 bytes +~~ total memory allocated....: 4678950 bytes +~~ total memory freed........: 4678950 bytes ~~ total allocations/frees...: 101140/101140 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 201 chars diff --git a/test/results/quic-mvfst-27.pcapng.out b/test/results/quic-mvfst-27.pcapng.out index 42fac012f..b0e5c2b10 100644 --- a/test/results/quic-mvfst-27.pcapng.out +++ b/test/results/quic-mvfst-27.pcapng.out @@ -5,7 +5,7 @@ 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":41464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_msec":41464,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHoAAEARKapFq\/oPCgACDwG7jHUE7DGTx\/rOsAIACGUZSqSBwJ2mAETSQ4uzcebnNMDWiCLwgEqse1zwFbQeUwCYbirASYBY9Wqb\/AVucNo+1QzVbJaW9TpMoqvmNgwqhyeKJHn4nzURskXOXtyoQu1UCn4VWBURvJjr0Pri5khEPw4xAwDV7X2Rmmpwaw6btUsOaonrqKF\/SrLeyArFzwB+JFVws5mjdog13nZj3AyrnfXROIcoKcafi5iIMUPL8fCRhq9X7vo879HkMFFe\/UL0Z6KfMxRHk\/gm5EOke7DkOtpvDqjM8A17vn\/YA\/LmKAMC318G22YHyWoexSGb3BcRVBGh\/JnZslVfKZDHgCPKBJ6TZoECS2S1Lkq5nHD0FrjB28JkpPGddocsvTJ4gXR11CtFRogKRhcL6ToomCWSsXQm4N4h+xa8EUgP+Qp0EvdNEgFlkK7QzIbTOeUkbO0qojWV6pfET3Iov+\/apIMX2oqertd1yP5huAQbmPBJDrUV5aSXJ2n4942yy8nej3YOzA3244Ppj3KJ1FI9fYQWy94tzkcAq0MyyNAtAzVQrMQHV9+ftrN2eaUEuTAr5G712uv1AnCx12zkzS\/bPkH5HakesCqHiBdPHaH4mxGfceFuvWrXvk9k8noKiLgriTnvQwp\/saWNDkm8kvfm9PpqQm+XgxMCJ0tq2pG80BHbTgRQV8MdZ11XnvblfPEVlDFLqayo6KQYDuE9pUfQ+9AqEaxGVZRMSVRaIpJDPVqd0UHWM8ATc92GN71YPW\/frstXWA7sGYASVobLo1b3c8kYQSBM7dcU\/iqAkl+FksHEaC1aLZjGfaRKtnrpTDuyyUXcztv9cqa5wo9RQzervEK0UxM3gVjtBBX1mCaBfaZIZdXvbDZThkMu9RGphMLYrx9SqWAcKRkM9YhQ4qnUOJEDTD2qoX8miGa+JoKbQ6qKnL2RRJM\/0dLcmr8S6LVgNf3TuED+N3hbsZ9OBQ7xHjHnYpm\/+OxE3iCQ7O\/MjCEYbY876HUh2UXvGhRXGh19ilKbwQQLH+dz5uix38Q4qECRqV09vmTz3Swbe+BtJ26CqtxI2DYiDUkT56hG4GnrWss\/5mqds3b7uwxVTv8iRTcgWALX6YR8I8LcEwnW6P35r6yzQ8NmLvjaaqZkC\/6YKBBhBFJ4gpdUENYZBLszMz\/0jCicUWKWyfwMDGVvAlcFM7uVWLy8jO0qLX37EScSwg3DeIeQr72\/VcJHLle0Tm+dHFDyuGwxcML\/AaZe6mgicoiyETeB09Smyq9Y78I5wTornR4T1K0JN64JfYcnJe1\/YmYcW1VlHkcIRW6sSa0q5r9kPM+iCHOL7wY9T6OnVogbkFJzee5fZ+Oq9S8PvlK+4jsPkUzDv6d3+PRuP5JWYWDpXd8Qhym58OswJSKelR1rmXKN2C\/uxVLv3kgZxbiHXFdSArCkFj5BWP4WtRYPeuQ5VALz9l8XUPpyq\/09yKtHs\/TW2KvPCNoNxInVtL\/9V7UyFB2cFMukn2UUKBEJJUOWG0p+3sALv+tMcZpDx9cDnCtfccjlF6qNg6Io5OabNDbmM3UDOyuHva8jvqAsKtELxYaeOp5rbZaQ+wK7lDWDooe0BUvE8YL9NWtHK\/I2zrwe4HzXFx1p5ULH4KoSajttOnTnVRnoaPTH5vR+8nV092hE6ZD\/6m9zExloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAACg8yWg="} 02198{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":41464,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1346,"pkt_l4_len":1260,"thread_ts_msec":41464,"pkt":"CAAnANMtUlQAEjUCCABFAAUAAHsAAEARKalFq\/oPCgACDwG7jHUE7Icwx\/rOsAIACGUZSqSBwJ2mAETStSk6pRwdyId1aH4WX4pVsk+hVtbLW4hKoqKIUKSo9tdUjjTVL5Yto7M3DICwaAoLYXCD+5dqw0TmZSrfqNiW2qJkNrsg0k\/kAdqV7j6+J9emg0iopVNY8z94Dkdknf05ci\/NoDXo7jX0aTp1J6GxxB8erH\/0SWZ+DyrbIMZ0xZ5SuS1DqMnN61NBKxN4\/jPv9ciPfLFFXyU0okn\/oJgJdQ4WrwMnOPK0yukS3dDQKMu5v+5h3OqBwQW1oLHmZA6rMWwlnpuiFU739YXcxuHETmzC2NOSBa0FZ1xSGByNv0mIS\/veQS6ztyCKi6cmIt52Goz5V26xn8ITbWRMKyzCQ9ygzGjFLSLB+V+ogEf08ganfO6W0dHJdPTEHqx274QToI6nzYBz8eQeCAoVd4nrh3slWslWTkHeQVW8sENY6mHlCHceqCHC8YwsKeoSN\/4JG6l1w4zyPArMZGkKB7jSxPuUQCGzOht7pw5Gk5Gp83Di44gZYUIyNVymDB16sT39aoraDeo5r5qBdNZ91SsMzaUcukPc+uOFPSAz0EuZbTe9n8OtdEkkzeGl9cG18rBcD7tfjxG18gi\/aTc\/Qsb2KdP82bZ\/OipJydJdUpM++DNflKBUq6VmZNq\/mEwBZaf36uML1LJOAoceV1rx2cgE7b5Wa2y583PSIvc0y8yCVCHd7UpFmIJOJrYMAiOgNdkL9i8G7a60vJ0BffKaiILbh52Cd\/gZSExquDEnfPS9pscJ3chfy\/\/FZGZ2CQbE65G5r2LgRj1a0KrZ\/O4ML+0k9MQaf9He5c\/jILvUKyvJwLUWG3lSoXOphrxABdatvx5PAii2lwtYhrYvxbQdkmGsIRtsvgWyth\/48R3yefn+bIHFq+Ln\/mQ4+8W6h+y9VYGjLy+j1gNFUujglm08r+aneixuCDo8NVE+WAW9F9bx6GkTQPaTP2\/obE0Ej5h95N8FRRXbNl8Q32+hc1BcPW7PYZhe4s7f99gVOs1PvusSkQjfl9x1h6vbtCoGsaxvv+KkMXJr040is81X8KUUNFqu8hZlZbEQdDUlK04iWVHyjfijDT4J15Tv7e9ZlWiE8P4TthJEkS\/V\/B6UFWx7NxNha5AI5q7ShAs7c3HMWi7ShahE0cUHWo1N0zwF8\/WnAGHEQUC8y4BhBQ7EaKwJ5nulzruzqp+D0MI00rZhOKTfBp6FWu0gmkwjBtMV14lN3KiO+Fugvl0PPD7usXWaKzR2dw4JslfP5IRxZB5PlrUhggAF+4XvJxhjRYhltzgO0VmcidYbokhyBxc5p8EN7Brdd5jbC5KWU5ziyf1Xh75DhXXM9GVyTUDxQyOG\/19oznEsnm6HNfViWsEBqqhaXc1PD0G1Ath517JUA\/pAp9aK6ha0kEfZOISLrdAh\/wfyRh1qF0vTiaYWT3z2kewwb2CKR6DkEQkLWuW6ksgBnomifnuXO\/A4qhCgYZUw8feNCqTOFonKJtx2NUnViJDtqHr07cnNA2vZFiN+8SsLW130LG60Uj0wsHpIPMQDNy88BvEV2fH8Yk1GkJTndWveloeKe4e8X8FUWonC0LnETHyEJoR6mY698HICIqyNVbCWwwIZl3RhkLsYcNRGWOHE1xH8nz2KWwIwVPQWegjsOIMvejTuWRloCSQB2gHaBGQDAQAAAAAAAAAAAAAAFgABAAIAIQHaAAAAAAAAAAAAAAAAAAAAAB\/S7Lg="} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":41432,"flow_last_seen":50392,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":9519,"flow_avg_l4_payload_len":475,"midstream":0,"thread_ts_msec":50392,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"69.171.250.15","src_port":35957,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":50392} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic-mvfst-27.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":9519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":50392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -14,8 +14,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685799 bytes -~~ total memory freed........: 4685799 bytes +~~ total memory allocated....: 4685823 bytes +~~ total memory freed........: 4685823 bytes ~~ total allocations/frees...: 101175/101175 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/quic-mvfst-exp.pcap.out b/test/results/quic-mvfst-exp.pcap.out index 006c078ed..4fd05ee93 100644 --- a/test/results/quic-mvfst-exp.pcap.out +++ b/test/results/quic-mvfst-exp.pcap.out @@ -1,12 +1,12 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1600365863681} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1600365863681} 00641{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02148{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1600365863681,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1600365863681,"pkt":"AAAAAAAAAAsAUu6Rht1gBpyIBNgRPyqszffVBngHkJIHX6lj9Ks\/Zezp\/nFuKvrOsAwAADWO4PMBuwTY\/EXK+s6wDgg1+NsuZhAnFwAARL4kVSVotvSiGmEI+vf+6CaV5hF7i\/CNKP0SXP7gxh\/sxeTenPB321XyE03WMCMX5b0eBa3DvRz2ddP3nWt6RdJ6WlZ9RTUGfAgTt+boE098trxFEsZIDO4\/DGShxxtoHXyvbFJFZJY0NVf+5UIwrXhHYlSki1K9uuFNSNm\/ALl0YIaUgr\/hopr4M+GsiGyiXAxXGDCmRgFFJroypQa7DZkA\/BSQvOBo1rqXUCQO+Y2WWIxccuRC5scGp+LAauwOKvDUuqswyG3OiHxvk+4qy\/tgRCHGZHD5raZzP7vxY5Zs6GXSOIKOFNW9+pK0jmGVAbreKgkrE9sNhCR5J7EDI\/UBo5nIVV7hZ+6dUskPxqT226TZBRzj0d\/LhQMJiWr\/Qtbyf20wKLkGnJvpCUZRODDUv\/HGzAiYKec9iLyl0xI4dsRlBPj3\/qk96+vHWCFBI5LJgkJSDIg2Oo0As+19Rmue72aosPjR8lHRyP7b2qSVRFvzkCL3hktDhhGNO2\/8vk6Dat1dxesYiMWkhhopkoH3vOXEevmQ1BrZpcIa7nhP0ob5JIk\/hYvfODfiXG2nnd65+lyb3xKLOkY1QOG2eHx4XtxJxV95ybltVj+AOro0Qb33f0uOBVhhxvPUxRnp1BveoGGqIq\/gfX6EzojL9Sr70hu0h97z51g5q\/G2yqDMTtMccVw+1tkM704jcVZPtS1KIRHzNry1Wih4L55uLybOgft8GHReUqVXO1rtmuTmjHvXxkkq+hW3ZO6Zpt9Zifkk1BLxuaoYoAdg22ALnpTN7VcYCixWlGY122eH2AkgeHYXtrQFh65CCR9dukVHEdRzSFLcF70tHYbZmR+Hm+VVpk48niHEmJvv4wz9TBdQco4TCXjTYLJ6WcVyXCnuHUIWmzQviL8DqcqYSvAxXtEwy\/ABThsNXM6AftQYLRXbcYkYcHWoidGESnafRJGVZwQz25kCkv7ZqgFWYx1xBNnbz9WMnFbBke3DlYRgpZd0ntBDhPehb1WGgxtlkSGO7bjYqCQFYUxhzr1MjEh8JkUM3KCwxgTJlwEoiFSZNBGWOnQnoaXqibsTGdkQ5xDUg\/xJIomN6D9X+YN7QfJRKDelG4gB\/R7MztnSA22E0XjX\/\/YRNN+qvPmrVWdwLFx5rwOTZ2Bwq1XJX0Y4X9FYc8xlkhOJreo9JcUXHssUuTUo6BWARFU9bhlwavKy3u7J0kMozdjG\/WbocG2iKuKdvYnwlwF4XA49pUvEDnV0LhAGSigDeY9WEVq5NPU8kaL0aKpcV9sZJjCTDkCQvVnASsCd3+zuMIFTH\/wm3IfeUdpSYh69FBYn0JPZJnE\/f2WC+G83QQZNTxoXLd9yFjxvmJQ7W1L4zZf2d490E4pdqLfAEFuTNKFuLGgQ+LZN4YH\/5qowNrJyvVezIyiysoAoiKoYlx0R5mslIlSfPbwSJbTB1uxs3rqeOf8ivbtSiOzeCzsWNJXJslzqZupoGqw7\/SmaFxzLXGXzdi02UgxbJUV3MNetwoWntiOQ\/Z\/49uutTCmO52WyUtp6uT2QPgpYOad0YVkiJmMQURNTDa6EXQiGewAMntXsHYGBjMrsKmJQ9FFiiK9Zn62NIBtpITbvAg=="} 00909{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600365863681,"flow_last_seen":1600365863681,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1600365863681,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"},"quic": {"client_requested_server_name":"video.fmct2-3.fna.fbcdn.net","version":"TLSv1.3","alpn":"h3-fb-05","ja3":"61d8a93ff379660087082a82411f19a2","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft)"}} 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1600365863701,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1600365863701,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYmwjO+s6wDgAIQAXJhFchLk8ARL4QIqQn9j8g7J8Bh4qCkeFtB5\/0FGTn+dKSN5WCFIbqlv7bVzxI20ou9DR4wZtJJ1tiJ+xKr0U8bw68OiZZpHUxdfAbQt5z9nLh6LwQjhupiCyRyGRG4tZtrrKw42zS4Ryis2IGVu85jtVJ5nO+V0iHkiCiLoE8hCZ0cGFWISDSv1dY3S14L6Uo3v29iGRvafufSczvMFlG6pV1Odn60vjKDyGOsjNfQ9JF1v3zXLwm1apIxIVcfBTY7dYxW+7A\/6rJf9YKYeoWeijbkQb34JP1dRaHcbT0etmi0uxefz\/YpbkDoFCI2oRZYlTE23H22X2\/8qTclFOyvh9\/vrwFZRygQGeuEH0eSUfPKF67ybi2A9VLUgtZeELBeNOyIaY60evevqb5J2vN5l8HhG0zOtje8P2BEWzkJo0Csm59hN04WUIa5ATdibyB79oIitMR\/RT8b5BC7j9v8ipjp7vZOZEdpCwIDJgn2+33CJSdL94AfQkLgk+uiUPVfgG6UfHrZnytLApyrmygXaAukdakyxq8klTjQRRDyfNa3VwsyyGBmq5gY8nskXcJNY50BpTnu2okLH4hDlVPoMhoCfYEzT7EHkcCPMiRCP1enF\/yeF8dCloVpkR+7DVld9MS6A1Lm8Vh1cgyHuQtCdgJL16zetK\/eyN+QHBXERWmIl3nQXc4BBMK5ejTHXiedJd7krVe8qEtgPgfs9wmex+wAK7s5a4apAlIsdt8wz8irGiTLVD13enE0LCSiK+iT4XC+unYkKdA\/Y+wC15ozprq5ssSs4BUO4\/LwAxujOwLjXa68Kc\/HILSJzhfUsfYNAz8ZOR1P4+bGu9drz2VDwRHLiESKyby173GizQy9QPlUMhgv8zZQ9s8\/V4XeqMJ2FBmnAhANLW8ozDP3m1tk1Eysb4\/m\/zhRgvMN6Md\/gGHDzGnf86ee9efaPJdzEGlKuMWsJB9rG8dFeoooOlhDVE0RcRoPulOkfUBVPkd5y1hJVChJAS8upfL7rieCvjioLCngyXZRWw5EtbWEua8f58+BR4BcVUt44qeVBM19jSN8fMZZCruGfLvFJ8LXrWCMFf8QO9ppSf6AUMeDx2xJm\/vFPFkKj8USDUUV3A4BGBehJmSMJTIQdNx+L65jyOdOELItpQ53YcWuejF0bJ6ksEA2i+ns6L\/A4TyViXUhBAVmjDLSCellA9lXrJ4FKFi2ddTtc7XO4WCnc0rXB48fPr0idZPP5kV7JjzsYEnZ8xNPrb2\/crCya5nVZMRH13HQUZZTbK+kcSm91aipEqc2RxTK15a3fE2lVuvJTMS7pY+WzcwkPFNhssmcyRE4TsroEk6noloCsxsQjvyZSEcSwSKx4KJegr4NeCh6RxPXe153PB1fX43\/bpL23QEtBIoibzoy6LAuxzsnv2SoFcWb+0UW2hrfng6tjiLOL78QaL2I0pt8Q8p5cHXe8AZixhNLMuBlkVaMkSQfTYE7a0q89JM+YV0fG49Y5VAbDOBtfzmYnlO9p9ri9AifV7FZEwCvdDlnQ+KvbXRJdIOtcMSTz6mCvUiZ2cGGkiUCLImG1NMuhrftxnzx3oMcBYdm8CBM4CS3ZhaADSEfSg2j+9P8DImBKXKQw=="} 02143{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1600365863701,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1600365863701,"pkt":"AAAAAAAAAAoAaIxPht1gAAAABNgROz9l7On+cW4q+s6wDAAANY4qrM331QZ4B5CSB1+pY\/SrAbvg8wTYHDzk+s6wDgAIQAXJhFchLk9Ev6msTcUGYFaKjK1nnOGqPfgGmbd2yH7YezNJksz4ObKOyK4ooRfPYXnIwINVzU9kFmpDrySNcGo7oy085NMAXtrRBQxP\/BNGfiNh2k7HVEmtnbBrN9B4q0PdqBJlnR3nfvlqn4KMbB+v3pyflyp0t2eXjVN9BCvAEWt1323hMhRhYp7IjuM\/7LS+4JZqwAit2H9\/as8+O1Z3qJKcua5iRqQUGQX4hx+lXxOP6XwWXKQ9UBS95a7rhiJrqp9UhK13hVq2njbzA2RTKn+s6aobHuCe7WYl8MS0v+T1I2mq6xhFweTuG3hdPnqOkRm4ZoVgOJD0lCKOsJoqR\/flxx3xDBRfRXA8iUDaNTTEDU\/z02HAUlthQ7j4NctXjWeuXBBlOg7myIMc\/qdP9kFsh+WR6c3MixjpAvWeqwTgRfaK9+1rOtle4mwbhL9JoI7ra+3Gv2NscrKYby4y26dOybmnMTxwtUycCSAskoGy0VBL8N4JHmZ24PfumlXDiIGg2TKa89dG5C\/HkH2BkzPa1N4KDB4DWk6vrxpVEaDtN+T4HBAwv5vr27n4ZsI+e+KkpDTUVeRt50at0s6GoBT3dU0bS5u7btTCPh9Q1wT2QzGXBx7LpZUB7WKGCAuzDm\/R\/0DsgE98U+jp\/GQA0cAouUv\/ia5B4dArOX2Hrh68\/LWZUcgSOk4Mb6isI1HW4FG8qqFdvzMsYyg1nY6\/mwkjTgfzcUcT8HuT8b3VEAFl1iojo++o6URU0CqxVGRv\/\/1U12juUa9BOlngQwkpzTFGYZpnjBvHYYqGgaZguBUx+OsJazqFqHN19AyL0Cexa75QT9qZtk9tlxGc5gUfqCX+xv3PoF1DxwRReTjQ6GUHNrQvfC+a6lJLkY2Bl3ty6kTSniC0uwNMTlaRzlXCmLXOF\/spgpAb4J+XbuA0NFIBJPbBj0R9yb2qZMfcDSVc01ubKMDR7P8+q\/ujxavqxlOlRZ7sWwAht5G68KiSsHb\/3\/\/02Hn9LDN5RMC7i0XnG5j+4mV0HA\/xhs5p4cwjOIcpOhsDt89zfffoiq59dKLm9k8JMdheqZnJmgMgBN6WVdrtRW3QVuAWi5RMKLwkPwNbBlRiZ7vzcC0isWQeIhVQokyi3N3zirO2CgYfmItTVGQ2zRdOvhKQCqtBpADZshhP71+ve\/mG\/ZuBnSTjROHtGsF0IToyFyclFG850LYNt2AK7xXn6KoFoVxoXz2L1VgOHjSwdoUQ19OP2FjGJxXDbRibAbzK8ZTPhWbes9V2wQus09AwDRo1tAPoOt8iAFo0luKi1hunaWIbYQU7ulHqooKgCNKaw7Wpw5p7aBaAi2l+FM0QE0XvSek9UgM9xUI8mGJp9C08XT9sbpCwgHL3HCxNUV5PMTiLkvNmY4VY0RA6MyaCk5fo74e5RCmQDSSqS96ehyCpgP+n+wZ6UBRKek9YDjVH4RHvmZCvYco7SKBDJbbMddFHN3+HFbSO2rxv8iuy6DZaiePYnuW\/mxUn+OUffPWu97Jt4A0bz8W3eamvrlSSbu6c70YR1qFE42450VRE4NhhFL8v\/i0jKrz069uRv1GcqnqW1Vv22X49oie0v9YMThrSkmy8c0tELsKMRwtXMA=="} 00747{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1600365863681,"flow_last_seen":1600365863839,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":24449,"flow_avg_l4_payload_len":814,"midstream":0,"thread_ts_msec":1600365863839,"l3_proto":"ip6","src_ip":"2aac:cdf7:d506:7807:9092:75f:a963:f4ab","dst_ip":"3f65:ece9:fe71:6e2a:face:b00c::358e","src_port":57587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Facebook","breed":"Fun","category":"SocialNetwork"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1600365863839} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-mvfst-exp.pcap","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":24449,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1600365863839} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686089 bytes -~~ total memory freed........: 4686089 bytes +~~ total memory allocated....: 4686113 bytes +~~ total memory freed........: 4686113 bytes ~~ total allocations/frees...: 101185/101185 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 470 chars diff --git a/test/results/quic-v2-00.pcapng.out b/test/results/quic-v2-00.pcapng.out index 3c63e14d0..5e22ab449 100644 --- a/test/results/quic-v2-00.pcapng.out +++ b/test/results/quic-v2-00.pcapng.out @@ -1,12 +1,12 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-v2-00.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1637834659980} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1637834659980} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637834659980,"flow_last_seen":1637834659980,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1637834659980,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02137{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1637834659980,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1637834659980,"pkt":"CAAnfrFjCgAnAAAACABFAgUApRBAAEARnsLAqDgBwKg4xsRlEVsE7OHRwv8CAAAIrj891mmhU7MITo0Xtz5eoNQARMoxqNSV7ADoFS7QxZ4\/HLjYUQBcyNcuN8bWG62+xF99Aye9DaJmsH6KCNcXJhjzha2fPdBZdc4Nidwy8pCVeYmH4yM6vXMdZ9UMG9ccEeFY0I8OcdmCSXa5odhdufBB8IiExzry\/kH3tbfUjXG04iCN+nOW3sUvM9jYBjMbDtvxmp3pNIhkRBYoqbdUsrgnC8gxSkuovl57ULo\/sHveA0VUZAGJSxTmVKe0r07WTY8Vme8cfKQuhCJyJQ0u6fy9TRgZZXMRXC0eJFf7TJ8th7p5hroNv6bLzmOuPgjvNTNJHwrDyFSySUxVtcYIdHVVK87NTKPpEsdU1rVG0M5a4NB7IceprsnY26+xxntF6CSj3awhr3bTkwpEEUY97+p1ajX+D8g1I4aOX6rhaGAvrlzvXuUaEGOgKPnQ+AUWgI4et+ESZ0jx95yNVOZMOIz03NHVCKK7sdoCvaV6DvfXrxC8VlZ\/voiimBSm4fxQtoq\/ehX+TDbJpuRVnW6tNqvoqo6b\/2mSeCze+AQTzCbQpJ9VxRP1OFSZb\/ZvwGL1xj+B+gsuWBOb2AKjTbcvrTFxQzjTz05z\/BTm\/8w6cUnlTZjNa6p5dHreDqezRbSD7lRQGWYzSIxQvxfAw3DmeDsgfIfLxIqlbjPAc7d1HLNRpPfAu9Xl2s0TOHTNNjxjvzFCmvhejA7r8fwovA9MGeABUWwJKX2lyb2KKRc6ZJ\/qwh1AmX1b27zLxiD3bmnWKipDS2J7nLbuit+X+x06cImd6I0jpxyszf9KlN8iShBGZLqWJuv4Sjm\/dbK5NAaFMyuxjutoHwHvt07Y0ybvrYM9q8eVqN2oXETUg3Q3JUPV6WrxRbJl02cOpYDWQmBbK32W+peQ6GgIPEGKh9xa53uYTOijgYPO7CzdBEq3yxlRm5mC45k9OnUXWP+pF\/\/3iqFzsEKAmw40YLrHgEhrRPwPwjA\/dEAdjlHQzLuPuJq\/lyh\/hngZe3iwYssgO+tjI9yT4GdtlNlxQxO2O3GnJGqReBKmRxUAIhvO4FGZvjzwaSnuQrlkrbMarvFnXBuA5xyokJGnx4Iuzxr8AuV8zTQH+3jPA\/IQu7te8iyjuipCCygjw5xX59DLE12WjOG6koGVDaTnK7EbaGXrceFbkurw9qrtaiM69Yc9LMJ8TlSB2bvsKUS5ROi5bB7Lkinodsq5TR+EIX9Vm4IdcjVjEMLk4PtAnY002vWcKoj7dqnG3PPxJ9jU5ZgalNcld216l74snMEx+DiVUziQSuix\/uhvgPCsbbNV7hTCbZgZrDyKiDQRY4+3\/aHIQ1egJTtTtCRN9\/hWBzta55pccPOZDmu4uFONofh4h8xzoTP70OytaDdl0wQ\/Ei3lAuHXsCv8+mDaCq5lkkdaZ4yec+Y7QXFDsftrwvwkHfmK1cVGIkQNhKGTJhXsAPIvMTJrvHKrKfkAkhkpujyQ9rOaLYnu9tKAqSFHSGbT4+tf9GwvC\/qe1icEqu7DGJuTrYJX248FiL4Ch+mdl93W3xuioDiePz\/LIUFTufH2qrWjaZO246tacboPOhhUtoHXq9yDKn+WDGCcQai7+YX70MiOjB7M+ZA9r4rhA4BnGOCHFairuSvx7tyf1IdmjIxzRQkOzw=="} 01178{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637834659980,"flow_last_seen":1637834659980,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1252,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1637834659980,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1637834659981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":132,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":132,"pkt_l4_len":98,"thread_ts_msec":1637834659981,"pkt":"CgAnAAAACAAnfrFjCABFAgB2689AAEARXI3AqDjGwKg4ARFbxGUAYl4L8P8CAAAITo0Xtz5eoNQIzn6Zws0tgzR89MPJKWOEcQosGt5JnvFEzbxq7ueyicjryx4GEYRiBPVuCO\/u++qyU+1Oe0oBZ5OgZN57Q6zBwe7HF\/MNE0OW9jWa"} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1637834659981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_msec":1637834659981,"pkt":"CAAnfrFjCgAnAAAACABFAgUApRFAAEARnsHAqDgBwKg4xsRlEVsE7Ggoxf8CAAAIzn6Zws0tgzQITo0Xtz5eoNQzfPTDySljhHEKLBreSZ7xRM28au7nsonI68seBhGEYgT1bgjv7vvqslPtTntKAWeToGTeRJcWE0YjWjjVhc2Epc6uRtR8VN2t2fxi\/BKMmIkOV87hdjuuQq+sQZ0aP+qAWUZVPXYTQHrsn74n\/20No0K3IRfMpFAohmoCuHG\/oQ2kWLkh177bcXYP5JJlk8DkeqaOI5jJHhZopdC0EbAUvMxzupw+jzNBfqVtawmI7ck4oaVbSmv2Lh6DWiZpOV9olm9oIGBvX2BwaSJD1bqkBU4R9jqpVrYVbPT8wKh4QURdyUCFt\/pHVUDNOCdVrd5eUzcIKHKZaxSHePl\/yg\/dZfocdFhjXr+U733uYE1qFz548naI9j5KWFQR98\/CC0d0xoU88iMdiNfsuKpNx+0KTTooTNyU1vveYbCXzokTytLPjCvSa6G73TOvA8OuYqiUHp5xIaLnG3yNhVMDOSMhU4ie3r+DP28Mq2ZWhXb0gV907Zpx+KmY7qFE\/EyWPTw3ImggsMZOsPVzlV7KQ1G4JHZysWOpvVXcKqSK+UITOAxHamfF+pVJDkIieo\/+UVkfaWKxIvKYp+6AyW0mR91ijnCBWiv5ac8EelQBTEUMESmN3gff7jVmyD2UBGfExJI\/xp8zNyXaLaoqKwUf+CQdXZyTUzSEow4dw7sk0BLa4e20TxielSByZoWK6tkiltlUP4PBd1obZ\/M6oWg61j\/Daa8BtIg2NiKd6C8GmB4wD3HxshTAfK8yQQvtfE5oxhIYFSThvUihWT5Y6+DXgFo1pfhCLK9GiUczfLb4IIj1ohvX7+JFC3tCZNhvBg+W6VXr0O0KDoohneIAR1gneA0NH\/AqiCjy6uumlwR0QPW6m1\/qhFdEihzIt7lXZBU1C0s3xSiecNioN1nHQ1IZ18Gt5IO0O8fCyaWkwQJW2X4b7oYB71jM09PZ6yTEheWWX1Z9OGLrj2qcJloTu4Iu57B9axJ4rPb3iaYEijb13CtYJyBrdekXWhtaBsDUZ4K3VnApYE2uwbNJjLuophjh1jHU6UaDW7ICUdFlFfXOXD9zV29thx80\/DmDnUWBkCiYZ1b8WkeGSDocv3+HJQsgn59EUwVtn48xiKxF+ZxbEyvE+tNMsZmJsKYtblFc78KHscbC\/gXOqIss94XJoPcOEnYS4XkfqkmrgcV+OcOn4xwAQZnZuvWtmECInLRRqZSWSgrK5WL3PY0tP7MwsjMj84o6wBnMP4w3HV50+mH8pwYFK7mbzXOSQewpeHcDSLhnLJws7lK12ciTf9mDIIAvKBV\/tMkKkPxyJSEhm3jO7hS51vQnfnfkpRwdX7SiobX4njfsJlhehzLkqQw51jymiTpszSbAlctrbxZEyzfIc2WNWTUWx08ydtAwlnqeB3Do2MRGROWmPmTwZQao5kKTElIMYU3ySnnob2SxJIk9zX7GT64JhQ8ACYfYm+EIsGpdwABuXDGAru+RAc6pHR7G9TKS2nV6aLuss2\/KhvADWzMAzwYWr8elV6VWYH9TDqVGswk9u\/66exfYVBSjIRj5MhRdx3Wo5x2vsIYtvcbxtp7Mbnc9AhThDmqqwywGPlZW7atDcUp1UHbpIe7lydp\/rxXfp2pJnL4sHu4B5+Vosg=="} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"quic-v2-00.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":30,"flow_first_seen":1637834659980,"flow_last_seen":1637834659987,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":26333,"flow_avg_l4_payload_len":877,"midstream":0,"thread_ts_msec":1637834659987,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":50277,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-v2-00.pcapng","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":26333,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1637834659987} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"quic-v2-00.pcapng","alias":"nDPId-test","packets-captured":30,"packets-processed":30,"total-skipped-flows":0,"total-l4-data-len":26333,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1637834659987} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 30/30 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686242 bytes -~~ total memory freed........: 4686242 bytes +~~ total memory allocated....: 4686266 bytes +~~ total memory freed........: 4686266 bytes ~~ total allocations/frees...: 101185/101185 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars diff --git a/test/results/quic.pcap.out b/test/results/quic.pcap.out index 5250de9df..c6b532db5 100644 --- a/test/results/quic.pcap.out +++ b/test/results/quic.pcap.out @@ -1,18 +1,18 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1431155536815} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431155536815} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431155536815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1431155536815,"pkt":"ZHACjT05eJKcD6iOCABFAAViHYdAAEARqU7AqAFt2DrUZeHpAbsFTjSmDbLeXfFPVUXrUTAyNAE7bomG+Dzzt6arXQUBoAEABENITE8YAAAAUEFEAIcBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQkAgAAU0NJRDQCAABUQ0lEOAIAAFBETUQ8AgAAU1JCRkACAABJQ1NMRAIAAFBVQlNkAgAAU0NMU2gCAABLRVhTbAIAAENPUFRsAgAAQ0NSVIQCAABDR1NUiAIAAElSVFSMAgAAQ0VUVjADAABDRkNXNAMAAFNGQ1c4AwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLW1haWwuZ29vZ2xlLmNvbT0+v6ewgcRvrlDFl4IgCKBtLSXVw73kkvbSDmvcmOf2TBMxulvrGz8yGTFdF5jLNEfrxdDYlT46wVhRMDI0OZ\/5U0D3\/sl7Junn5Fxx\/1VNs1C1kCtxr0CV9UPILNoJ6w2heNOu0THXmZnbqXjfZAAAAEFFU0diZXRhIENocm9tZS80My4wLjIzNTcuNDWSgFuKS9buSt4mHNzF5UW8AAAAAFg1MDkAAAQAHgAAALUiugwS5Xe6lV7+35SrDjhQNi2XDPMM\/SAa6745q60xAQAAAEMyNTWyymQS2aTzwxJH\/U1CkeUIQAt7kKmueetRQklDOGABACXmg4KWna0TB6ed5h20iLVA1zTe0FGDOptzFKaIlVwv9K6LN7uMdA4zwVZIB1iByXkmIDPeaAjR8KDHiEXiLMdlilnNIxXrsf36+nSmAywD99MMia5QSojDYPQnkx\/kpc2+WkgLuTD7x6JugKntVJ0OcgBRa3ZbeaVzbIzXT9DutsK0zdmFTlT7PzF\/1Y0KupYf9uk4kqnlGvQLoUuyyKbFovu6AACgAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00748{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431155536815,"flow_last_seen":1431155536815,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1431155536815,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"},"quic": {"client_requested_server_name":"mail.google.com","user_agent":"beta Chrome\/43.0.2357.45"}} 01029{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431155536861,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":478,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":478,"pkt_l4_len":444,"thread_ts_msec":1431155536861,"pkt":"ZHACjT05eJKcD6iOCABFAAHQHY9AAEARrNjAqAFt2DrUZeHpAbsBvNDyDbLeXfFPVUXrUTAyNAKdxuQD3gljSLhQUOfLRbUHNhGyhVA9b2u4w1RW9E4SCZCpycMJZccQCIwgTfygJ\/6u\/OxyXHQ8t9GsIUVpGN5BSEz\/EaopIjzG0oey+J14dhVaQT5clZ4hX2alMKUnKCpX2UHp8k4gIBE+BTaDbhx4sVltZ3YRbFd1slVBcwxCCDis9hGoXWyhcUU9TpSCvPXqyDIBYGsw8hGUNxjvWcC36dLiKPlQ1A++VHlkjzGxGsfgIrij15t0O6lgXxVbA\/HpW3G2ebAmsKraKCAnkkUtJl3AOI\/J2OljPOJ8ybsb8ihq0NT5yt7I6jw60az5CR6QV4lZS\/t+fQsKeKH0MrEQhH3b6f+BZUKI9uikSR4hfQxA8xYeMMFcn\/fjScjPTaUqPoQqgHKJPMZAaJaOIXR\/06t5\/mWN79wAQ5uIfj\/sSvnF2vA+Wg+Ct+7u2iMK\/1hOAY0\/EO0phnuWYuhnxN7rmjjYiKKpzjb+WYnzCHocgbS6q4u8VmchP8qd2Emms7CkStzYV\/CAUZKEnfSvajU\/RaVfjhz9giNrW3Dr5B1Mu7zIwMFBEg=="} 02261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1431155536876,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1431155536876,"pkt":"eJKcD6iOZHACjT05CABFAAVi+w8AADYRFcbYOtRlwKgBbQG74ekFTrySAAED7yXOnwe7pFDDfekcKJR3Jy2sqO+OrEMBkrmlA5460PLSsQWLxQP3oiY5d8U9vyThqGCVEM5n\/b30dAd2DjWMikTcCyMma2f07JhYHF3MMGVgNWOe6MGYINMPJ609w8TfRzFDXO2Hv3Rd+Io3\/xrzZn4oPs6zhHI1yq2C3Bu04kRZDHQePoRj30\/8HvjxNKB4JiKyE+zKdMREBQ3JOi\/Z6sOIMbX9akogkYpnl7ng6wuSDWdU0O6S17QqQ\/PZNbWcKj10ybS4iwVQA0f8amB7S9uZIaouXNiBUNnVoBkvwUNJHLfYTkO7Lcrh9\/y6VuU0sUqC5BwPmW+2ikCeMngUD1xHT1Lx5xcuKKpYgNXg5fiz8miFT9HCjdjO6B4AMX2tdmMxafKWE\/OE83wkxbiDjermaqDLFN43iZrsa77dngVKSa0JOoliFCpsBQc+8MPNJciywBt2F7RgKowH2h+9Qk9ORQtDAbuXMpSiJJWSUWGURbG9ZouMcFzy3aCPhH9WEaiDxSqv5bG1C+4++Ap3JmLZGydHT1SxVwfUUCxHryOH1SJLcVb8wYjogx1ZyV2hUKKGb\/LTkrzKQgQmaow0b30+zmXo8EqAqNi+pbkwMCjRuhbpSGWkDycL5nwxuP9Ml3fkw+Nua2MwUp0EfcBQbRU9wNgqxQ9uJseySfgLNd277XFk6kBsEbZHLkwoqVC16i6UXqO9Bq9Qa6OSE4HmTd0ZK\/TJwTkvyZH7HArDOO\/IcXlmUhCYygfBL2Q5ZpNExxrN9hs9fyUTlDAy\/fKVbi1DmTvb8UQ08IKIHR88Yq94i78i11E4Ck+d\/mt1HMNvsgPj2pD+djmLPe2eSTH37Jk2vmFRiqCOpbpsl49D\/VP3D6Iqy69k4ASDn2RRISJtJTG3B4eSG0UcIyl51iCsWhHCXqo+IYYFVP5DZZddk8U1w9uBnJXeOg1TXZTOMI0ol6bS146IgKA69vbLEVfalKBSuGdHvDKyOMSnLak5kQ2gF6fQS9y3naenu5fopH54EXjO3jjfmTVJmGvZC\/P1NiZtWEgaqDhB2DugL5t17Tc3VwmJfqg+3eAVYWabEKtkMdIl3iArLACUUBNCZz1HkomKYV+WYy79+d13Y8v1fzFaFyLLqqM4eyurBPDRG\/+y1oiSpL+pmxwnbgxI3utzVErOYH+5lhn82g\/+Ii+SkdpS0RH4VCbqV\/v0Y4Y5Od4xYJhouL7GcBe5gBVDLL2wvDGN\/2TxDwPjLE+A3+O2Fa4G5F\/+gjnrsB0wdiL\/ilvOHsRXVpnfbw+QbFdGjFQzBh00mHjlv+hyldAVX6DRrmAyZqfHl4R8DYS3AwjxssPWDwDtSUMlQQpikBERZ9MMlFb4xTKRR\/wBi8a8Irtzx\/kIza\/1v2NJPtS13JBH+AEVAHqIKkeVWhalz8eieG0tc75G2spbagtiyakNL\/rq+i0PePLukIW0MDDsvi7O7dn\/0fwGspoErTl6j3PKwj7+sTyyEqAVRQx1M7OB+kmMDRumZ6Ct9DotkVa72qOqLha\/8xxMPobKOFlHa3535yRdBIpdRmga9bEYopLGGzkYHAzAiGpiXAo7oYF9gbpS7a5ciOCtFbOspMqjc6us7YE1Fk9eZR8mOK3nE7WlV4miQCj5Ye\/jSzjCwJgC1JXYSzigmV7HoFUEa9032KRB3TfddhJ9qY+MTGbbTrJ2h+zE2tLE+GlMJ43i68EjkXl4FQgRWpuP1j6L9IzE9WrKG1pRl60aGD77YrqqhZeBKTB3VaLzjU5uW3RnvxwpEMU20qKXXlS1"} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-data-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1461850699450} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","packets-captured":414,"packets-processed":413,"total-skipped-flows":0,"total-l4-data-len":237528,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1461850699450} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1461850699450,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1461850699450,"pkt":"OGO7P47K7LHXhMJyCABFAAViImxAAEAR\/xgKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwHak8zsp30I9q698IIAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":414,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1461850699450,"flow_last_seen":1461850699450,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1461850699450,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":415,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1461850699600,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1461850699600,"pkt":"OGO7P47K7LHXhMJyCABFAAViIotAAEAR\/vkKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwKbXvfkbQpZgkUtS3wAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02238{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":416,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1461850699901,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1461850699901,"pkt":"OGO7P47K7LHXhMJyCABFAAViIsFAAEAR\/sMKAAAECgAAA5zGF+kFThlmCfresOVX5pKgUTAzMwNQcq6EZWnphcq9nqEAoAEUBUNITE8NAAAAUEFEAEwEAABWRVIAUAQAAENDUwBgBAAATVNQQ2QEAABQRE1EaAQAAElDU0xsBAAAQ1RJTXQEAABOT05QlAQAAFNDTFOYBAAAQ1NDVJgEAABDT1BUnAQAAENGQ1egBAAAU0ZDV6QEAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVEwMzN7Junn5Fxx\/wHogWCSkhroZAAAAFg1MDlYAgAASxIiVwAAAADS+1vXZRZzJ1+rqmPJtznpSW1g7BCg2rfC01sXLNMkHQEAAABGSVhEAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":413,"flow_first_seen":1431155536815,"flow_last_seen":1431155574747,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":237528,"flow_avg_l4_payload_len":575,"midstream":0,"thread_ts_msec":1461850703450,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.212.101","src_port":57833,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GMail","breed":"Acceptable","category":"Email"}} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-data-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":15,"global_ts_msec":1463060980301} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","packets-captured":420,"packets-processed":419,"total-skipped-flows":0,"total-l4-data-len":244348,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1463060980301} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1463060980301,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980301,"pkt":"8IQvSpdgeJKcD6iOCABFAAViG\/5AAEARmp7AqAFprNkQBLJlAbsFTr+DDUPl1BjSnP0KUTAyNQFyZIfG66V5bj99kfIBoAEABENITE8XAAAAUEFEAIgBAABTTkkAlgEAAFNUSwDQAQAAVkVSANQBAABDQ1MA5AEAAE5PTkMEAgAATVNQQwgCAABBRUFEDAIAAFVBSUQsAgAAU0NJRDwCAABUQ0lEQAIAAFBETUREAgAAU1JCRkgCAABJQ1NMTAIAAFBVQlNsAgAAU0NMU3ACAABLRVhTdAIAAENPUFR4AgAAQ0NSVJACAABJUlRUlAIAAENFVFY4AwAAQ0ZDVzwDAABTRkNXQAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3Lmdvb2dsZS5jb21PyGNIiSYlWYMNKJNAlwv39ix54lRFVA6paRsUl4FQy0hWHom6FQQ9JcZPH9joUxX+SDLF1j\/DSdX0UTAyNXsm6efkXHH\/AeiBYJKSGuhXNIn06ylDo5Ug9+nOea5qJJts1jMXRdJCxw2QvK85nmQAAABDQzIwQ2hyb21lLzQ5LjAuMjYyMy44NyBMaW51eCB4ODZfNjQarjm3cTKFpJVCrT7eADgKAAAAAFg1MDkAABAAHgAAAMpYWB84oseWX+q27ipmj\/RQLfsZQqQtGKexDF79uuJfAQAAAEMyNTVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5Cprnnr7MUAAJJnZtEbkxP245vVr56GfjMCMAwif3n\/lWOThmdSnoedzP2jx+7ZPMWRBUv\/hZavd3FPUhQwHHwpvJJDzRcoSGYXtOQyhcYCVpGlxHD65Db8HFfgEKEx\/YlE\/aFaPqB1XqWWzf4zDCgIc\/Djzy4R\/py4JVjfq9V0ooIkHbH+8mAcpgdNt3gj0SeICAOM6wnOXFVXQaU2KKd\/llBTkdtTIS8p4UckAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00754{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":420,"source":"quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463060980301,"flow_last_seen":1463060980301,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463060980301,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"172.217.16.4","src_port":45669,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"Chrome\/49.0.2623.87 Linux x86_64"}} @@ -47,7 +47,7 @@ 02240{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1463060980446,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980446,"pkt":"eJKcD6iO8IQvSpdgCABFAAVi7JsAADERM7XYOsnuwKgBaQG72n4FTodMDNvEpLUMteNnAjCUFcdtv6XHZbkQxgCkAS0FXQCLsNsKswVSG3lP+qzvmF246uDhGtUyFwaTzRJRxS8XOFxmLluatV\/uy7O6p0+N2bQ\/+Zrt1fpZeW6648bpNyd9YDE3eJJ8v\/9lvMKhkrynd\/W+TFqduscYADp6WRYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":449,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1463060980460,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463060980460,"pkt":"eJKcD6iO8IQvSpdgCABFAAVifaoAADIRmLPYOtLhwKgBaQG70jkFThU9AAFbOkhXLI3U967KCL3cJUfMqLc5FSrY4cYs3xypa7qHkPMQkfyihNqC28UhBOL3e\/5TBI7YTG0J23OmdlC7GgmCbVWFBre3mnIHOH5gNl6B4pV+JLE9LheDJBWLfps\/P5l5aMhy6p4xkqOtVn+84yrn69vnIGngY2UUctisj\/\/7qbGHoU7KjFVZvLiLnesCjZPEQ9bmtTdxJ8NIoohV99NBrL3ZR\/mRKqFg6ck1jjGMancWDX9uCodwuw+nFeiwhdNiUXqpCyb8WsgjNJlQgx5Jzfa6dxFwnJS2EsJzy1jow479DEUJQyupcHux9LBb4IxdT8f537ef70Ew4CvWu3Iba3a+sRfT8oSLt0CF8xrbGmeBEnSqbecBn6F2MYjUF2gtYKqmlv2GpssQgCf+y1IgiyKvJBAFYATvIM5Yoz\/5ASrdVp19my0ed8fkjXD\/9hI6BqGDwauf0bTx1RLAMhLrvl6pXAmkTiy9XjRAKtxJq+C1D4UKHSSI2+YjymrUAqCH3KRAZmA0Bxs3bF5O\/PSuozCEiM1fA6uKcRzdnnQiYy07+fjPtlVxQByhag2n\/cAPz+kuIj8MMSN1yDveDuOdF8jXFe5s9mrKD8JMfRZctDC3tl6y0RDe95cUiGF72q+hrAL\/PnaEp3C0gWLN0HrD0R9JOOxmp7Auh7povQU79kvL0xqyh4jnZ\/Eauv5xfJJ9WERDrqx3CTTuciqZlam2PDCCuo1MW4zttYvjA3nx3zF4aGwysEzvVFN3YL6hVQjdDA4G9W2+Ef0aVvJ6dwImjNYp4R0XlWhoyOCtNc6n9KHJ2lGiAOWbtoy+eIkUgerfolxpj29D8pTuvRSA6xSdgniEhkWz2S88FBK7lsS9dfKhGidfIxn3mpcstFKBaupKzVmBUCAqw1Z9aWdecUTnIY67owXaqxfverdyb0S4+uAKmDm4p8KZN+VbJFG\/ylg0sBWP80mInpEbGS7MrNOzG+nWmwobpNpDfkH6k4MJahEdbTJwc8F0zwrc9OBje09p8uO+iXNyZJSmFPRBYsNZ4SG8aHlZEWwk1zN++dYeWoX+nUUYJD4SmFHSyUSfF3Ib+mhP8VYivL+Z49LFaGNAB7KGxHv6fvGdSutX9bFiP1ZkAEhpweNPt8+O3nQTWj927mHvqPFEoMfTdYknC6NXf1NUkjL0SCHGhtXTgom7sP8gds1oLZBN2H5EejX\/eUCiWr6Vz0O2ty3vLiEaKe45R6dpcVbZGDcZnogU1oKhCd5eIW5VCS9ZoxdQUXYVQ5OVZmD0+lXGLDhaxED1Sg0QBEID7Gyk3XlpIelSpdCcj7XZyy+fDz5peeAIHd7A\/NT1xszFkW3dJpaVelwRfVQ2Tajy6IY3aeRniays5OlSdDEGtZvz+UGoOACWTNtx+Bck5uH4c3U2F4B+CPTc7F0hvJL623HEU79LiEo5zzmsjK4jgrRtPE6Ujm4ZpuNfqh8tPnhC9+Bi2Aja+3eezVsTpRflcLiQs0+wiUrXwIMtQYHLDjHEkGkWCaZ1nNn1+gwpcra6WAb6OHVPMNzrYJK0SrAHU0\/USbaXPZLFNMj2alWPs47VfDow3\/W3uXsLSYKoanH+Y+vNHJPIWjV0xMRUN6pTJE7IVb0BTnZ7b0D3Y4\/SxaKloeNxIuesxRvodNcMI\/1buC5kqkJStpYaf7KVkJyh1GHdI8GrmxoF2MSLqGY6lT0vPgbFD4MZreGOa5Sssczsczl+luw+iYguWV7SHDSmHfZxeBgkr589fC51KvvuWXNd3GZS5QlUqIxlrJRMHt8X"} 00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1461850699450,"flow_last_seen":1461850703450,"flow_idle_time":180000,"flow_min_l4_payload_len":70,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":6820,"flow_avg_l4_payload_len":1136,"midstream":0,"thread_ts_msec":1463060980460,"l3_proto":"ip4","src_ip":"10.0.0.4","dst_ip":"10.0.0.3","src_port":40134,"dst_port":6121,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-data-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-events-serialized":50,"global_ts_msec":1463075953299} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","packets-captured":450,"packets-processed":449,"total-skipped-flows":0,"total-l4-data-len":271275,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":7,"total-active-flows":9,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":50,"global_ts_msec":1463075953299} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02241{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1463075953299,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1463075953299,"pkt":"6HTmLPTkABlmWmaMCABFAAViaTtAAEARXzHAqAFt2DrSzomkAbsFTpsFDby767UFbXetUTAzMAEh5i93uTUS22zwlS0AoAEABENITE8aAAAAUEFEAEYBAABTTkkAVQEAAFNUSwCPAQAAVkVSAJMBAABDQ1MAowEAAE5PTkPDAQAATVNQQ8cBAABBRUFEywEAAFVBSUTsAQAAU0NJRPwBAABUQ0lEAAIAAFBETUQEAgAAU1JCRggCAABJQ1NMDAIAAE5PTlAsAgAAUFVCU0wCAABTQ0xTUAIAAEtFWFNUAgAAWExDVFwCAABDU0NUXAIAAENPUFRgAgAAQ0NSVHgCAABJUlRUfAIAAENFVFYgAwAAQ0ZDVyQDAABTRkNXKAMAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0td3d3LnlvdXR1YmUuY29teFwziXjGfp0+iLiPa5NFRFyqDFkuaiall82sYIzujJV2eEmSxVGrXgdwnEo24jy3PXEgwhIODsHz2lEwMzB7Junn5Fxx\/wHogWCSkhroVzTEcXji0toaKKW2C\/sjLL4Hx\/uc6Fh9FqIQ4mtE7XBkAAAAQ0MyMENocm9tZS81MC4wLjI2NjEuMTAyIExpbnV4IHg4Nl82NO4xNazIxw51CPh92NozyjEAAAAAWDUwOQAAEAAeAAAAV2LXIh+dp84WNbuB7eLfYt7CEN3uuVCwsaMPVZLZkwAcWv3ewLeWKh8oWp+ADGqv7hr4e6BITFL34pf63u8lTgEAAABDMjU1Ve9eTSHF9WVGSVhEVe9eTSHF9WXiYxqCfXGFX0ALe5CprnnrQX4AAJnDlbsORKBU4xOKlwWO9P4E5XFal5z7hzqpwhe\/gMX+Blclu+PZJjQ25zzFRxooIRN4BrBfLQmDdxaJYtqVNyhOzgBZdHzyh0tqgzeC9Fkja7K8HfjiuAyeK8FHD1egJgrMDFGpXlhTM816keOEywC8bzRfESJQUt0PZFKBRrh3m2XPL+hfh5e34YbH0wkaQLc6HM0z36TboZSwOAF93TLAofZgAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00755{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":450,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463075953299,"flow_last_seen":1463075953299,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075953299,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"www.youtube.com","user_agent":"Chrome\/50.0.2661.102 Linux x86_64"}} @@ -62,7 +62,7 @@ 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":69,"flow_first_seen":1463075953299,"flow_last_seen":1463075954300,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":55535,"flow_avg_l4_payload_len":804,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.109","dst_ip":"216.58.210.206","src_port":35236,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463060980378,"flow_last_seen":1463060980460,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.210.225","src_port":53817,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1463060980364,"flow_last_seen":1463060980449,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1463075954300,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"216.58.201.238","src_port":55934,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-data-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-events-serialized":65,"global_ts_msec":1463075954300} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":518,"source":"quic.pcap","alias":"nDPId-test","packets-captured":518,"packets-processed":518,"total-skipped-flows":0,"total-l4-data-len":326810,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1463075954300} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 518/518 ~~ skipped flows.............: 0 @@ -71,8 +71,8 @@ ~~ total active/idle flows...: 10/10 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4703629 bytes -~~ total memory freed........: 4703629 bytes +~~ total memory allocated....: 4703653 bytes +~~ total memory freed........: 4703653 bytes ~~ total allocations/frees...: 101698/101698 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/quic046.pcap.out b/test/results/quic046.pcap.out index 157253f6a..6aa2a1af2 100644 --- a/test/results/quic046.pcap.out +++ b/test/results/quic046.pcap.out @@ -1,12 +1,12 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic046.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1584456191933} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1584456191933} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02243{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584456191933,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1584456191933,"pkt":"ILABHGh4AJqdnpsZCABFAAViVw9AAIARNVbAqAHs2DrOVsWbAbsFTsB3w1EwNDZQtKT59fQu3TkAAAABmZPTs83+bYJOmUXloAEEAENITE8ZAAAAUEFEAPABAABTTkkA+wEAAFNUSwAxAgAAVkVSADUCAABDQ1MARQIAAE5PTkNlAgAAQUVBRGkCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0taS55dGltZy5jb23iUlTd91Wbyacedc4KWbvYAO9ezSoYOG3jhMeQafLfpHKvILz9Ye+me5P5nrw5Y\/leQsX7MclRMDQ2AeiBYJKSGuh+7YCGohWCkV5w4f4wMDAwMDAwML0xAKSRUT2iY62vYCLSlIfkuoKwQUVTR0Nocm9tZS84MC4wLjM5ODcuMTMyIFdpbmRvd3MgTlQgNi4zOyBXaW42NDsgeDY0mMqP9vF+kzJdLqfvNTDv5wAAAABYNTA5AQAAAB4AAABhJXvQ9+6Hu83ruEOa1Y6Y5fjbWd3ky8\/JdT+d+\/AZZsvZnn1BDAzSykK3Urbw\/IrLoBtlbcpqYoDEomljzhkwZAAAAAEAAABDMjU18ubMxD2HxlI1UlRPQUNLRPLmzMQ9h8ZSYDLLkqBBTd\/6RwAAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584456191933,"flow_last_seen":1584456191933,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1584456191933,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"i.ytimg.com","user_agent":"Chrome\/80.0.3987.132 Windows NT 6.3; Win64; x64"}} 01154{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584456191934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":574,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":574,"pkt_l4_len":540,"thread_ts_msec":1584456191934,"pkt":"ILABHGh4AJqdnpsZCABFAAIwVxBAAIAROIfAqAHs2DrOVsWbAbsCHCGo01EwNDZQtKT59fQu3TkAAAAChrDGo43cDq7OAgdbv23GehH0jM01fB5SqCBHGsm4tNDoSAuylkVeyVU1nO51BVLZDdQpzNO9j8lf2o\/kFvxF1keBb1V8bWQbm4GDCTzD9DJbwk6JCzbiEHbQt2\/y4DufAauHa+qhpg6F7I1VBRA5chHzaHSfbKq18eEDQ2D7fby9uiPXDB6cfTGjCACXfFYXGo9zhyaFNtzZv4x3bPv04LGnwloRH845hLIF6d5Y+oKP0inx4RVaOxEjSkSubSvYLun8u1+DAfAvr3DdmGZRAp60H0VhNkgFDR0TK1bvdtwD\/6cndHRtyUINoQIRApDi1wb1MmCAOOvL7steTPHXY5nIkaq4iXTy+WyGwwX1EiuR+wqkWZoB8nUqj3ZqApzNfexl+c7aCawPzdHT3P5zDq7dSyz1wAkXCTveL49FopZWy\/uuB+P5RJbaGpw3CvzBYR4o98uBght36oYbWpopqUw9u0okr+r3kEm4Q75LZzqLS97VgZsNPml00CwyHuDEnhiPWf19O4H99TJdYurnXZ+SQi1Zt2RI1GgBrEOAj7V7V\/6W2VgqcYkPqL1UO6lW\/zp\/K8LZMma1gVsHh4jJ1oXnE7Qjtqi9Um0bkNgFqZBX1s4cYf2FTDL0Lgyu2DOK3ATmX6nv91Qh9\/msYcWCN59XOhhsFRlmXSuc2N2TzOTtWg=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584456191934,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":1584456191934,"pkt":"ILABHGh4AJqdnpsZCABFAAByVxFAAIAROkTAqAHs2DrOVsWbAbsAXuOl01EwNDZQtKT59fQu3TkAAAADQ7oFqOGvWa6mhIUAfFpbpAofPEreEA\/GGklYOasxEedYwPIHZE9zXMBgbnX+9bPuSN5MQzRW31QsSe2iJHxiKYqGbP8="} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1584456191933,"flow_last_seen":1584456191986,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":87097,"flow_avg_l4_payload_len":870,"midstream":0,"thread_ts_msec":1584456191986,"l3_proto":"ip4","src_ip":"192.168.1.236","dst_ip":"216.58.206.86","src_port":50587,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1584456191986} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":100,"source":"quic046.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":100,"total-skipped-flows":0,"total-l4-data-len":87097,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1584456191986} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 100/100 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682746 bytes -~~ total memory freed........: 4682746 bytes +~~ total memory allocated....: 4682770 bytes +~~ total memory freed........: 4682770 bytes ~~ total allocations/frees...: 101244/101244 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/quic_0RTT.pcap.out b/test/results/quic_0RTT.pcap.out index 772ac7164..50eb82c7c 100644 --- a/test/results/quic_0RTT.pcap.out +++ b/test/results/quic_0RTT.pcap.out @@ -1,11 +1,11 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_0RTT.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1603888789791} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1603888789791} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603888789791,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603888789791,"pkt":"AAAAAAAAAAAAAAAAht1gINJtBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB7CsRWwTYBOvD\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+zL7OkPMAtXpNlW5O0b2\/q+3KdcOtoYFqBIwOi4AbeOZTA9r8spxR89EzuGsSMH\/bUH9ekHEQ922xeaUjW2FgbWmXjMqS+663UY67NIITXpkFxwR22N+eMGvlLVxq1DPyvGiZiTcqCSaCZ0JYqKt+vdrIBp0w3K49QUaWm1DuJd+cQIJzCcz93gKXA+aQn8qJuO+lEHGyiCLVgeWI9\/dk7q4fiSnyVYB8Z\/88\/1PGsSPr7zMnahidPl8sGnTG9MT+px4myWEEHOjoSU0yW9DlNQElkOgitzZjllGvGhUhiBIICMF4QAUv3\/uP2UIoOlO5XivEkb+TEkDY+TeRlQOAIIUbsGZNooxIOe9TQJ82TvA7CrEVTKBa\/0UwEVbDA+egVUviZQiH5ib3Eft7yjRSwrLosJr+JYLE\/b1gPCQqV3\/X9AjXGrd184V\/I069AxL1W3hrfjhc9kTxr61FQb3iBePpHQNPrmWPpWzg65lBvr27yyzoj6wYSTbO781l0YatfDl\/dDvdQIfKr2P6uLMGzJJZkB+Ef6aEehROc00Tde4mLvS3KtN0T7iH4IEsYc3Db9k0scho9GMCBSBIiEPvgGR0Y67dvPV5slktWIWuArg\/VlYjYX5wnaRfV563WjXbTYNGUsYH6yJ12K39PLd+9sxGuDsDv7wuOHQ\/wAAHAhCNdWrrb4+VQiw7LD1RGMN+0KnwyOIE1IPFP+gl6zZC2dnhr2vJbjX4p4gjfOHidbDFdeXHDeCB6AR+v8jJSYiWVKpOKT1tYDZ2eaYAb8EM4juskAwg8WJRDDALjE67avfbFy2bAKFGVwliLbq9g9yfe2DG7zudaoq7VcKjW8DJUYzFu0kG3f0I+eg9KERSSE9tNgraaUChfDY0CfeGXPHIGfNOqV2eildt3CypMlgx434dmv5i8bOFyWursPeR9FPxLAp0E17z39ZowCy9mzMTuEiKSfVFZVEb8A56B9ppGExgQC8QO0Af3vfqS2ttKNvFYUOgdWvnxDVxIQ3xlWS6ELnr9IEyJP7QN13nNZW2yyDnRClGdlAqhKZndvswyZgxdwswpMFr+Hp46L60HP3+Etr\/g+ZQ+dSKaPL8j+qjU4\/5GbDlG+Y8GGpP5yetDzWW4wN5wTi1RfvXLkUi4VB3m4LwQbvS4nockw+p2t9FIJYuLtV0dMHU6Hv7HaVbrS2rEeooj88IkO1U14qUJPxLmg2Uy36iXq2YaI6VfIvwaNOpQxMq6KJ4BIC327gV6F7pkRGqQyr\/fLXQ9\/QAgpjmMNkP95RpEi6vYM4P3hLk7YGQVBnB+IU0NE43CFBWiQCbD6GGRc88ZdV8uxhElyGuoq\/YHF3odV6QEFs9PDd2W40mlJEPTrU\/YbNrDK9EX6uJSY7GfN5JJTDeEvWfQOsQ0uy8IYjlyJ5TxtnQXnq04wVfUtffinNWMR7cNrjwWmw0LkdigoLMel\/dN7JQkDILpNPwSYQ07T0bRnC52xgOJ5umHTPriox2zwHfRI6lLvfBx7j5PR\/iXTtkoj6weekfmGYFZhQNsP1hkCk+6CJfCIo1m1SFLNWhogGJZIJgLWrvdtqIciw9ptTqsx5dUUsMd3KoDy70p2VEA=="} 00972{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603888789791,"flow_last_seen":1603888789791,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789791,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"abcd","version":"TLSv1.3","alpn":"h3-32","ja3":"a7b629a5bd67bfc25e2c78b3daa4c12f","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1603888789792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603888789792,"pkt":"AAAAAAAAAAAAAAAAht1gIEmLBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvsKwTYBOuB\/wAAHAiw7LD1RGMN+wgWsFEjN2HZaQBAoeulPe6gJ\/sr\/GIbyJYc14UNgXtYbxk5qiSqETQY4WZpoAlQETVvk0wWYFOpUIdBARl1suh9iNp9EVeqqDCK8cOmjC1x9D6Kfk9hGxfOeT71tvhKd4oN+bdYPjbqVP0GFxeHN3IMs7Zr+fKeQyuFIUWnb5Z155Se3XdA\/gkvhnMx1ULX5WEKCC9gZx60DO5zH6utYTXgxvBd7Ru+OqadPKlFof8AABwIsOyw9URjDfsIFrBRIzdh2WlAxDmD+hjo+e1bU72YwbmAGOLxO5htQDsPNuVs6LSSsGz3SFw0RPm4E415JCnhx8Ge0QKEWADh5iBKGwMueF2ztpwDH7jsWxr3wB6t01oBA1kA7ZvkbHO543VSXW8URQBDqZoClPbnrQAcBZ+H69\/w3iitABvrJy3KVNkC9+NdHjbogcNpY\/5rLpRLS5HK\/H6JgUnP0BdrxIIF6HWRic\/Wf7gn1j0WoelZtuUrK3RpR66wFjn8EMNQiKG+ggDuldLKh\/U6tL0BsOyw9URjDfuFTTkGJh6F+XUUpTe3M82jojmegspYUKam1MxQec2Qkg\/alipH7KpbN4YAt16GjKA0vziYX61TA5r\/+c+B2T\/sfMV9v\/HKdLDeTVTmLVtM6L+LQWLFNxbF4yrEngXf\/VZT2XaqBGXuy2LCG0Ll9PjYDBtAtstKFFXX1\/Aq9PC+CdywR1PopMQdX5Z9pMSyZiyB5Lzg3cVGVQshXQFro5Kf54d6amO7D2XxOTcZnQiaAf\/TGRrLMf2QELrrUW5vGD6IdIKDtOHH0dTjyWhDTPJEfsacf7m9B9Xhce36eKCRqwlUUYp9cEORg9tAs+LNJkhiCPhfdI2kmtp2bekrtpez6Fafq\/eSu5bTHdTjUlYAqlsCVns0h2QvzRkddQkOUP7gAh5QNKxagIYkVNaIjoRzRpVUuqTaY5AYQbzrX47APe8VY1hIf5XFE6TPMKmMe2Q\/0CtWSycEDeCk28gGteNWfkas+cB+UI1rrRtWgkmad7zXpxmJvEVKx1EjCgwWfU89z+KDl6jD4P4IeVlDy+ynTr4HbYfYMZyTtc1RDHu8b7675WQKM\/HIrQq6E8CeXlwrV\/kN4X7y3aDTZ8UUUEk3f6P1Q8uLPJ2Yruxo4hJaXf2cw6q7EdHqcpvwl9wyP0SydRM5I5Xs9cDxcS9AAJl75598Onx7hfnsjzw2+Lk4PiuB9x8RRtBxDIfr1GIv04yL1ivxWfjBmvn9aCE1EDAtVLxBhg2AhlMxK5+fcZuD8gajCU3jBim0JQ1mEhqnrWZNbjfhTXGYll4oRXXUgYKlIV5s1CchSlcMgg5uu0+4Aj3J0p8FsizlxDbb6CHs\/xgqFSxARbNxD3LVLxEd+HIIdIWwvT1MTqPrwh0uOKGI3kFXzTPm+StyKn3RLAeyIgL4EkpQslwgXWxlUtDWXyicGhGk5giCxEYaSUkCR2ecvlHkQpbq28IGeTXJEr9czuuYuc6xx6JNXW8HuS7eYhN\/9rkNRrkW+Ih9+rtXr1O+2Dy7ZXSKTG4Wnmba1vr6ZEKbxvCvQURsWLQQxX5DHxb0xG+It92fZknkVToOutQ6p1RiqEpFpKmIm03EPunCuw=="} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603888789791,"flow_last_seen":1603888789792,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603888789792,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":60459,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":1603888789792} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_0RTT.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":2464,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1603888789792} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,10 +14,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4684602 bytes -~~ total memory freed........: 4684602 bytes +~~ total memory allocated....: 4684626 bytes +~~ total memory freed........: 4684626 bytes ~~ total allocations/frees...: 101157/101157 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars ~~ json string max len.......: 2139 chars -~~ json string avg len.......: 1274 chars +~~ json string avg len.......: 1275 chars diff --git a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out index 2a82a813c..a54325810 100644 --- a/test/results/quic_frags_ch_in_multiple_packets.pcapng.out +++ b/test/results/quic_frags_ch_in_multiple_packets.pcapng.out @@ -1,5 +1,5 @@ 00486{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00493{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1616775370814} +00572{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1616775370814} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02168{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1616775370814,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1616775370814,"pkt":"AAAAAAAAAAAAAAAAht1gIK6gBNgRQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAB5cYRWwTYBOvDAAAAAQjg6gfRBF\/f3whbtLKZy53KxABEtrnM4d\/0kI3t2T5FO3RTETvA3HGhmrbwnQma+SPYPn8iYYuHdKaQW8SovX0+V4dnPseYO+4VTSZldeifgT8VNQQB04ta3cEyZMDpKRtegW4dekko5HPUbEiidNmSQOuP3pH\/8SoL9x7tTBQzg2OL3UpCqjAnX16pFAdQ+V\/RbqJ1eyzWFdbwBQd2HuCx\/Ij151BRRI2Xn\/z+ADB4rVF4WDOutzm10O8sh2ssLFe2YyMKEeSFhkO2WxMcAatNA2lQ4qJXI32K2kygG4WC7Q8Bb0hTFMG\/mywEn7y4151OST4nZUDKvDlYcVWjuF+qTVspa\/iH7c2UuyPhpTYvIjH0QeZUxZzZhSTFej2LWwFlP2YFzpGwiJSwBaiLMY+5\/70DioAlmqyVC7SFNLAm4+7fUc\/CJsf0f8FDbPGjMEF4r4f5+0LVZH94Uy4Wd0tsSsAOmIxjxwMYhgLVVmrVt7TBRxZotLsMMAE5KgY4C37J7AKCvvh04vXJj1z3UQVYGJh48Z9j2DH62a8\/DQXS74cUeasgoXI\/\/fcqyqG\/+dEnkEyyQl9f50ViwTzUzqhBwr01HZapB8dBBIdSdOLcU\/xu7325B4gE6MbrZr6w6DY7ChrOgc2VWwoxehsZo41rWBZsOQNIyPzLv9J0BRip+w7GJmYxc+3ube6gxdaz9W+Sn43CsbRIQrhbCgHGaXLfLG33YcaU4X+6lhZpZDIRrpfHlieNk0E4HHfvmW6nTXkwcpHKUc\/LWt5+WouHWvxMn4x+ldQDvX1+1587CV3XMwwBZM2RazatEhHW1RJ3OT+xC3gie6tmmnMQduXseFmc+V2JaT5\/q6MRU\/TlwY0Rq7EtJ8+ZbzGXqIuu4jxCx9oMmi66z65uXw3qINNOeUxHXJycpAWw5De4VzaVR4lwygzKGqlnx4L3JUveIj+oObyh7F56NqTe5C4UVw0rXOK5vqDKafrSODvkieITTgx03B2pUNKW9RLu1PhtbXUZuY0giPngPfKgjMEWwbgah5IvyTnveaL6sEqf9jfr3kFrsy+GNW\/OyorkDnRpI8RofzGw1tLxiDlPgh1n9rHyR1pRdby9Bnf\/rDHEeTaxotP0WhApggHCHa\/yFJECzVqs9aS7i2yWDcJfS40AFynUP1UGKhJe\/uUxXih7qXtheQ7FXxIkAhVv3cPoCRA71Cfs2E\/Eey1fVKRW5lMJW9PriJc7GoWtyx70pOdZsK8HXiQEPiYKJaSioN0cr28BDrpMUfunJRWn8PiLmXUmTtuIMIbhFyGy+EQ6xhnD+A\/0hLJNWNHMXLu\/kfUBoupAJQTCcfsChogaeqgD6e5eSYCN5PT9+XpGN3+Gf4PxJfDsTjsRYy9pJctfaPC3hqhyOjQKfCx2rbpvgC9PMRVByJjtLJxGnkJUAuG3l6UFakUVvosZ+5M63lUcs39+r3quiDA5yu7NAJ8A\/i87lBxkG+y1mdyDXsaBDCfcK3ZxP\/soZcY4r+0QCaSKYxK3TnciTbuVT2emgJe6oE17JFaMKL\/+oNqA3ly+Sny53LHt3DnGVzfWQGnSJpT2w1xGiily9lTfAyLsd+fvmBtuH20lp8Prs7ZgVUIGMd\/pWSRV\/g=="} 00802{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -7,7 +7,7 @@ 01189{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1616775370814,"flow_last_seen":1616775370814,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":2464,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1616775370814,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"version":"TLSv1.3","alpn":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","ja3":"0299b052ace53a14c3a04aceb5efd247","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}} 00562{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1616775370815,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":116,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":116,"pkt_l4_len":62,"thread_ts_msec":1616775370815,"pkt":"AAAAAAAAAAAAAAAAht1gJDKmAD4RQAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAABEVvlxgA+AFHEAAAAAQhbtLKZy53KxAjsAiiM0e27twBAHLMBaZzti3E68kx9gE3ZXKGXRNRnGzCRKG8UNXw="} 00944{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1616775370814,"flow_last_seen":1616775370828,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":3750,"flow_avg_l4_payload_len":937,"midstream":0,"thread_ts_msec":1616775370828,"l3_proto":"ip6","src_ip":"::1","dst_ip":"::1","src_port":58822,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} -00499{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1616775370828} +00578{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4,"source":"quic_frags_ch_in_multiple_packets.pcapng","alias":"nDPId-test","packets-captured":4,"packets-processed":4,"total-skipped-flows":0,"total-l4-data-len":3750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1616775370828} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4/4 ~~ skipped flows.............: 0 @@ -16,10 +16,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4694952 bytes -~~ total memory freed........: 4694952 bytes +~~ total memory allocated....: 4694976 bytes +~~ total memory freed........: 4694976 bytes ~~ total allocations/frees...: 101170/101170 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 491 chars ~~ json string max len.......: 2186 chars -~~ json string avg len.......: 1330 chars +~~ json string avg len.......: 1331 chars diff --git a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out index 90513754c..672622a7b 100644 --- a/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out +++ b/test/results/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -1,5 +1,5 @@ 00501{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00508{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1621417111064} +00587{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1621417111064} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1621417111064,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417111064,"pkt":"AAAAAAAAAAQA4++7CABFAAViZTFAAH4RUm+FzUvm0OWdUdzQAbsFTtRayv8AAB0IRl3KXBW\/LTsAAEU0Yy4h2W7s\/rlLefIGYQnrzU1ux8x1WHF9P2TRMM\/uMgrk1ok5ld99474sHzCIsmBaABMBQuwajfiOypF13LdOvUbny6sKbnPsiQnWdRy34WzYDIUSWbFA\/\/FyZAuWdhVQrY6b6y6LN19n0\/TyiwQZaRgOj9Dah0V5ZEaARpJrDY9m+9WAWL1E5fl0AZB5oVrpfRpwU+72dTHjTrdezZLrG0y4LUZJV4ZFSW\/bOTNeyiYeeLzss7MCM0o7kz\/ABmlsvSTXlJ31WdTvcFfKZa+Ers7MX6vrMreYIDLD\/ts+djqt3oepBEPH1tJwybSyF6zOUmcUZSNjRN66q7NkOjxIFsUfL6vSIfs09kF5zqgt+spL3nfMkmEEbIE7Yb6VRa8aqO8bYrkMWyfbFbPBKBEuDwvxXHrKHBxwnW70rIsunEzXSGSfZXttskCHI36aQkPEEfMaooCWLD7F3ek7vQfYF9UBeP3UInD1\/fYOKKyXlh8f1Xhf5ZtTg\/t0H\/rYsiKjt\/tbN+4cOfHmb\/PbJuLAirrGtMROug44tuDQNDgTnWYAQeXIGrimS63+Je1xn8is8IMmIBVJgnKtBWcrkpMXG4qIednOh1PU3Q9\/9otFQnmPpsVeluBrkhgnE4Pv+jN7MB9MKsGF0sSC1rOxFEUDC1ZncrKF2pLDQgCdTsCDk\/CcchJ4M3KHS9yCURHTTnwtZtZ46Ba107K6\/C+vDHLLH0Agtie1px7EDwsBP1SFcU808ARQb8bGLCOen2251sgfs22LC0YsewZOMJW3COsMT7VTAQC4PFSt3Jgg155O5SMOBejKszFjP0ssLTQ45nlMeghvKmzI+zfNFO+kmZxhFyxqPlrgdV4WKrdIRZR4IDXMiiBpWoClkuM9Kcm+TctK8hPDBFox7OqpdBdHkgRVzggkNVEFUCJAoy7stynIye5G\/c0PO6aK2KvGAn+3yIbnJQO+GFl+DzzTQ5+znvJKlrrHbZJ0Q4s6V8EP7sXEgs1jrGqyCGI9wXbSo\/8wFamlp4ouFVhBqYZQ6GonLwcM2BL2EqcW1GrumcxSrpctIQbM+MLM5TmZnDMpdMZpkkzZ2HiMH1e4fDgQ6yg7Gbq1oSAP7PmPqOdaH3pXDqIE+0KyN656ZdaYb0ZW5qVxVZ\/yglBSCDTTcv+oiZZdzI4cH8Dg9AnTIhGYs97IARnzPncHqS984seVJsVe3QFzlkq7PW\/+y877P\/bFA\/sin28uLWX7d3K3IUeguTPHXWFnBk90vEPoVwUYyj9ACpdxWLYAzshM8UJ\/W4931weL+9Y45JP53CAvIUGXcyWPEbA\/HUlyizs+gfbouzc6njtiCnSFNiKixMnDd6GnBIki\/6nDKciwxPCTmggZDjKRSkhR0fon1nZO04Oy+GPjSKqyuI6I5+\/qz+87W8lrtdNnV1MTgqqBXXhQGkloYjiOOO7Hr2euMPx\/D8ZUBmzjEl1Q0vybg5VizAcIFEitV672m9tByJnZVCmqOqHSsQyStHmvXtcHwG3FmgKLlqDELNJ8refw1BcltymiFpTUHXujIq2m\/2R5lxEp3IZpg0ykJqHmAP8x1DQP1O+gpnkeZMlBn7sZgxbS5i464ONO4aidSpGEEs44YdZy\/0PLNXvbgohSN7NSSlu\/3OBSZTCjfEOkPRu9fd3b98IylU4SIOzNDcculUBKrCHb5iJqK3HKWlgukxdQQwzwn9S7alNQY70dsl9vUF76RPML6stNu2Zb+\/ZYxqaJZFu3FOvrYcXEYKZuXML8FedF"} 00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621417111064,"flow_last_seen":1621417111064,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417111064,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -12,7 +12,7 @@ 02302{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1621417629532,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621417629532,"pkt":"AAAAAAAAAAQApuCjCABFAAViWtRAAH4RzqOTxFoqsVYuzvDPAbsFTrDqwv8AAB0I+raMAglwITcAAEU097Xe2il2Zegu7U45BZ8gKfm75BdOnPJC97WfnE5KscE98sHvgzGhWttrfuN5Zw6V0RznV0lHr8X6WifmddIwLz9dgmQayfKTYym3Ekq7+FTfsVbmdLv7iDTySVEQT3U6aJZTVVfr48rzDdUlbuOabtPNfF9PK4wxRo28Hv8rNIeQLcDYX1ZhINEmN+sLvvHwjXJJn\/mGzxs37Wo7yOZbGkbY30QHlElqBOAjfC6VA27GzLEtJY\/bgqKUM6kS54RZZNzg5pKpLNlhxgP248e2xlGMNOmp4fMFXgmg3EfYbmnl2iWasHW8AkLql7Ucnm9wslVj\/YWb2c6IF2fyJjiByU3v\/tWqKcs4QGqfKnNSz7TAvliCZNV6Zo4gfpjCqzFPRaJI4yeyyqsAh\/yIYVP9ZV+w7uilAeMXgI+K0KIlxsOhizEgVDitG\/KAo9LOeN6fomCXq4209QrcrNd3XMwKvH9b188UgNv\/jRvXciyaJGIyMgJ7mamyBtbMq07La5hMyvo0mSqFOXeW1vGdKnMpuiGY5RTAHMnhNlkaZqmORAjp34HPN8n4vG44MH5AJ7tXiPcaAMzbgdmd6ox3fd0BfTrlccudwRllV1uZTxS3xRBBhwWhqTZE4FhxMXqd4endwazGj4NY2Vq7gD8YwyUO508LgWL2kYAd\/HfPDFLaaugd7M4tl4hSFuXNenTPDtb\/bRXBfDbvsb6xXiRig92+oFBV7pEoV5L\/yiJ4P2gax0Ac11TG31dQqdzo9z3YfYxfMa\/+8LYBIBydV8pcGIzVQDhSjN2LC5nUQOTcNfPU\/oVh0Ybk1aIMEU85MfYtwrsAgUEMpEGProetQB0mTzcYq+lEmbIIU8WPencLFFFL9uSVHveeIfGWVYNsJ7jljceMSgP5H6cv7CnQzsqS8dQ4uaXalyrjBXDSyJmCkDvaY220xAc3pj12kdE4BvFmAtStxWdtg66AiG7qv91s5V3en6J6UAronI\/KmR8EOk5BiV2TYsFERt4G27JNG5X\/AJaZ8VwtC2WsqvDKaMKYDTCCbRtilBnZ79PJ8INFhsaJtQDLjVGnL0+0lag21H2c0AgRlVIciNuUToDrQp+pYnpr3L\/mM63uQTkvv5eBIAP7i9VCEUjMABfjlzuA4QlRNUQ0vfIchW72uzMqFErT0XMVPnKFlDHN9TDNIkKHDeKZQaWZA\/OfMsV7evfLcQ+ddG\/xKNaoq8806UcjLdGTZEiKme6xLw53P6MT79sTHldTCpjPaldQ3tMH4EIg1InZbS5ktmIvlLQ2zHCeJ+cCrcDav1P0xMr+DLvH3rXDc1LTF\/hYsBxIYeS7vsQF07Zw9I0Aabf0GjuxOlwnW2Bt8iPysdcUeHkriGdeS3Czvq\/nkZEaGKcHJEnfklzqeTz2bYQ+SkshE9F12pfc0agQ0tbVdAnKaEKIsSgzPUMt7MgzYsL9AUkoIblqKn2hXfFXW3gr6XbSi5TQygflSMy28Bs+5OghyrSNcFcOe8e+DTn5mmzjD5O4rsNuXEgF7wS26+FyMgZbWHqX8HMifw3qMfcAQ1nT3l97zTbszeFs6\/goTc7uST7XEMKSKrS2lP7e\/ELG11fN8X22oM+TfVd0wylz3v0e6ThdB\/tMpVkNfw82FE39BRdoKw04E7yZ9lgCOyxJvMvSEQRhX0eoTiGgfBQDAhtTklq2Zr0UEwX8LiDkDQg8kHbX+ady095CUYxnxCvxjTB8g7HIHtQ37uzrFXIL6Nxg8bDtLpiJue2jB8lwh4plomig"} 00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621417628801,"flow_last_seen":1621417630732,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417630732,"l3_proto":"ip4","src_ip":"147.196.90.42","dst_ip":"177.86.46.206","src_port":61647,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"sb-ssl.google.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} 00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621417111064,"flow_last_seen":1621417113176,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621417630732,"l3_proto":"ip4","src_ip":"133.205.75.230","dst_ip":"208.229.157.81","src_port":56528,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00513{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":15,"global_ts_msec":1621421253470} +00592{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":9,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":10800,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1621421253470} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1621421253470,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421253470,"pkt":"AAAAAAAAAAEAnT6cCABFAAViPLlAAH4RBzKokEAF1Bb289hQAbsFTvjXzP8AAB0IFOutyi98gDkAAEU0QEoUNnfb6spEl4sOhm7a3kYwPyh0twGQme8gnUbSWjlTM0eV\/33jZKgt8R3qtWDm2zSx\/rpQpEqQQvknW76YTyqy8lhhBH0HTupzxapnAU360wL\/+pHUQa9kkbfGs+rg0fJIwO92cTdSFU4vLU7xVz2fVMJaMQH8aHE\/1fVdWPC5x1T42ZLsnrxIMQ5wxIFrryrh15fMsCUmzvgSHxA\/i23NsVEQK0FaymSQ3vTxzLlBUWH4BZEKhwxODiawYJVn6KqbmqIqOPZjXiYZhiN\/Oc0\/LeCyQFaH1ri9xPnu4k\/db5yW\/Vm5M7J0u3m8iCZTpmZh9UW7Vz+Tt6ZtpNNUgyHlXEXFJ93VOxKXczX6MviwyGemHWSQL48Z\/padN7yuSlVEbH4WE\/x\/ebW7zTY276B4XQ+wlkch4ZzVURSVv2IJCLTAANRAmruSTCorJVR33qh+1laWpf0XjXQiid5xdrcBQeDZrONgOO69EM9SiLwEVtc0TpitDpJidyT0U1tQrFl70d\/XEPdy6sl8efWo7ZCqMlidLhPlq3NrVHxg4+Rm0hcmtJgElwEuqTGiLadNGhoT7Yo7j8pSYgNw7GRtSquhp7H3+FF2Y2bFNX19Z9+rRsJB4pUiilB5tu0adouOMnwmGTBRsatrnFOOtA0F2vX+LGN0MZFmEF5dpYuvWiLOa+K0fw5uMZaD1DwO81ez++YVlEQYMcGk8nRbrvkTr\/h1NjMg4AGD90jQKUb4FofQXWaVczScZMMs2v2AijtxxRDHmaMhESOLxFfFbAGY7GSyIn06ETBx10YXRTWxeT0eUKlaLwKeXgT1f9Nzee8owqgOKrkqV2dKYlj65fZbe64rFKZ1qmuSQpeN6luwI34bKSC\/P1YZm224OWk7dK8zYb6iVGqzON\/pvHnYbfT2ttIlhWIYxtY8Ju6yt1zHvLgcU9f83bCChlVephnGaWCxUwUlXnYZevAlJBygTGyZxTz2ZSb0ie32uT7qgPEA8\/VhOVmgfgz5uz1CkH7wK301uXB6Jd+vCV5C\/oxE\/jofm4fBRgusDmoz+6N3GpdbS6mlSoo0uqerAGszdbsmbuicOljSko4OAeqWoT+mGW7afPjx5a2FUCfO2SrBsu8hZPpnDhlhRCeKCJQcAHRB7xgiDd9eCcdbKD7Wu6I5NAMZ9c5cy\/ihBVX35Z+UgC3RyusmI0NtKYhjUDswCM0eyBoXLaZPl8INR9v1LW+yvOTZym8K9Aj0qNkha5Yzfvxik20hZiRqz1bdL8xXLCFYqYMYQEadOjp3L+P6FsQzEDaOxkrn2NuRIxBUQl17JREUFH0XnFwFnMT7z5vgxqMs+\/cTusvocWbp9TisAPxAunu5IgIhjJTjwzvXKQEqGGTx\/Uv95lseYEkyPjUxRZUqo6ayvxQzUbD7WzEPJfWp4V0dKCqk8jMcfr4gKrj2FSp8Pp2y\/+11ISOglp7xB6eIZFO0ZgRIY37WC1adnktqCSKXkgYJUGB+Oc8sMK4ta5iGShCsKCGNc84cXtiEBSa78agZzOMcgLZMHRXRJQcxDXBaC6GCHQXnLhoom2lIO8IpQOLCvA+fkPsBsI1oOJHnHV8O+hHfPFWWAiSD\/PB9nE4NwaIPKU4ZyWnacfkkFlYLZfqca8KZX4UtWN\/IEVTbG6\/oU7nJ0oyYFSxJfcA+XMb3hdr7h9ytVk4VGIeEwTkm3q4IbP0kGL00wYVhVU92VFVVNJemgeHNnaAUtTEkhmyuDDVqFnLFxbtyS6nB8YnwnujNnjXs"} 00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421253470,"flow_last_seen":1621421253470,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421253470,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"212.22.246.243","src_port":55376,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -33,7 +33,7 @@ 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1621421316093,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421316093,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQV5AAH4RSIeokEAF8YqThcdtAbsFTsw1yP8AAB0Id4dqLmNRgiwAAEU0wtYlbbuFGBXp2MCVE6We3QfitRrLbfHeFapauAVaYK5AL9PTMbG\/nZBDDFATIm20jlpnFDBXnrozoSQkKhZiwvFuA+YJAKUvqg2QPKM3oU8xpfKkT2AQR0J9DkN5tfQ0NXF6X7eJrYc4ofmRw8O4fWLwYHZ3YywSIJBBxpk3DxsC2udaDZJvqGhhrqx5lxHNdgWl7nWJub5bWqgA7RiFwSfPMI\/5kRug+dhYRp7DC3Ee8zC6gPghQE+QP0amaa1arTeTP0yuasl+WnsmI9atR02R+W1DzVE2\/wBMK8xOVHY9tqlEVzRvN\/FEe84ZW3K+FiAVxrMfFrQuHuvcnbcHTHBnMHQYqazejyT6z7dujWBncKjH6yckijpEXWZXNsAuDtLV5T3g2q3nsAzYqPmxjAwq2L9jEUkACO\/glUxPaUIbzRZMAWrn1JnfawlUtFWDoUkmp2jeSdN3M4DOV4Btcfl6JE0S5mBMR+cTfbMcWTfdpp7BQFYSHPJCCmfpgjfpU+1qBx\/swhbFbhxpxlnelvZfSKLGYtrKIMbdO3dvXbJ\/svUATGYLFdU0QPDusq4rUjjYNOu89YeAlu27MHBziCZnV7KQ\/7CZZ62vBer12fSYwgYC9kFuhA1vCwIWWEI0nqiCF8WEuILGWjP7tGrAuxfQQVo5hc9wDgMsePag6LNkwHcnSN4R4KOS1V6VWYmSISoheOtUuN0\/+N31BX\/BBdcE+K\/zMLfLAbEeSVyqVT8J149AtoSXuMJboIYDsPyuNx1sUrvqH1bQF\/7OvXtx\/cdwuq0y9FpLI4rLUI2maANSTyvT2wXdthl04Z\/YTlfhB2d0v18nfSnZ0lHIWro94Qz9tRk3pZNg\/6bOm24Nb0c7krS9oaKWYD\/nW26GWKUOS\/YmbucW\/B1591GDEr7Vz9Medns2YxuZHMa760vt8vLL\/edsarlqSTG7iC2dyVOn2D7FBqAY9O0XPf2C6QywOMobFqtrNOS8\/ww+Ef0n0CBYfsd8N\/A33enCbf65kj2J8cjGSNsKKNBj4tAphcU4pREZZB+O3\/Ly1nrLSiPKqvrwDlraB5bWLyenPZKnd0anwZjJixIGkNqzXa4ISQSJFmR1apCq9LxUfCQKJSnoHJi7zWpvIrTdh+1E4LBshyGiVHdr861ZeGlKojdwmnjQq4UIgYBm588gXH6fnrUcTY6x5R5SkG6ySP3+9FKCni2sN+s4jOB1WugJuAizD3hNzwNrPVPmY7ea2u9AgEEAbZ5tqDi\/qty5LhlhUJfgz0tpuOOG5sjNxDfBKwkmMXzbB0UWP\/ZOymvNdRvIO7mkPx8fUewze1kB2XBKTZu\/jjeqOfyykDMv2U5d4ECIcR1ME5SBUPF+cG4JDZip3X9Ncjk8ohwZ9STseLqJ9OTjbovHrwRkTp9ZFiBkXSVMJZ28qvMwt56L7k\/AJJHbrnWAxnK7I23CERceW6rAMx3gAvjR7jpii0Z6y9ut3843URcFEKSmPwW484nhFdNDcZj2opvoj2jz3w5PYglOwvrlo53izXLdla3jEPq0EWSsFCgjfCn1Hu\/0iFm0F9A\/NJaZOLHbBv95sOyVAyhhTp9ia8OHAoDyKO3fdAgduAMCr8e4e6A6OeMRMM9uZdO8nPHniB7\/fRhFarX8\/hBQLOvGYNTxmX4mUBEYAvdX9oiTEGFxFQYms4wxcWEcL4GBZVSteaongl\/UtzVPYTVaH6Ywp9r8fQxMP+pvN9mS74aDwI6voKY5QYc+FIAxKgJlDQtsiDCfBJp7"} 00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621421316093,"flow_last_seen":1621421316093,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621421316093,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"241.138.147.133","src_port":51053,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1621421316389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621421316389,"pkt":"AAAAAAAAAAEAVM4PCABFAAViQWNAAH4RSIKokEAF8YqThcdtAbsFToluw\/8AAB0Id4dqLmNRgiwAAEU0su8kgEC6CAiECyO1DkLdw6Gs9g5xqr46q4bXQKhwHnhSO1cvEZxiK8zZ0UUvMHGZI9iz4bjhoHMMbIOMlQjzD7lXKLskiaS9BH5d+nSpKWAlTk\/VzCyrJIDUEaoJEECyuW3tKvwl9spRker8xQmMYntXENQ02IwoiaKvWtw+SOjVwVA8eWlOm9NAMebNzUMZPYZs73GU1OPqu9byjmqUVZ3gNjVQQ\/nOwz51imkNuYu+w7\/8LyJUGaPm5Fwuk3Bsj2YKxipADsvK8J6MTwckTe0mCX\/jSQ76gOCjnkz8hrVtk4EjqvRSRrrQmlglk\/VPrf\/qKvU58cAcB2xVriX4o5h7C5eOAMRU3+HqrLXNHljg7aEauwVEO8m3ekwDO3icqHHRs7WM+ylBxpldD58pCtxwZ0ij9QfdRWH5ZxqEDPqJoHBdj95wIyZ4ORnYdmNnyGHi8MllAUcQIs8tjWMWB3yoe5EdClD6nZBCG59SvjdsYcNJAVVbBE80ehJfa\/upspBC4CISksJmbwdDStCmaDAP9wtOaXIqg9O5ZkIDmdoOOPEfmjm9K4dOQ6LB36bvZXw3SHE4hzY8DBpxFYHrnweWWjg3jzTy7z1UBgCcL5L8M3V1G4k+M8cjEG+qLyzWt+I0t9W8p+QppsTxLemIrKhRlTLQxRaQrn45B1vfZAeZl22mIthc1844odpSJYhOqC6tqIizeYmhjyC8Xc50S3AW5Mvlz9zSASlezjlHYB6l0h4HiECb78KTFOP0RzpXeC761f6XbR3TSUj2Kd6CiigfBxHImCUWBJeYhQ63K13s3Mm3\/yXQW+jtNDe40QrWm9YjjkoIVMSIWB0+IuXcOTK5iuV5r2NouN\/mq7KvUEJUIOslfnalmFaf7ZfIdPjgyQVz9FrKHnQkvaAtpM4SfwUn5akQL58gGN5ju0ezdhVBAUVoBrH7IQl1dE5m2gKH\/nc0+RTVVCbReUNeb\/d89W9jKsi0qHAjg830USO454jnFfGNPY396nJq\/esXpli7iKbr\/IAN7feLYAiWUNShRLTeLj0DM+fUbWyB7fiC2WAV\/4DdYTKVEz03e+e0crF+jhU0\/1fTcsMLkra8V1CBeXadKcji8HnzmIEixBMdXwKZYUWkoYB+sbVXni\/V+D++lf65eXUFF31BC5lP3qxi9ycB00LRdjtUjOItXt+m1hKug2VkfXSqpqc3\/GtG5atDCNyPml8KVYSebQNsNdtmEfNkMvyIkKWIyHjBBCaaBUw85r3hizTmBO4zshJ54arJGmqYVjcViNP8016YDZ66VoiHKaJw\/kSImQpkWf0lmgqvatzHhJ\/LfjV6hqNjydlZCW3sLZFOzRqsHvU5fI\/FmsYH8YkApnb+m45Kx2rJzSfYc+L2hlvF4a7+7fNL+7iaVFfd\/CRuXc9u272HHy40jLVNdRPqq4VV3rne\/q0H\/V1m8ntT3AELDOezhMgwVdok3Al1xhogWoqppG21ACx3PuonkAEFwkyjAL9ONzWF8DLDGXAOEdTah38TMQ2tg2FGelPV6Zo48hsuS172HDmBfJNthoNpqM6oYASTG\/RxdJdiw6zTrPbRM1ewux4TQduH6K6D3mWsV29BQOTHS0XXpDSszpB0pT5xkizyunUsTMnSmkyD6zVNXzQ5EMXzILn\/+7F\/G\/+5jctdI6\/dPPPLJpa6WPKzVPzwwzbjqGjx703Yxr\/kJULthDE\/zZhbousd0J3udWSBLz+4ztsXYH8xhH3IUM9oirjdGfttWqzyUvhSRYzH"} -00516{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-data-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":1,"total-updates":0,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-events-serialized":36,"global_ts_msec":1621425498439} +00595{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":18,"packets-processed":17,"total-skipped-flows":0,"total-l4-data-len":22950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":1,"total-updates":0,"current-active-flows":5,"total-active-flows":7,"total-idle-flows":2,"total-compressions":6,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":36,"global_ts_msec":1621425498439} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1621425498439,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621425498439,"pkt":"AAAAAAAAAAEAYl3ZCABFAAVi7ahAAEAR4FYKdU5k++wSxqzcAbsFTidpxP8AAB0Id06oCGAS\/SQAAEU0ed34HhSjMqu3wM3rp8Z7ywfKnATeCO1KNQbG+Q1AYYt5I2GKbEI4LPmTF\/Dg8oRvZW7+Hps\/zeWj4mRYkEWQqTJ1jKptKM4UEpyPZZwThhNGXqmj6pg6xKApWE\/oyF9g97k8sBAbAFjDVYEhNEZijtx\/4YuODy3D9E7bPZxpgcPMwpkKYui5mIAEgbi8+Rn0i3hcxUwY7q57V8pjWYX7+ImwcGnArVGy1OpvIF+ketJD73EkvbYzvYqF\/dx7vL5C3WdaRiA9Mfj4FAMj0RdomtiauTwZ9tZGvrn5iZc92HxM4jvRW53IfC7AsWzDXs2r5WAp0EASs6EpiisrRUGhmoOMYgx78xwP+jWjx1XXxbRaJ2HQc1mG\/NdnL1nuvR8nTgTtoDWHE51rI8jwmgCKy\/MRsXgdRCTYt8oDCgeFipZsTgwY7S+w9r+p5dQqS7ggXdDcdXTMpzrMFGpZUtfmnyOuFY8EUJBOZtyPVfAgZ2J9lHR4O7H0HFN20uv52\/nqryE+o15lojuNbE7xE6hnJRxYacEhTZ+adxZvTe3ZbcZp+ArC5OwrDguig7jjNBMIHugEUzqkfH\/jaFQLD8JFWvrgHaj8qu5B5PjtqF5oB1qsGzCGjGh1UBZltV0pg4iY3Fee6NHV1exKrosArB\/8w\/C5lj6qgKibGsNPFBHUDqfs6Jz8s6FD8M0RwKxS0XYvh4HQDhIs8KDnCgCOc5ZqpGzAxWE2sFtQm1X9ZdTNBYdCxTR75QqGKVUyAwDY6MS5DrXKqWXB4m86kt3QfAFZUD0r04ROd5Iy0wrnwdGHMkbwXSsDDW5fdt4YYwn\/mhfO7TJ4ZKBrSJ5T+p8gpO0GzoZC+lIbATWgjqE\/P\/wDIp6NdKYeA+8geSI7YZP4nWfDgSoIHZphZHbocFnUUiNrBJ+JtQJCV1GcW2T5EMvwWWQ+zc5iC76n0qfV0F8WZ0UcVFvIhbjTEkm5tN09Sz35bubHZC7borBe9wGaBdUWuvbDKcYxKkDlCqHQh6sGHMEZvO8ITeoApd4s+sy32VthAMZfwzAkcp543Nd9arJlBQRns5ovQ74CEqV\/1SFXZ6AcxWiYbvYtKsu\/PXbKxEWRX\/bLqtCaRALrGa7LpwKvTT+nAPIfY1QuCMkJVs1njoj7EW\/n+6IFSplTtx1+YI+f46mZhIFNeEaX2QhADqN3oRrKwNDIyXpLg42uHmw6eyK87UJQsPtU8fbi0YLvgdhwLKYwc26rmYVcgZA2atbyib2Uj5alm78AkDkA5B6DNcz26jK7Xdi7HuV2TaALNudIatJBaYrNO2BlOvKywUaBJyggz39eP2g7XmeWd3aYE1aVTmJh\/X5Qlrz9C2EIg7WTIcETGQEy8F90A79pH7Soo5GcuPSyFrXtm5pfyZ8ekVtDas4uVjKMf\/55+t6uPRCl+GGDV091JgGbVqRR+qTbedv71GzRsoHrnHdTCw0\/6n5hRMqNjCHohMyyw+z8G1vmqSYMeQSMcWwzZON\/Jpnf2+CCqG3a7qlN1pPPkFyQhCllDNBRGdLWESKJhwxAioLHXjcdaXMywR8L7AS4Q2pkh1vrE4OB5IkU5Akg+78J9kzElSj\/7UWmlJ1BP49+zt9iG1OkS+1eOA9H1HXTQnB3rdU7jlLnCc+mS9YO5piXufWtmGBMHav\/cH2i1z7Nj\/YeOefBJDB6J9Vay5mTPGEHAWOZWU35b1ecCTk0q59LDDSBSuCpCzIgENLQ9BsmRpTJ1p\/5t5pYrOotQhCsIUt4ZYseRcaE"} 00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425498439,"flow_last_seen":1621425498439,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425498439,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"251.236.18.198","src_port":44252,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -45,7 +45,7 @@ 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1621425516873,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621425516873,"pkt":"AAAAAAAAAAEAaACzCABFAAVi\/6ZAAEARdvkKdU5kypibedfpAbsFTqmnyf8AAB0IsJwtqP2LOOwAAEU0PbMNV+Nmu5DIBUiD5lV4SUmkAFIOJpUhquUbkJoyjAxBM3gtgG81k6lhzA3GQE8tVB\/S296\/Vm2Zxaenrapxc2ryyJf3KX33MoNtBeSuxOyEjdN50pJD4IMrhuAo8nfxKG6fLj9F7lLvICTV\/vlkHUn8yq3RpGdoDFOYvOtuCt1zawf8weQRnfp4xT1kOhHEDxHVv3bNZbM5nRRJXxXGUaGOz22milo75Yy260QtHR4aoaeFIln1kEu0Lim1RK2gIG3MjkVIIfGYE828l6gKFLAUfvWyTEYYCubVd8+CKJEzaO\/afD6oH5Y+bKAztlPySihidV\/90CKHnjQSRTY+hapGYGfImwKn+7gwJ0y8ENI6zq2Ih7o8GVIuZBwsmgHPKVoI\/krv0+O9osznOQz68C3vRsk1lna2++Eh\/eGS6oVNvaQ9HWU8IOAO+hUpNSDAIpk8z853xu8BoWAYiv13BqICJAyIWzO+XisJ7ZDbQazmstS1X4Ro4beEy\/NpDmgrHs\/2pa7Zx6xAb0+3G7FsuNHBfazEIqD5ZaxPUSzBN2h9+9XzJ8MjsV2QQaUNPKl5I3TcN6uLucyXyzoKtyZvx5m9Myxjpit2V2hvKZoZMAufeIdZgn3bjdomXrscSN1kh89eZFiv+8sYO520yhiz9Evn\/LyuQ4s3jZpT\/D2t8PxQoF8xBbRM4zYc7mLtB7P7mWuCpbELISFHcTd1dWZWKO0foIWL29u+grT0xfq4G03G5Sdlh6g1Tl76tw8ffNRyJI3B1Zll6LpvOOT++553ZZZqQa3dmFoR3AuvZwf2iw+7omds46sgvQhiRN4h3ZF2B3hT0H553qSfJVf4VpupfglxjFiuInrFgySWKfAzXArMN+oCMOC4SKZEMeUovKPTvnb6vai123eTNft\/vwXrMQQqNDZKuK5WJP9n6bql9xt+K6gqLuWDibIsa7IxJZOdak6WDJKf6u4rc9CLeCfpZ+GDha\/Ykxp0z9I7MyUvNbVkIJM\/\/ALKQXgF9YFg335wWbGJ8oeev0cFKhtD7JCQbdZz00KdQoKXGN+waVJ8KTPJCUvnXb3d0W4Fg26R\/P47ckP8VwYPQ0fWuFNGOND8uFBwF\/d3ueP0Anz4sfSw9hA0aszUtBllmz+NjVBZMaAVseucfSE9+FWtSW\/KsQybDuj9Hdnq3g3OWz1pqPNSI+HFuqWF8kQGfGwENovGwhVwKpXQnz+0BZTlc82FjLmWo7drbFueC+RSI7H7oib+IE4+I2hWvpUn3YTZ1WyrdeA0MBi5AqQOhNsHHnx76MGBKrRzlZllpZzmHpoD\/tJSEv6IBAqZAZIHyZYvETkvTQebRoyNKdTyTMYAOlqQcbtY58suf6NwY93EpSSHoAyvs7u6S34KR7j2gnjKUKqgaZ32XDZAiXBl6uHxguSNnHz\/0gic4akOjaNW1y36lv+MwNLpamJSA75xsY0Ag\/ayv1tDPlRq0SFYoyH\/L4BlSlxyXIpBXn6HDmzCBeqGRk\/SbP7MBhn1lhwnTyawxEZ\/gU0YfWVdkDqqI72zLJMAeO\/wRg13JYd2UqEyV84a2Jfyk1r4cyt9C7F0rhWFGR205l4xStcaYSinxImLl2pCKe5S2JSrskLuMGU92EeDCBi302RtMnd+pZkhUc\/dfq97n6+ubGkMSI0oohIfiZeWDID8SxamWtQv5ESk0SKFBP\/pMhJHpgeg965DR9H2osi8d4eJR+qyOMZCz7jHyZcC9RS2+yrCjEv3U9YnBDp5bAPDFrSnEw7i"} 00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621425516873,"flow_last_seen":1621425516873,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621425516873,"l3_proto":"ip4","src_ip":"10.117.78.100","dst_ip":"202.152.155.121","src_port":55273,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} -00516{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-events-serialized":48,"global_ts_msec":1621431299729} +00595{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":25650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":1,"total-updates":0,"current-active-flows":2,"total-active-flows":9,"total-idle-flows":7,"total-compressions":7,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":48,"global_ts_msec":1621431299729} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1621431299729,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431299729,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi+ktAAH4RGLyokEAFcfqJ89CcAbsFTkRlzP8AAB0IlfQu+B7a8qcAAEU0VAXtGbQ9llSdlBvWDRqBCRlkCr+wLAODpb6IkSqrNtQT0Fq+mFTNNcZuGPLGmtMQiTgX5ahNfvwc2wVeVnwpjQXgMuY9BTiBvljI8vW2WO7xkdJk5ldSQUgRVPQ66OOPIEevYhWr2qgdtK3s4RlbCBiOUHL2oc6mNd7wOVC5XPDLU15Pb1X9rKGpYODdHEw2PCdUqXQXbRHNCTvR++4cDKRlcnhpPvs6EU838tX9PcKuOpDKMkxV6FLY+fNJwo9tnmW2kblEbFsqwJpz\/\/Enxa34NjqtoZhoRtapSyZCnEvopODqREJ\/CbRey4CQrv2fnFjjq7IR9A9vEDzcPpksson3AN1P3XrLmYYoaUkTGHOgCdje7SEGLDVSb4npjqySIO7wN8vp5rSPM5nARZ1XOT9wXoHff7cCe+dyL08HzUnnLJyBinNLpzvNbCMm0QKhi69Iq30GgBOKJqAZysRaQ5GV4Mf0wvX77rFCRRa9yldcwD6XOuyQdNUHPUQ0mVgJn1umvmeNPG6nKZjJq\/KGBx7ctS+gpvFQ1y0aJegnLzsDI2wvLLmhR9R3DiAgytDTiAvkU65nFAyo+x3w4ph5M+o6WWzbbtjsrAAu780wrME3zeXVEG9zm\/D3uptFTZsQMrWiuAaPVLf96rTs6qYSSYT7sYTWl\/jdhLBcFgFDy19mw2Lkw0oDKrrArHJ7yFnHUJtANtQ21TmcvxB\/WIjHCz8GMrDUZLO4OL+1Z7DeRFozavYMggt1qJ8U9KCvWBAR23kR921lFVt6a6RAQr\/I7jLU7sxhNgbORnVRfOZ1MAqQI8IIaWCq4xYmb6WmBUSzoH5\/13r8jfLuzIL6b1\/1xuyK1tWaBwjxQ8cdpzOSdWlwWGTU85r1MWsmvvgBLQno8RQ+AAeZUXr\/6vclKA8Bkt5OZC6F\/+bo8hifoSORQrzeJzJJiiI5FanBwgqgIUFyRIOqxcbjrI0ERcNvwqyjkLLqGLsY7p23bRBCZkGYLR28zH0LBHV0E4a0nhRGBk0f+KMOczC6ffG4xUK4QqemNWTyR\/91lj1denqDLOozFi3s9mCEzX4+yJyt3koNWJYF5um+Cu3rUa5kiznDT4nkKCPucW47nzSCmVao4V886qRx5Fx0iQIhZYySPa1r\/WDeHAaJOfFYJVkJKXBVWbzBAEax6q6reJe4QC08bU5\/zqLbaU3p3TETZVXEWcMzHKQD+xmaiYax8+gqDaZYIyifU0NKnlhkl+knTdJdHOJGncWgecX7cZ8apFuaDFx8UDXeMSrVUMSg8izndsoloQROpF\/aZqcH\/OCBifGVJlyfDkwFvsOr8tK54nIg\/1cnqgMA7cZTlQOsYpxuCu2jMiDpXOfrkKeU1g7FA9f\/QLEQ71aZKG1rpKfo9DX1OvCkAat37rPibslfUdCAi0gtEzi+ed4jZsjTTtLfHjE42gsT3p0neSGtZDGwREWKTcya3MwMkr8y\/d3DdqmakPpf5GYFqWV3fR7TgU6cIOopkRSOcFKjDEWelXif4mHkRTG6rwTb+56lZ51kKqq1jDvERvqFEW5JginMwKZ\/lD3mwE4WQG\/o+y40DQu\/5PR3r5bhM1VHKHeN3CJnGug5p\/ZJp53IP681sF51Qt5pS8LzCO+rVnGa1rCOauVjEFEOyPp7wndr4g313ytaLKjzfjG8HveWQnAWD3q5pxGlBUxjPmLLEeKM1hHQLZMxXASZ2IisfUFkbyzFIAfCK09zSR6oQTD3gwuOcTrdJpdr\/4oePdnzAHWZa\/8h"} 00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":20,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431299729,"flow_last_seen":1621431299729,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431299729,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":53404,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -117,7 +117,7 @@ 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1621431858501,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431858501,"pkt":"AAAAAAAAAAEA737VCABFAAViA9lAAH4RSiuokEAFI8KdL8CsAbsFTiKUxP8AAB0Iuy4iiZ7Rc3cAAEU0Q4F3W2ov\/JA2RQPk1kCE6d2abuA1AzJ9v4cgD5r98N+jLM5q\/vKba7ePXttHZOnfzIXKHdtGp13XXGc0y1g0VbYiejL5PEPTPKK+5FUHxNJc+4iSUfYHJil1jWJsaI14aq8Z9k\/D9Frx2Pd8Ccb5b8I5wMMvAXlFIaThZX3+88jwhgIBY4WhNolXEK3QjVERqqjNlflz0Crvl9eKzWDjAvjmOz12493yS+U4C5g7xeSC6Cv481a1zOEEDBXxUJwyeekPCKvNOVETC0idyTRu4Xx7IK\/97JI5UkTjH1VgYb5EEV1DY00jaUTBEjI+fpvuHX57KvIXmj+n1PLaIlVIJy8AxZjfib+NKJ2DnJlEkZOyKzqiFASH+Rv2xHATwBmim0oQbD6SH+mogD\/Zpo5pMTXstRq0ZunclX1q7Mso4TGqtUbs2zzTYctOAA+ng0TvelIWG4Bu4bkkRiZSqlwJ1jDY17CBHzqEyVQgWgeFozJDhGJh\/dhP8nm+IU5EDOJiIPPx8pW7TyQGz8lnsN6LAsQyJgXVZTCNJPU9t6HmegbS0bQ7Kt1DxeYvK6m+GxUMA1DiRw0yw80Uxxf4xuJnn3EJVi8ekAMdVXpaGI37r+vhgsLGCAZgMrHlnTtfOSbgYZBAPdnhiG4xbmDlbIuvY\/BrdQlshSbHN\/3tWjBfc0Zz0J59ufrjAJoriiVdye+Lc3LAld\/nudhV2vnaxR1ShgYPYZhQbGRWlEkEaL1z4rltv60VXAhCWkeJdSv1\/ACb44aJ8HLAaQ7pBCmit\/NMrMwITKyJcPkFF5GRWhel5oEvZ86mY1\/+WA5KqTi9Xb0N6B9CXR4d22U1O5JA419I\/H5b7Kkx0ByhWkeFRz9cXZPMDmowmLHSflTpfTjRerEoB9b+Rp9ZUpHpgHycHnEiiqsSYZ8fJXaPa5ArE6FfrIB\/5\/ex2ULG10VUM6bdMkBHDYOPYQwR5jQfvBJclQo48pqc+jEulTW4ACP9EukaDaWRXQiI\/ao9oqdHF73hElq8zIR0CIH1bOZkU5WrVTO4kXEcriR07\/4SHXlZ0F+XTEnvRY1owmXDXHgtgn794JMTxP6ovnrC1UqLv9d8SQ3P2kaXpKnETUi1\/jmOit96zvfXkyF+GojweLkNJjL5JM3njEGp7izSmZ\/PvKHWCYsP+157DfpYPmMO9R\/yz3E1zaEv\/1lMgciv1XSwptuzqoQHSbZjgs5nX68VkOSYsQYJ60P94MXKCCvjFqKn+6X2Mcn5Zop+3W0Nj0hveNw19pzYiEtOJJVwof6DyxkFKNuQU3HtgPl+GWUUWRig\/vzAY+l22jeUNKekbZmAn14baa3EO6690bwRTg8ZvdcHFz9TEDMbzR666JgoyJFvKc3UbuWhbUstPfau4V9F9qnYD6cFiMRtdBaOgJniitEFpxszoLhTHZZT9Vh\/mXiomY\/wkAwa56XbyHUeRgPu9zAwN6kJW+N7Ye6rlwVPmyPFgUTGn9xmD2YMEr3PeigCIEsSvM0ujBoTlPiFdY26WdH4Tr\/XKmZTQnQrnQptoJDzmG+XaceU23hwOGeY5C6MIxfdvw7Blgvoz8uvCg\/rl0wKl3ubvkABoQ3NzBDUuTP++2gH8HONwB\/wWFza94nHQdoBnk4+rigd+C1oglD8lXIC31MYbN8b51797Aod+NKPnYy35esPaxwNUQDbAPX6W5J2vPC3vU+GmsC754Qjyng5h09pOy7odu+JINrtufSLUCeH14aG0hXQTPJRTPDp6g0aPtL075ZE"} 00711{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431858501,"flow_last_seen":1621431858501,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431858501,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":49324,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleCloud","breed":"Acceptable","category":"Cloud"},"quic": {}} -00520{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":39,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":1,"total-updates":0,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-events-serialized":120,"global_ts_msec":1621431907429} +00600{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":39,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":51300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":27,"total-detection-updates":1,"total-updates":0,"current-active-flows":4,"total-active-flows":27,"total-idle-flows":23,"total-compressions":24,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":120,"global_ts_msec":1621431907429} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1621431907429,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621431907429,"pkt":"AAAAAAAAAAEASYHhCABFAAViVjpAAH4R7N2okEAFiH1DYPJfAbsFTr4Zy\/8AAB0I\/FKj4Rr2N+kAAEU0sUI8yYk\/y\/bPar7IxdtLPlBpfIbJVt\/XG3zjjFAN3PLuPY9aF7M0Mm1Pwz+2ym6LReOn1tdk2pHBdYLYtkb1fXiK42fzBzEBqAcpJ3jEWiim3tGYhBW4xkjPcpkR4V9U0CEIA3BhEltloJi32PcQkjdxPGPSXrYJEyPYT2ODSFP5zFDNrUpqMfmpryMeEByqj9aqyy7TtbIyDDLLeql6c5+G+WJfvTxj\/9W8WJJXv5A2+2wt7cmjNXE5vXIKsxD6kuaexZdsNa+Jr4jhQmDPWt56pOF3oSc\/exjC9ZwNL6Byz+cqgo090k1LpSBEAmIO2JahQD43fCbyWV4juaKj0MNO1pbmnz4OwflX262ok\/jM84d9YgjHmPQxVDwGpKB+k7iS9gP0IunBzPqxZuHmkhsXO2zydYFJgSC\/\/zhZjHtGa3A5oLpp5svgFFyHIWHwV1WsgPl5G+m0zjGIw88EoCFcNVrWAkqaltwzoOYaOv8JtFjKTBrTWSS2yCenFPvS4CiVpH0qOzrWck30mR6VKv+x6O39S8f9xZtECQhmG2mYSgzqYSOTLu8TYzFGeM6fkshiZAH4Rcuh\/rlN\/Jsa5H6fbeTi4JAaGZso4qnhApLrXa2o7crXqkvVvH28YWmlFQx+j96UuaBvpXUP+eVJpGTHlKAySs7PdqSueL59G0N7i7L9plI6+dk46FvYeEp+f7wxaDe9ofiPhkKl77nzCoHlpu9QHGjUG1hD3LrTqagn5YxaAe\/vZz+ZR5XDMGkyjvtQ8CzH750O\/y3RIu\/NzoJHfz70Mwhb5mva6OuXGfu3pnDfzyYgmW2f1EdlTYToarOz0VkmFc90sq7r5B7\/PNAKsIbJnOQjS463M2IqteuzLlV\/keR25no9irWXNenFMchSjXATFHJrxa4+tuks0hrAuCQ9P74T8tIg\/9Rn7z3XecTiiaReESIeFX0atEm6CxOi26ozXUDN+aybaCuI9uH4o3kMLh8H9APymvsHTZQpUtqIhC\/oo5G5CBnxU1wWMKhoH5C8zcwERQJ1+G9XqwN3WjaalURD+EDpCo6uvKka1xUNuYrbD3WxT0n1ODENp0Qq8Ouczn6Bc74W3bNVp3L\/70lPtnGF\/vDIQ0AgcqodmWxltWd4x+oE5e9lDvVivstNGUsf3WVMBPLQOTWeJow9hxLTXFulkHKm\/9m8ONJVe8mRVVH3uwATt6K7cW+M5UHJlGbqkrrKvaq6stg6DWgtUtqTZGBCuGviWVywpkMFl8JYsKFOo2C8dYdoed+lyR29yIQyzC+5PshUVMz+15EUTfehVIrQdinMs8GC1ufyZUllTZ3PDmgBejR3TZTfNXPjDfwNc+TazIP8DqvBBPRJBB2kbLub9\/kgyw1MlzRzbAVqKbkfo6Xh7m\/la1ItF1D8yrjJBFh9Tmgu4+xXJRv7DW6+G1WkmPAAG9w\/i5FmPFMvZQ76UHxJWyfTyoxkIVglJSTw2j5Mv6nedASTTIn+oaAKlR0MpsDHaGI6cAT0G5S4F+89LSYi0DoIHcWC2W70SgDJsNbgysQVHdV4uTwXh\/LOoPR1c\/24Ev\/nFE4oTBtSXRHj\/g9aJYtNJ4Bphqchj\/ydCiV1FKZ4F0VFKXdo786gAHfX2mBeOeLn0Lhn3tTg\/G9s+9dQN5nOBgv0p5HQgLKG6NUNXB4bml7Gr4C7jyXtpqMA10w34E9oSHrOYzPVMRKouJzSoQiDSBJKXtDko+KZvedTXBDCzTxXxdQMGdU5EABWjdJgadLe3U6LR1WE"} 00704{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":39,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621431907429,"flow_last_seen":1621431907429,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621431907429,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"136.125.67.96","src_port":62047,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {}} @@ -135,7 +135,7 @@ 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1621432489421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432489421,"pkt":"AAAAAAAAAAEASF70CABFAAVi8YJAAH4RfUeokEAFYy08\/sVsAbsFTr7Cyf8AAB0IKamQAwU5OroANwARJweyyh8ASQgxaSFNO9MfXImTMnwyXomKh\/ZNPfedDyh5KvfO1MGG51HqkCogC6AtPwJhXTpE\/UKpou6VqZCesbSiBTNDA1JFBQs9B6lpbtkYSC+McmmSMojjEgtxhDYt8\/9dtYYlDOPFZ\/dpG+QdFbgpLb4LL6Kabs8KYDLn+VqI2E8m8ueQOkn1lBiQoAvc0rNjKOazmVq5mZXSMd1VKlKpsbLOchPYIZxqylhHTDiE7M3pNLaBVo\/olK9W8Zr8w5fFNyksOM0htXk+QusGKuzXzx2XRWu+\/Nk8r7wn26b5E2vnI6CqmRqlOx9Hbk9Oav798TUdoZ0ik2Pol9Xb+eCHQNw+XlJCy\/TQAtSNksS7kjeCCjcbIt41ZBla1c58qm1+q0++oj5c2fe6RrhPybaYLt8YUpSsMhpGJI\/Ql2\/NmxHBJxo5URbPjWXLfEGzOcpmsNmVJ2O9aDrYcnv7WnX5CqvzA823haQIF1GHG7\/MkUogQZRdTEAvJm6fBF5zdqrS2BtCxd2wUWnXyoJY3aKCgXRQrdDpBCgpGApMxKuJB5qoWXrZh8eHqiyYIyjBNfvtQacRj6kQMCYITp5tTIecrcXoKPocWiez2LDcj\/S\/19jMLvrNbAcBhQ6KfoiiIJJOb3DnfTdQP6\/4DMSpIjO+s3jvnlF0btkDi2\/ISfy4kfHVix828TssUSRGKO7KC0GwgS6FJsjlz0BU+vv1QZznASY0gmrqU3L3V5EQeJ0JuFK8HKRd4Fj+EOeYQx60REWybndyHIisn1HhzWoZcpBZwH8Nx3rK3uqBbQKlKJmY1TKEse7UpeUToZQDC4fP0SVbtXlKRmkq+uL6gS0GXdLk+VwSXcDDT+JTBTAhOp\/PT0efB56Sw+xnoUoFO+26Osuir43c64mxBrmnuAVQrEG026YUbEpAkKETMHo85xB4Z7xRvocdlOwY06zlP9\/rFbbBE+M+FpELJaF1wOHE282\/6ko8\/0bJJFV2afTCYTIRatNwPLUVY54dJGaDmplh02DhsFSye4H1RytUERPkjLbau4RtBnyf8NekTGeSkfPd29dQ+7m1VARylC5UF8rsK9PxqZ1IjkctsYgU+YvVSm5sX2FqZmQnWn7sx+TmogpnRijHnt3gAx8MpZ1\/6vPZ0mXemrF1srit9ZhT9S1OtARcQG2mrpiCj3+wcDBjy8OxZdjDuPm+7HYnGMUpqQkUp5WDI0HR2Th8J5PiquceXUIN4UYAUOeV6+xy586aR9Bisr9aBs9XUgGeWalZKu0RJLjU\/r6J6yoYwl+tg\/Zh3vVSM24611GhQaadM3op866bGdU4YLBybgRc3Gl0QGq2gCLhejcidoxs5tD3NjeK89xtwPQd7irCBamj04rGwldvYQzxbOjeA5oAoJSaadBElduSTxGYH3oVrfOgrS2xGZtBSStJG7d09ikIYBkxSUYLU27iwQJherSUvhZ85af0XhrTHEYu6GB2FjNOq+mksDa8mM8rpcJgx+hehI17xz+xkqLWilCXGjnoMZWTF4Tx8xav902wfX8qjTHhu5vIsQ\/UV+gR7AYOV0tnC8Ul0PnHl3PUWikjISrIX+vX8LECvnHa+4b7xSouGskcMlecPWND4hCVtRZvNm9FxXgWi2wjpcIcPfODR+Arhmv3RE8GE8lOzxw8rv2AGdqFNX5JwaFFXigZ3vX4WrSH2bNvsDcj\/5We1g3jrVPhkwMz5PcaJQDojUW2GfWTFK1W+lQcDVZR4jO2eOnoR1WqEqE7OlWlEJxz"} 00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432489421,"flow_last_seen":1621432489421,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432489421,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"99.45.60.254","src_port":50540,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} -00520{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-data-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-events-serialized":138,"global_ts_msec":1621432545371} +00600{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":43,"packets-processed":42,"total-skipped-flows":0,"total-l4-data-len":56700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":31,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":31,"total-idle-flows":28,"total-compressions":30,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":138,"global_ts_msec":1621432545371} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02318{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1621432545371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621432545371,"pkt":"AAAAAAAAAAEAS1QMCABFAAViYPlAAH4R+r6okEAFCUGp\/O2JAbsFTlWIxP8AAB0IC3jlg9iBHxIANwCHrPC\/4ONhhPa4\/bkucOa0ccMbRx\/dWQUxDvvPbBbSBV+QAXzHkO\/ek8WDdft4J2H6iGctCUVE\/Vd1az8ukuRtgZHkNe9HsjHNPcO9gC3hoF0jI1WUFpr6W\/bvPAMD0ojxS\/Jat1yERFCwK1qTZjHTu5Hq2GxnTFLRrBvKpajRH4mp0PBh9N1EEyOXmqHY8RR8CFuGBAVrGssOFJJLCgoPFYWi4kU+3Er5AjbG6hAThXTq5QSrnvRF2NsfVwKcZH64AJtDNhF1vVsm5Y8FPRr0Bw0OMhHo5TfDD9554NzZqybC30Lzg75oLfpGADza1+jH3enNvlyD\/9OdXxVtLFBPpK+tc1S0j2l24nUXrhfgzMYJSGfusfan3MputzKVw0xaEMSTFnMyVXBwvQvsJpXe\/cfXTGaPcz+n+4PtyXFFeq1VFMb38KcaBIZAXpjtbjsKy1u0drs8\/lS6zg0B+XEXyyVbBHNPSwQzvYAFgbxG5T2f7cZpDXxonb7KKJeiTREIg53VKn6taxqerf\/EROOn+QPkvNTMzD2dTm5TFHSYxLvBV5+O6FgwNIPd9zSQjxu\/PIgbyOa5d1rycolz3RRmObJ7xDqSBQEx9uBtKS475iYE3\/HVHr98HbKghpyBXtrfiFCJfUPvGhf2ZQTE\/2PgBc4nFIolPbu5IHP5jlx9YJheTrRtsN8xZyNylrQiJyWGIJ+sqW7NQD4PtZU8og15AsUXrhsGP3nifKZ2RW8ULO\/zQ4hjXLbXvVPCRMaOfTnRWz16ymzmazGc\/A9WtT81r16LRVyV3KW5BVcHMerZjTINdFBiN2Rss9YE+hg2Bdzx0FHiLD2SJTldPbPASYuxvZBuOv7vGEJxC\/B7ThuZCvaUXSTwfSYdYePG5WL2Y3bz72m1SZEmn+4Kiqq\/h2MEhMWL2wbVTZ8FAX0VWRfwhSMlOHHKMW3u3baADN0N+mh8BW\/zOcs6XrHPEAtq\/4pbenpQ2rrBUepHw7wEl2Gy7TOdtirMeicrvRMH5ROutCuksQv6EbOTonl2eA9Uzw3fk+NLZelZDt7+chmNI0wDo+\/LKiADiMtDwBrUShAJhuyJCYkzqz3+\/I22nE9z8jtSau8DwJe8rGnUypF+QexVaXFHzHrGc8pEc6Gv1V+yd7O9j1BH6SI99CGYQ4qUSe+Qvf17MPqt6Vv5BD2ZiEf2go7Ms8wrYgSzdW2J6h2lnH8T12duhSfnaN+XilOPE6QCReHpz3pNB7sD3txciXal1Cjtz+D52skW92QHoQ6HQJRVcO1F+Nt9Ms6O4a82MSiFPLyQ4+9HZ8XzRNGIA6bYEMtQ2VoveeK36tJK5jcwcf1bd2KXco4wwhd6yGi79yvfAr9Gnfa+nm9EvT23xLYwd6SLl+UW2Yy\/cUnjlQIjkF+Nl2AFUyHKqbZX2R5uA7ATglq8Z5hVDirutJRbMvjB3S6p209yWJX36GoCAlZULNNq4O\/K9HsfmRuSQzzO8vAnTtDfmAG177+f\/BH\/oOcDleRinaIgIUXyhxOMJNHNbCiUdxlGmVs0Kf\/YtICcdSgbpsnkh7sZqaLRn0qnOt+5wry5o8FjthI8Fu2te\/X8Ye4gIOivJjbZs+RLhZQxZWtt03HV6ev4z867dtIUmron46fcA2edbLbHQ119w4dS3GwaljEI9565fGeAZxLwyqZbVZ07sOBYRGxKVWe9qlVpepdG7mzZWTkGm1aG8jBuv1yWlVaWyIe\/5D3F\/Zn\/LsMgNe+1ozo\/g3Qq8MWGLKjZnwl7\/\/\/D"} 00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432545371,"flow_last_seen":1621432545371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621432545371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":60809,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -191,7 +191,7 @@ 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_packet_id":1,"flow_last_seen":1621433110371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433110371,"pkt":"AAAAAAAAAAEAdQOrCABFAAViTQVAAH4ReGOokEAFfYjMBNxpAbsFTiPgxP8AAB0I64b6Iq3qYnUAAEU0uyXOGSdM2M9jQQTW8DsUXfqiyZuXJRO+q4Qmsi3Ls5Qr7HY2TrDXBUTOIVmmAHBRjS4fP4\/iytOosBigAE3GS1YbHzV4KTpsNSP39e4Ai\/gNwa+JW6iG+pMEbrvqFzobrQPLaW\/LHhGgdXr9HPIyoZkTeqm4dAslx2tKgtIx+D3ADPfxa1GtgUwgxIFKeLXE5L28gvidFJ5kvOUtEWVi7p1Ct04FJCqOfcTDqWyHNK+CqUqUXBJaar8gIYJl7Adtmv4APrH1W4DdFGHseDk\/eiFm5dmfQmCqHSHBPKfjlASsF\/vx\/dDIlMGRNJVvEUORDhpGyc6KzrwpCkBycpnvcDHT9PXlK1Pxbvka1u8Bb\/RRdl4GhJjum02FvwJAQzMMcjvQQIBXXUnCtqFNSpD+x2LT6UXB+SZ7qVGMl\/t0sECBNEK08pUkCk0VFUho606M2fHuj9LbnZQ2bGNrvbAjmEkMviJQv1BoTAZGNESQTqDEbwUZYlY30qwlBFXqT9WdH2E9DjbH42c0gLLqSkQErQpcDnv3SSVrUT94EWqqkCfDVWO57NKjDmHa\/9gsGDeQQUO53mruFkMe6rXxUCFdLDVpieBe\/WbmjFIiYjT+b4FzvV0xGUDAY6PtgiB6HvKPqKp6fxy1kpVrc+ZsH0+HKMh3jfC1EeH9CHXsXnCW1rsQpJK4+n8CsldKtQaVDkSAqWG\/OgV+UysKdCujrfyCGHfNMSPWkslqqg7s2vLXqrQBO58gohSxIbtaCIYfWJrle40Mot6V+cL54Ya7PHlWtQH\/Ful4v4rOlvCR9PDd2nGpQ3FkgkGPeywwCdeY5sCTYbMMlVuLQJ1oFmyS3u\/zhwjeifqZs579qwIfpeaP1FtY5r+JU0rDJQFD7jOZdftjZf2LgOsGj\/TW2xmygvRQ30KJn7bLRU1w2J0q7tz5rXSOHzMeKm57vqp3aJSFv9vTNxJ+BD5u\/xLLqLMMeKd3yPZj737pE79\/LtTTjm5eJ8jsSmmJueqzLtGilfbTFryRQF8325++2yfVJKrzj0c61X3njJbMRbXWJEiQmoEZWV9TWfn7wTSpOjjQRnHFofPS0wy5fqr\/79EqOgnhI9PoQuUw+VgWrmM8UnMpt6HX7llwMkswjZvYYBxWiZK7SxCUZWVinS8leBxtyiCVvDCRWP+lpTzYWOppDeOpuuR6nJmZFaaTGLcFFPeAKuAVu+nTC0hkldleZKShVNc+\/+rolf\/Gxsw5EKidbPL8HFlBJjaenmfkmZBH3LxN7+OOgk0dXGhmlJ4wgJ21FhusAxJjb4rdo8Ob65\/i1ZqK2DnqWoWzDwD5m4Uu8\/nBbSMW0kQrvJmBY4XN+lhGiBPJsJk96AxOW048eDZfKJYg8Q4WotwapShO9Tb4n7Q5LhKow3wsQkO4tfue14G\/HUzOIzbT2Vd6GbyzGYbP6zeXYMvI\/MobQkwBtMUX8uK0OxAv1Dxr6E1ez++cFwnP4qZm\/N5d3Snzx7Qd6PHVVvdaIKFS5ChMsrskm71TFLKy4FJm65hgjBVyTzsB5o+U2Jtrwl04IuRnmQXivp3vavvqqU\/4e3mekp37TSUP7JrzfA2\/tdw5ycfdyqXP74qiJ7FqCBDCIFZz07WOMSykwdBK8sEwapJgncvO5v8s3K9sHSmwHnUhAmcTcEJWDFYrq8fgJAuluMgxicHkbBHDHTdVhPiEDPwopOcYRyFx6QlMlyoiPrV8enJOOqMFw9m6sR5PA1xxKZEflyuJ3mRTH80kEIdfZNby15\/d"} 00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":57,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433110371,"flow_last_seen":1621433110371,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"125.136.204.4","src_port":56425,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621432925103,"flow_last_seen":1621432925103,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433110371,"l3_proto":"ip4","src_ip":"192.168.254.11","dst_ip":"171.182.169.23","src_port":54692,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00520{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-data-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":1,"total-updates":0,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-events-serialized":194,"global_ts_msec":1621433283660} +00600{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":58,"packets-processed":57,"total-skipped-flows":0,"total-l4-data-len":76950,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":45,"total-detection-updates":1,"total-updates":0,"current-active-flows":5,"total-active-flows":45,"total-idle-flows":40,"total-compressions":41,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":194,"global_ts_msec":1621433283660} 00630{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_packet_id":1,"flow_last_seen":1621433283660,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433283660,"pkt":"AAAAAAAAAAEAU0VlCABFAAViM6RAAH4RJaGokEAFmWIcTujmAbsFTq3rwf8AAB0Iz5STt1Y1cC0ANwDFPRNS\/+a+ehucrc3Cy3E4zimx6Se5x9S2Dy\/Gdsrzx5YFrAfk\/P5DuuwrPRCPOU3BXGhgTB5E\/e3sUYmzAEVTAuBYpB\/Z\/1ehiztmkudlkpmIe8TV88KuQZdgMCFwpkxLuaxS1ziTCHLi1IPv4lk79c5Z0ULFtJLLvCInJMRjcd6mMGJScqPLX\/oX54gz8qU\/6Qz4haz6hp+OoT4jjUoHwXKwZdcJIPU1d0Fgj9BSxoZMC3uUZUh6\/nSO1JIplWk20Jn+EdrtXf9IF3Neg2QP7WN48TjKFEWh8rRXUGGVZwXfgyZ4u67st5aDs9WYZrXzKxk1nJVUFJMK02b+yKanwM95M5gyBaP7fEbsz3G93Jc14HIS+TZPmXtQf0GDj7Mvht+3zbNTk\/o4VaawVm8AXrpyWNWavSleSlFtm32amXDcWcXBAXyviKq\/ZxOJHsOe0hRNn8R9DKEAdOiVzWHc7gKLyh2t\/TJ5RZvARNmvpppZ6wGihiLhcw7ZfxEeTZuIMl2vCqdlmdPL9rAcodDnH3cPQgNcH7hxThB++pzk4xpGMH6II4XWKGZRVIss+xX363+BpzZ84mO8AvFYpM2G1yOSewM2tyHJJjvt5tVaanjhIHX91fgLX\/FiKYxmMGxgXGOHydnptpnm23dOt0b9WZvjKRdNovSQvIwMupd1UWFxikqzvsb7A4rsAUyXLWIzvzBBk7394MKzqD+owlnrzPcWgMnz22akkOeqa\/r7Uc1zdnb\/xMYpRLj6j\/VJPcZxgWSF\/P4Qtjjh5xSMS7E0SpcbJG3qGTIvbs9UGrdVGQOvITRNq5BHB25231B8uXSwZZ2OfP4kX6XjlMWXbP+uJQMmZTGglRloO+dA6aqTrTy9krXaEQKMk1DpabL8dpFus+hC79SbtQRB2+q+kl1BPR+TLeqOsYPTKcukPf2WREttP39G\/t9VQQCU\/rrFLKNTWUuaicuTglon\/iwyuggUyLgAJ5TOQSh3AwDysJj81Jj8yy\/XVRc+Ow92NtvThIEXi2BqpMI0pLfvsZgTdjiOUTaj4nR5+SLJt0aFTQqUXp4O4\/J8uybiTqPwgzFfEz23lP4SecnmMrwFjOkjPHhXc3\/7rEUmZh2scM1CaQnd8xqX1Byg\/aXBz51V4uicTZLxtfg75bBVl3kelSzZJu+XqjxdL+n9CzfZbtFpXbsW2S+Q4+jDNeJp4HBqG06R4FxxFevo8pd0keFBmX69U1z3Wq3sokxVvxe8+dpn6prJlOSracYX8yZoELER11iW2n6aiIPlofm1lWs6hUzVqnPotYA\/DykZqsMhurgWD4MoqHtW4DHKc5Bn5KWc\/OJK60z5e9EaP9fvLRfYouPq78UI388ELbk719D+pp1WijPL3R0TEvj7ae26qCBSAEds62fCV+P4XZ5x0eUy1+pBImuibzJy0Qqd7jHkHbgRa8FGmj\/X2+xPfVMG8h0AOMqH9w0rUvMze6gprpf\/7tktIfCTqw2Qj6+Gkt7WnBilpUaFfwjZrooYmfJ0DMITDqenN\/N95DqoILT6NKoG8ZEuXufJTYTBtIQQURklCzYwU+bVBfdZZKhXs38KMloqNck1yXZTWMqx0XcaKtPF38dzgU97G+ewHG\/d4QBFblkENQ59GekuwL0tajlQ1a5yv41R4OjF\/og3TAJBWTrUQFopI3FvTMPDLJkxnep4Xrtt3D9pwmCEDc5Asj6CgulJotykyE2uPE6yOnzV6YWwiNzS7S0bLajRUqyRCV2dgZXZaKJvRpr1CHOH"} 00696{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":58,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":46,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433283660,"flow_last_seen":1621433283660,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433283660,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59622,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -246,7 +246,7 @@ 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02323{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1621433861875,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433861875,"pkt":"AAAAAAAAAAEAAWXVCABFAAViHWZAAH4R2UiokEAFjzSJEsyjAbsFTgvjw\/8AAB0I4XSW+s91uvMANwAS6GfjW0GMdTsqKMpwqTx337NvtDulmldgfnpNodm4QCw5Bjnjn9W+uBm+YhsF1Trj\/EVP9+xE\/ehiNLKErhY79Fc\/HJEeNp62+UYmQIxnF4BXHeby7saDvvQlaWtUhK2nNgwODZK+JDEtxkUQ\/VybQVP83ATzWc0qLvD8yBtR7czNUAqQeB0mf7V5GtJz0rLXU9erE4DOq5Qs\/9FCIz7bDlqW8m3GqwlAlM\/ShYpSh+i1tk19DnlT9d71cXWxAaBMh3SgHyMdgTEnDOAcddGzDaeO7lK6Q+fWEYvrhEHvLyLGKNSZUeJYxc\/icjZAwxx1JsyytVVfcjM\/mcdecpSw9Bmojler9Rg2Ujayse\/kuXuiAg+1NTMXX33ZL2rhDQtAjmZrBrfEVHGmJy+0cMtd+79bvpVApkexLNObFkVRwaBswWlkZfKVtffBr4kfbBTWyXOmnhO01cFVCjdQL\/BWZouvBCtlDnK59GQE47E\/QE9JjfWDLKIpllBc19+E+UnP0GbmHg\/0unruvB08k6BhVSiKRaeDIjirm9O9wbEuKHWikZtOKgn0vdcW3o49vZELiyS8Oh0eH9i10QOv1F\/ixGOhJ7Q9oRu9TNyMYSO08q0kVm7c2CA73Gt23SuU\/bhClfdnHjyNCfLe1tTbcknZFj\/ikotBSaPjBSmkP\/K1gB+2W38hHc\/pDDGJn\/1HKhUE2jJHeTGdUUEt\/nIx7qb\/Qem+IcovQc0vl5iKASp+ml4MLegR\/yOFMMAwayIHpj4zjxWU8b5eorYjA3a11PNOPq+Diwo4jSkCwWP\/NQrR6of3bBVoaXisVa9wpr4IMIfCHiFcIgOR96+r4oTypl7Gu8zq2gdbwI6YjUXUc52tqJWY3kkxwvYV3OqU8QnVDcS8NgM3sBNbtUWYevWYZ5kG\/xc6I9RBB93tEOa2yK\/MLrNRzd2ly4YTi8cHvLzZ4JO8StA2rNVX7gEP+80+zHm0dnXITPxyYwSedSInn\/pNvSAPgpaQZutI98VHsSgXt2AGJ1MMrh4KLNemtCZ0sd2YqrNsd0v\/Q\/CUZ1ILOe3p+l5wVi9Zn43HdgMKjjQliDoQWt6oPzDKQdarw2zvf2CSBY+WIBwbxkvSJ254+5B740QdtviqaFSVrXzi7RfFwi+ivbVv+NHhY1sdpuJtIIOCprt6WYhs+StriI4nyZAJwcdp32W8aqvb\/1985ZY6u+nxx4f2trOGoh+bHJBuPbElLY3maoHSuOXZ785q+vKdky1ER+vTTeciB3UUV2EsQxGisoRd3HsY14dMPd\/KtnJkfnSo9huSkgv6uqscOmR3O15K2wVr1cJTHHoYe8xmAfEt31ohtVVGBkqoyfKwhTy83VRvvkyyeMMzfXCvOEXQzPUnps\/izhGZQO1uJuDErdBO8cpI3nRLPMCD\/UdOq6K0a\/lUA2\/RmUzFI+l6dkQCJFczxVxFEsgIriEhhycx8gi4LqlH4ujmWOaJbxFhSFcxnusPel+AYrO\/saFdGOX6zbAvXOzVPrMBiZjZC6L4YNHykbx\/ACsbmx2tWJ0UBsImPtqc3VN8uY2G\/l672JNHVL4kWCmPOASo\/9VfXHfz9oDR2A9rIFyPu2yDMiXJyLW7o6SypanBfAjWm99ANW\/QN19miCc22rNTHysZikzeNz6bIeFmyLS3Ngnlk7euJrOCdUrQrLMzQVLmQ\/RtVvjMOEklG0mmb1U0vbtTHQFDaG3odQNuXNPFHDfi8wFpWHR9i\/WEKv+nJwW23RrP6NiuaqLXBX+0"} 00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":70,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433861875,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} -00520{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-data-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-events-serialized":249,"global_ts_msec":1621433949433} +00600{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":71,"packets-processed":70,"total-skipped-flows":0,"total-l4-data-len":94500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":58,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":58,"total-idle-flows":55,"total-compressions":55,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":249,"global_ts_msec":1621433949433} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02314{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_packet_id":1,"flow_last_seen":1621433949433,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621433949433,"pkt":"AAAAAAAAAAEAWIVLCABFAAVi\/AZAAH4RFwGokEAFcfqJ88LEAbsFTrCcz\/8AAB0IOpZExBi7cWoANwDL9uHaA0kckkofYv0DErOJu7gbuZ9O0WlrHu9XY7EghfeNZiWwbeaMEG1HVz2HXjvb7FiIQLhE\/XrtpQvuu\/3Omn1Xc2On2DZgH7f6oOHpbPUOYpms0\/qyqv6hTxaVN8Qyf9zFprmCdbR0TKFMTov\/mcwAhmtaqiJQOX1idcPmDuEg7iPhXhQ9Rg3RwrAk9BrfJvQxFfeEOMteWZD4MyDZ+yV9SiAuwwh+aqsiPNuxGOL+UtAzKQsqxym7hzR1q28tmGh+i2Zfk\/fZfni9+9jCbMGXciLv74dlIT7PTJbDgcbiIKwlBsLy\/knykvOWyjY094BIkBXk3yU5NleET3fprZZxZhV8ZWXPFIPEaF+RU6Htv70MXhBjSUlUKboeasdJJiERx9PP\/FOQwZ9brIMVelncnCNFZ46nArIPtPpuAd\/21AcBQuAfrDAMwGty4EHlw\/4EpTckdi6e8Q1HZa8uOZS8L8Br1Me9zLoyL4ZjxYSKprCH0SP1KvhqYL3GHK4Qay7ZVNjLEb+G56Co2cVZ6Z8h9R\/Vb5Kkek+Pkji+2fhLMmeX7GKMME7SjXSMGgLh6kG9e35UGvMzTHWm2oiUJJo5etspIs8CqI2hin1wFD6+4iM6vgMpZ1\/0hibOtrqATrfcRXn\/g3FcL\/RO\/V+7mXSO42YkAYxLa84v0N\/qNcWbspbFv6UUuZtGqJZj6gNVEV6zKBOfhdaZA6YCWC4HGrFtWO5PpwwVCgG3aalQZk8NUuhTNMXowyvh9L18LCMzCzLXkkowVa1Yrk+ACBdqcZ0NdAszss2Z\/EjjNmNifpEEEqUfgXYXLLAXFUhdn9KTgkgQJb6GidRjtio+hiOES7K\/Zd7kR9Rp9Q8wDhX+D6mhrqnUubbVrqMcM5J\/ZatN2j1E7+O4tATjd9IDFwcw4kKULkoQtjBOYHy1h\/oATwVF+VEEk5TAZlZMx5wT0IH9U8MEWVD8KooUS4KhPU7qWcQbSeYILfK051yDU8v1p35RNAMARwMz+aDEiPOl1NvT3vNB0NKpyA8dp2SOTKCt+U38vG+GnQA9V62d7ZUKYJ3KlxmDU6XA53hOV25AFsiPuoW6Iyhmf6HsaasYpE\/s6FIsRYPDWGHRq1MdouHttvkvAO+x3GFakZh3SiKhTE80kxe41OgEyoVuUyhRjr87DNUuENvzYlvEniWFEMpKV3srA\/SEnULC+0Ec4J3ujljBaufKdfF8SZpoN9j7BrC+MAqJq3d3VhpBG26mGJXkkc4FOZBB0fM\/Lhy0kTI83pcFnGWjj7XjivhZl42l7vBIKLjvLvvCQDgRAJQidieJyJhRuZYNfeY8eJjBRqpIKNqtcSkkmENkCxAYMCiOc0b0eIGuyHwfWl9DZKgiIkTs1P8VjoiaVtyxt\/mMFzkrdTau0IQVNDUvaqFADarA4i6F5X\/ztcJlv95UshqbL5rcKZuqHaDiKMW08lYpiumS+l0yCHCZdSG\/JKiFlfvCQuuO7wI8YM6N7g2OYZA0jS7vIYCufcCVOzadPPeliEKT+SdqnyQb1rT\/MrPC4qmZRKIvY7jNy8gfCXgs7p4XgbHvnaS7Dr9uRFum4Sn9Lk+LXgtcZE6ZRI7CQvZwF9N6AC\/1sN8XoPIf\/S8UYH\/UrL8QIB2dvW8d4m9grwcwhaVNrzDuYlH1t5w04qvmeO0jLTMXCRV\/LhJb7I6BPjU9fi6dVMzhz3YRA0knZgi9sfYpy0b4laLv5IQhdo7jIDxnDb0cqwQffN65VEIrS8UKXodV6nKpQ21X"} 00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":71,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621433949433,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -261,7 +261,7 @@ 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621434024831,"flow_last_seen":1621434024831,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":60949,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433861875,"flow_last_seen":1621433861875,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"143.52.137.18","src_port":52387,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621433949433,"flow_last_seen":1621433949433,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621434304066,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"113.250.137.243","src_port":49860,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00520{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-data-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-events-serialized":264,"global_ts_msec":1621486316206} +00600{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":74,"packets-processed":73,"total-skipped-flows":0,"total-l4-data-len":98550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":61,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":61,"total-idle-flows":60,"total-compressions":60,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":264,"global_ts_msec":1621486316206} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1621486316206,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486316206,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZWtAAH4R2n40uxSv0OWdUcWcAbsFTrOSyf8AAB0I+xTa7lKQafkAAEU0jTWyhjWmo3c2c8tkYAeIRC00J2hfh\/j02rOWVtYboU9UivrOMDnb4DlblCS28uJrMkjjwdTtO22vVFwPaYxj2IIflFADqJCdVuHcXcnvIynZuH\/49aoZoAl2YJS8pUl6yCn3zcPhaVYM3BWJHJ12bT\/rBl+QUhFz+eNv1NjusSyo7XRmUXDT9LZCM\/KsdcUeJxbJMKMhLKDH81GMtpYCHwWUPWqqO9e9hvA+yFxWoDib4NbLv3\/NPWniDKh36sKuVx\/WIkOp5AaTQLzBliiDDxtF80Iy3ba1w3uKH81kscAY6jISZDkCGIpkH83a9jbwNNTu4dDGSDZa7\/6HH5W20Tq4MhhXWYZTT\/8h1Oy0puUFllXhqXmIg8+2Grn5B+DCtffivNTxawD23zhZYDMa5O4Knv1pxKsoCPI9uGjVARZ4WxoinnBJ4Lx\/eivjiy\/9wUiLC2t3yBsy7scxzTv7a9B56haRYFOHLBvLzNjV2ReQFucDRZ194sZlbUdGn8MFTzauGKyE8FjTABrbToSZZkd+s9mIdwH35yLr658ZiMm1iQSdaUX3AcvdyYuEGp8MnQAMvaoRfRnnmkSaFBBjiB2OIsBm5yjfjQzpYtX97hEeUwSv5yqk9ySGiUJXi\/5hLfad84l42JzVEw9YlxyakiWEDTCs6mdaMom7vY\/Iha1i3AZ8pf3WkhBJ3b2\/2DKVs0REkOZgjTqzdd\/K4AfSFcDL8A1CiF09bQ+eTVXaS+xpmL5GSTVDyTRM40KZfUhO\/T9EQZtNPiniyNqbtSZp2BYc+\/2l9wdhMEjiEKO6wYoSeRFPJBNsw+m7Su\/ssmDRlXGBnVI6tlHZWM7CBp7yEtJ+9b5lh\/h2b6o8NLXzXZmB94SFM5zpx3nqn4s+YimdYWtGhQxRDQoKolK3iglu1GOcgjHmAJkQjEjCoXuY5Z3wxhAtlHkChB4D4Sj+Mo0Pe8PuHQ3hvPSuLwFw0FqDm7Rspzd6alV6wevE9brqF0ttPmCgs8akAeLH3Hg2jOzJR7Zq8KSRDJyhC5wYRQJomZdHmhVl6k0hQlrOPsbeG33RJrOXASmtURkVNrkqMFtEbzD+nJJcxlWpn49Ehl9m2kKOIs1drmrTjCgOrpMNceU36z6U7NKS4u4a1hVFTMi1YV9BCf0SrTjGuouERb51jAiRXHvLt9eC3HlqplhkgSDMr8ATClK+9EeI5ZYJ+qwQ1oNpZdKQHsnK3rftNgPnZFIeVe2LSvMENi8FH6YjUWMcIEMIxUvHXWmhFLzwRkjM\/dETZG8LtSp9lIP+R6o2M+Z0pn4VC09fNocjGnGygpS8xtImvQ9Xi52Wji0Mxqp\/ox1cXlDhElkji1gScwsWqwExhfJEHyZrsxDoSgYL92Z1Pn4HBsnIkQM7VPxnWWnZFJ2LkCfQ6AL5v6LxfRd1eQDzaT8j2cXS+hAnjFgH8roiknWfHzSVGVNaIySwi6GzicPRwiTXqCSzzyJiRjY7LO2cY4SJmX6FqWWTL2hOvjoCvsVA2cZN1um+uHaF8+jCaYrlDihaV62byo0sQX49iEOMQc4cm5w+ac672idPEvZbXjaLZaKlnjbEhQJQMWC\/nDrqdHevi8VXVL66zosdlIzNI74mdhJfTd8oc2ovgBinEH9PA2Lqf8or\/1dRozLWj6+nG686ciLUDqT0aDB8JAQ3nq+eUFn83ml\/py\/lqV4T0XXeWonhVytFKd1udnPL0depml6Dv31txugFaXuB9swFjUHsdQbAqQI4U08c1YRaBctk"} 00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":74,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486316206,"flow_last_seen":1621486316206,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486316206,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}} @@ -278,7 +278,7 @@ 00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":82,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621486385474,"flow_last_seen":1621486385474,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621486385474,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":2,"flow_last_seen":1621486385780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486385780,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZlAAH4R2lA0uxSv0OWdUcLYAbsFTtWuzv8AAB0I+aKrjQG3wPMAAEU0pYnq3I+Pk4UybR9VBssX3rW2MX9MykXuwtEl37HZjZdvUwqOPILmOs1ug3ZVyVxysW\/GbunfQvoEKJNeJUHr7ARioYosUv\/iMtw3zJNnqitKNycrvEvR+KPtynwqcEskqC+a0DoLcVg8G+1ytgtC5bHkcrgb6c+yvfYPM6bQHRedo3fqBnUH\/vo++7E8FATzPknFujoxXAfIqx5\/yGoMqH+HqtaMj\/gBvnONUQgLifilr2pN2X5UZtCvWUHfwSy\/ewC4h8t+MC5HX5kjR\/I\/PEFr21ZhBOTbRAIvsPlTMMkPaVFoJeMhvSPXH3RCxFq+4eYuMrUD0OhNOcPxOIZDZCyl0o\/ggv2DFXNJg+gVLPXoZbPB4iu5Uhmke6bpE2jqTUZPjwXEkBe6xV6sp6bLYYcswATmdDqFUEdmWGMKBAsMqXikUGSk8uiqTt95fjHy8nJN41GX4xtHHAni0YyIelafqSbckoVL1qDANQr0CxF7G13sR9plFiWW7O5A7e7cS9pe6mRYIxMGaciOe9ievt36yTBJgl\/fiQ\/Mz7Rf\/0\/xEHpiGjimSZGMLJKt8tbPUkf1Doy0L2PCwY6LPbySmFk83DrXfORYqZzQC5aRkTc2HeUqrMm4bElbKJ5gKch3VNRryw25TpUnRtQFu9IMWDE5dX\/3mWizx7+qMJm47Fyoex2QVEdKtHErz\/i5jbltyKP+JlYh\/5iVhFxWpfjDpTOkH+CE\/A7gJzr87sNP+7VuTghxvarGALGRQvWB3CXNIrBOCA9jEhQerKbB8C97DJMm5tcWUZ65E7AYZouY8+zkDggzBLI+0JJ05RIaaHlApiwpsWJ2zl6F1m9w14xWaghs7jZgtgfJEpGiT74jl4pf2klaE21HmQ3jnkf6AGhbgdZBQmCO4EIpeWJZsQhwGl5VQuea9a84+ee5DEZk764Ux2ytifgViB44NxlhtfksBdQI6G+PUXELugH4wQ6SukmCIBACuFIfzQbiKGjpnRUkS7AmxTtYPrsIuSjFIrLSGd\/5Xekm02vVOPCc7EG+Woa7OletCxnuTQjLX8oheX0o2Op+1dBXeNai8Q63RlSaVEOBjEiXQnmJ5lR4kLHJAKgnnUly9\/g84JyqUljiN\/e8uABODq7kynlT0o2IN5CHpN2XfhoXZlxt2HiDrqvNzSKO3CpTZnnkJeJtK9cjSU1XxfkGr1TK+WrsxaOx2y4S6PIiErYJnObHfsCoROfZB5v6WjVW4TwLRypWRXulBOZly5TnbMAqCFsdN0gy6amJt3ngyiI1muUKlcYOXXmBVBPpum\/+c5TkiBPy0hZUTn3PK8vRrELBxFuvPrWR1GEbulof1jbR58Ncmb0rjGewwYSLgqvfw8fWuUbbODAYVLX15bmDoErj\/57wyWqkBS8kUoD3JZecSRs8Aps02NKyynCKHOlNpc8OBgCA4Ad6xJZK3IyyURTyz5JvyG0vAoHB8Htl9cCeXJkHl+hbzHpVtzHZa9PuVxTwrw5ZpWXJ3D7gYDf3YjByo50t9uNuwO1TdW6VEIoQ2YFWco6RoRPd9mEfRhGyA\/HMeXm4nHmXXkUxD0lWGhQ1X301intynkww+5gju+t6izkuTyIR+es3wNgXF3uDXXchyNcpEgdq6KXfVdg\/FtdXzMb3o20tlnu0aGTS9Ke8r2K9x5Uy5E4IMaNx46xDz\/FHeQCHMCFloD7HC0iGeHQTjamzHYw9Q9cx0UPZlEZjKGZ\/W9mm9Rh0pSLgVkS1htsYD6Bvo2h8czyqOaZf"} 02306{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":84,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_packet_id":3,"flow_last_seen":1621486386389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621486386389,"pkt":"AAAAAAAAAAQAJ0huCABFAAViZZpAAH4R2k80uxSv0OWdUcLYAbsFTowYzv8AAB0I+aKrjQG3wPMAAEU063sPCo4ozMPxlUj\/bSPtY3+CzlLdcC7kUprewEjKm2OTMB65C2RpyTFK0qHd1UzUnN6U5dQGGKmwgsbIXIKSBC7aC9lk9\/7KSXCk70eFVpjOtIDpiKUi8vVDCcfV6kRbykQ1UG60rnGaessWOlmJYYUYrFTLfQgo1LVYDsFKsPtJ1s1kupvZUz7DtsLylFS2l34GkqtIScglkyae0GI8mViRVebeilzlJSvddjOZxdAXXrNZAwRXdoffLloV5HtcoTQxqkR0GAPQdvrWXk+SMlGx\/W7Ne49MxOoYqcb+ZEW\/cA0RMhYOyvvzwyDA6S9WR2IZmDOEetLTQcoqKQrcTga50K8d4JAO4kVEikYFtr5Bm1z+MiARlDwUJIa24qTqLJVIo5iKqG52c5DO3tsvK0vzd8pSllrOHA6f\/I4wQDPyPJtMgg5O1ZoG8De8l3r2ufSRHsnJkEpyqWGF1+ijD\/7lBI\/5nWTPn9fBbdQQQkTlCH2+hn3jyqGiasIwS76cDfQW7wvTATHGizCtUCL9RDngXJ4m60+cjB0gourDm90bfqwSQs1xt55IkE5JsBrjydZPyipe0uhIjm4KZxuvhAjYi7daB1ce\/\/+407cCf+sxxL7CWqTVDAtgj6KFZbP4hnyT9ga4vkmC3\/t2CtLgFM4\/LEuF4nmXrGayZvHNNVuso5WMvbM4gno9LWsv2kJV4dX1TThhLd\/wIxSNzjl0dXSOBZ7wgJEHEnznJuFVstXb3tQcV7X3RP\/hcXpU9XjjFPCV5oo1sQe64QtneNkxV2yjvvs4fEGTk+zfZAnlMw\/iFw5VrPsMS\/wDar7RyJvWTPrIcoFDMu0pl6zkP5Al5BXrxcNMZVEAv6FlHk7RldT5vteKHFUD2EG202+PzEtOTPlmqNG6eE17A10kl4\/4bK9PAjRlBlsdbWm59jtIwieLuyVkY3xNNoXmkXmw+HTfj8L6cgMab+8MVWKD6X2FNJX1Hh4plar7gQs1wBHs\/50jh9TX5uIoGdQRaAkCjse9rKdwxS\/mQ3AZwSCeTLDSDZ7HNKOkFvE4XF72wS8k1jEs8CQLMd5eF7YKEIwhKqSRCTAxxeIp83q7tXfO3G8oxX8DNBZyGPdzHTcD2B2+WzAACX+B3mJrQJ47ogTtd7hRxPzmVNoKxW1cJA2W8sth9y2x0M4tQfFNCg+y7Hjysh4guq6xCuiVT5xotwMwPSDBGNIuXj+rftzi7znrhrNAbCSXiAYGtGnmHBOghmDMitk72DkuK88UEA04IW2\/8fbI46r27QDrpS7pjckWTOaGJMfuh8JgHCaU9F5gWqtRhso3KChbMMFYhYXX8heyFp2QTjtSXCvmSvOb\/P4Saj9keRyVu6EwxUD\/Wvi1CQPZNexfLJTr4d0fY2EFznG9mLwUFqLk8x93VjpNxh9mUDOT+9FkN2OUAwfOdunZk+S7EQYfuz58Zq50dfTTQ4ytc1corJ8ZnuRFp7bcXIyr+r\/g0rxcm55mxTcduuOI43k6A\/u4kxcszhmg9OmUhSIdiyIqrI4cTDkvXweJOztAO+v1eNUC8H68zvSWSCyYfBS09v+biPzskrJYVcIdvRbgzNi1MALIo64umFnfoGW7g7tdRnTTtUaVJ7SjjCNftNOmI+oKGp0G6qA+uKDhFNzBEwpKt7nPh7uh8czyGQ5haYxO+MQIP6acb8ITWfq7ZBDLBK87VY24JBoDq6EX9\/nCN65uCe1Ka7quGr3dV6rIOhhe19uIvRjiUm2GbcXkIV4PPI8eo8VJ"} -00521{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-data-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-events-serialized":281,"global_ts_msec":1621488172593} +00601{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":86,"packets-processed":85,"total-skipped-flows":0,"total-l4-data-len":114750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":64,"total-detection-updates":1,"total-updates":0,"current-active-flows":3,"total-active-flows":64,"total-idle-flows":61,"total-compressions":62,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":281,"global_ts_msec":1621488172593} 00635{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1621488172593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621488172593,"pkt":"AAAAAAAAAAQA2lQ0CABFAAViZb1AAH4R06SfdbB80OWdUePhAbsFTly0xv8AAB0IIYJbjKvcKZMAAEU0Tezktqb5jgj7Ctco9B1gEgebhfTklfJiWUvzvzXVx1e1KCfmB0CYkpgvAEMWkCN96k4yxgEJhItMoJtLxBJKjThyVwVNoJs4osfVKgvW27jc\/\/cMoYfkmt0BcMTE+S832TZqo7DcoxbJ4SED5T\/fELYc1YonSB\/W876e8faG5n9Z889N6aEcUSpAR1NRv\/LUdTkKc80E8eLY0MsHFlrDxy6CZovHJ1EZPsnxPU3xmuA6PKcoVZk5E7PnwPJWVDykRwGVsj3\/uqwsCOxMLScufsvGchEffztJ8Mjpf1xy0Hks4XzejPQm1+YDaRsdxSWXt45SRLIvo\/c6h5H5fCX4yZ2dh6e24j40pDTautPP1E4KkxfA2AopSrSKSf1UiAUXmQWbN\/kgMU18r7h5LyzlAMKuX8\/Ay6yq9jK87jtj+MIImpIKoL9MeHVOS5lygsoTWIqqynPssiNY6xC8pyJX6Ub4BO4F+0CReGOoAESo+zj9+lbUqbeb7h2ZFGxadMW1CyyleoZNnWar6Hz0+sxBH9qRVZU5Heht2DjEc+6NEcDLxV5EaOX94GYWpZ5FR0EacC16CngtIJvVS2Vy4VHEXkHxRQ\/E8+BlBf48jcRRSu6r+V6GHpQVxkfvTm75zRbp227tVm1MAOmDC4ptEOe+sdRM+KrFAvaHe3o8pZCxK\/7aYLbotm\/RZjsivWCu89Cmlg0uVcL6Bo5BPfMomqOupt99ASfgdLdPTXGKZLuwp3GgyZeH9wnyPMM2+7Ggpa0RPG\/l2tSy9nrzzP\/MgL6CqbtRTpr2wbBNd\/SlbwIb1c6hehW1bLPfXoYMcr0kEetxg6OaHbyEdd\/4Ggz4SeyO3GItOwerR7WYWNxOmqs9taE9J\/PhK6NBDsXc5h1tgICSKag9AJoKaM9ovRC5UgfrYrqgqF4SuseIOZvAOlPyRcpmSKooL1mlS9PJzoeolBQ4Q6A6x\/nvmxc72I7syFXnB044YwfE2N774LUPLvvOLCg6Im9ZhCD7p4F+CscFU38oxt25Ays+maqiXnRw3mGV9KfMCfeBg8fWwb36KsISX3CI+1rfMDf89m\/pkzSajfjHt8k3vTCGPK5nVGcTDfOSB9CGZ6SX8cHmOTNUvoBI7fCfE9\/8Ngy8sawBjS5kemk2pVar\/Qjc6ZWFlikqXDEg6gI3HlFx4rzttRuJpbdSVX3pGOgGMXPyrCnFjqgDg3Cu2Y3VVoKD9yvfxYbTeV+segTGzJ9TpKpIQ7l2mOQyzexa60jhCdWRVqP2SmFZC650dD3TPV5qrCw8uvxv\/Hwr9JxUCKr4vZ4MNIS1Qme31hh9cKk\/smw6+dP8LKPbRFjyi5hKalZAn2oi12OsRGCRrT+CZhgIm3EsqKl4eDAmzdpgh\/Xxnln2oigZwNL9aNU0vU6Ri2z6ptRUiK3E+ULse6j5hYRaWYH1k1ExTT3ucG4D4c7xsf3YTntqY+KTDBBG1sDbHwo3em6WCb7WG7xc0voquwvCfNxaCk3bAzckSDEa86uyeuxhABsH12KWz4kITx5OwWU+lhxFgwus9PGlUh3+t363ytP+xsR98JT4AH\/MTUvv9IyRtjule4mQon8WEXtnJYqcNEh5E2UIF8gnaLnV+hrmX90Z\/weVChYKzF3NgPl9LTYOKXHKx6sgO+65G03KKrg6J\/G\/Y28JZ444EBiIz1Vv3DiM9J4DLhOb6iB9GptUjPIDobrRPDlIYVvrbFerCtsjpuaVI\/H1eUosHYVIRS78lDJZULDLtLIu6mDP+sVB"} 00701{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621488172593,"flow_last_seen":1621488172593,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488172593,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -287,14 +287,14 @@ 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621486316206,"flow_last_seen":1621486318293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":50588,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621486385474,"flow_last_seen":1621486387592,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":49880,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621486369476,"flow_last_seen":1621486371605,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621488174706,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"99.42.133.245","src_port":61089,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00521{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-data-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-events-serialized":290,"global_ts_msec":1621489064431} +00601{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":90,"packets-processed":89,"total-skipped-flows":0,"total-l4-data-len":120150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":65,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":65,"total-idle-flows":64,"total-compressions":64,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":290,"global_ts_msec":1621489064431} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1621489064431,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621489064431,"pkt":"AAAAAAAAAAQA8lpWCABFAAViaqxAAH4RWVOfdbB8xkodT8LLAbsFTrHDzf8AAB0IkZSau0whIqIAAEU0rkimartPZo3XhAXpouf99lPyA4vPJfhF3sf1D80fQsd6hKzlDSeSsZ1KyRiDq23Zc4xu7yZSamgh8nd6IyVTF7B8MySKONiiaOY7dBSEC0bp4AebJ3k9Uh+OOZq1GyBDHDSVQ3BCXr14N2BMEqsgITpqPo+Z792Msbma9ODtfxa1MtHVKjQ15xkDF4+So8i\/fjbAfOViRfLKHxw\/jO95gtHmKOmNKHB+nvq+muN+iHIbHDxcpnXnO6PuxaBm23tYOT0PH9TUnUOZWqCNY2p9QM7ZIgufCDLh8c4C\/NFv9tZwBa9qhWLW6ebYQbaildftHqg7LB2KmNDXg69lhWaxLtl4+vEH9U9m2NQrOHQ8oFyTBFFkoewhMmDe5wHcaBJAO22wMqllFBpPnpzOCMy\/DJyHizv1if27VSaBPv3oEozht0\/dit4QAWrhZlnDelbE2T\/59x3uh6ABXgAV0b\/BloP7H5Pv9njEs3lHJOz7dFzr8iIjfB3B+OpQ5iUcuq9FxMhcezvIQOTkxNLORi6FlvB2GNGwRg+rukfVzwMeVbcyJ4bxFt9mc1MOr\/FkhpLL7F3QAjXoJvtrBiJncMoLXPRxAcMFUlowojaTi47EoeY8wguEuf7S86c2o+PQ1edefZeGvN87Fj\/fTTENh3Fn3S0OsYOmjnoXwQbxlBLOKTRd2KGqC3a92N1etrZBlnzvhACTKJeh8oRfYYE4DO+7CgxV4zH9ZFi7iaFktcfGl8Qu0FK6cb5HhSbMXyyvDCuCWYLd0ovyzFo0PNVt6yeC7MWIrgENNxCpTwOvjKs0+xlEsZf\/950lvdpBdkdhcTjSV34d2kg0KiEp6WKDoRhKAAnK2OjPGibxjk5vdFxY91t13JpZ9htdqGGMPDekPyxWc83i1LGMSQbz7QKh0X0aMz5ybK9\/HbZcAK3XSa0dobDV5b7WeSDsU\/3gkn5RaztmQfVs3owjzIYFbp5Buyz0Gxwz5Bi8HAJbB5BGGh\/yrQBy9y6a7q+P1hltskurz6iUjM71in38UzRyZojCOuaO6Q7QJeQvBcY+2qihs0FbDRsgigWTGzfjnSYa0tOUmlOdzI8uCwh7va3320+93h3I3V0faV6zxO50Au9kcqGGOEH12ZgVIt1bQdug2VBjCCj4ZbXJqLVuzhI96SplBcyo6UlwCnd09h5dMNn35qTkIiXou3NlcZ\/tYICl0xnfzAm0RxKz7INWJ+Pl4zSOjW44oFQwywPEE4MnpAbtWWGFRsesYIQtXXRapdS6Ha5rSylQcznied94Fdc28K\/TNM2dGosTNyEVqfCkfy1UU4pXqhmQ0m+rjS5SPefaGM\/ZPD3NALEgC7CILnzOB2B0di286grgHexJhCWlTHpcLt7yvnPnpvNTnwlX\/9e5CoKQXAkJPiDVcfLUGhluxsjbiqi4SZfvmdSRbJceWdtp0X6oS+wZzMuskEDHTOdTm8\/2jfc3WP6WQlIPINuCYViTLdF00mSEreSp+37OaIb2Rx6SPPD3UtpXaQ+xXSYus1Cf40a6k\/5iqSZBv7Fz9wAvqxvY\/FEStzmAQOKL6neOcR\/iuiKWOf9tLN1utG9qzj06bkXuF4PkrZOphQj91RQVjRHJE\/j47Lin6DaH6C5JcxMyymH9ObgTVyLE1e0B+wF06i5Hpk0EmLRJrJjURxyuhfANLHsp16+JhydB5\/grGxYRU3dFEB9114XRsU\/tiaZ2R5k2S89FboGA44VEliJWQ+CTSwLe5S+N2Dr44vXPvjO\/3OWWI7JX"} 00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":90,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621489064431,"flow_last_seen":1621489064431,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489064431,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"198.74.29.79","src_port":49867,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":2,"flow_last_seen":1621489064732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621489064732,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarFAAH4RWU6fdbB8xkodT8LLAbsFTjgfxP8AAB0IkZSau0whIqIAAEU0J8TFf9\/VN5o0lGBaCguQoO02OQJilvANZtDrj\/OMFT5vVNrKFd7OCVag8EJVYHP5drDglbbDTRTqEryYKQXDwAjbQHCb4hSrdiCPrBiKGUysqjHibjMf\/\/cJtlkKUYMzu1OQDuQUj+9BuGidWSQXbdrGH\/cTlKPd+fyN5rndTfsi2anhztAx+d2YTQRUUekRhlHuVJJ4p2Z3IZFTAhuPV73fTbf4SPuN0fx\/zwW0yXmcrqFwPIt2QCjrijow3wd+KpIs8aCUsVA3tkWMowGKkarLcQuMXYVO22n13\/qzcKOa3k5hzYmf35naphUVFnOiktJs5QiID0Mr11P7nKWISepE\/LKfN5G+AyBbHafEcuSLG+dEVP8yUlkvIWHaglmQ7qizy0zJczKmfUmQ4tB8PkdGBsyVJGxcLh46gJws33Dq2OBt0nxBR63wvgp7Iary4iOfw\/IHL3ToumCAV\/dXmL2kmNgOH8id2nU8Nu+pL\/mFyecOQcSlSIelxqEkydSXxEN6pMAyMNNzbwL5ZSVp2Z7kNaBMx8OxLxM3MyXiXBmtzik8FiHJRBWbOiVcg6x+N7mPue3jU\/huf1f0BbINQqN\/HNFCVwUhYAaElxDE6W\/blagPEW7I+SBFkQnuMpiIU5olOZc0CA8vEyBMs1tdVjOahUyHy8OFPfa4AFVAWJFtweZG3vHwtK+CpbCbe4cAXN1BRfmIH18rN1CiM\/ld5AcYMoezZxV7vyfKJwA1l7ujoHiWN9N\/jrpLAvyVeal7LCBIIi0GZ9vgIHand1Crz4BVQdwhxX\/b1KPjn6A0R2aF+8O+Jk4noYbodAKmJ20EQ4Io4xNA8Y2lH3XGlWsRmrg8HB\/uQwODFlv4Oe\/aBKhU93ernwhJ5dNzrCWsNwJ3ixca321IQXfRagDxTu5nq\/rHSlaGZ8XpC4aiF+vcEUNT+D7buWqgbnGXDaQOWeV3rk3WWi5Xd4DtoiE+O8dxPSi9YsxFNyD+D1Fehvnge1XsEICUGBX1oA1lskHJpGPRUbaLRmjcWs1Ytuy8V8zbWNuhpR2uEU5FpDzQ9GGTEimYVW60syM+GZGoskPJK6zwMlYqVKL\/UK2+O6rkjDClgzO14h8Z6S6YGxcY4LhXA72k3F5H8sKLJMFB83CXn2nMGIYAKuT65vFY41aaqklz9NsRxW1YBg0jNa3ymere9qj2lEhOIgrb7GB+XkUkMf0QieDkM8pJSkzEXOFBLZfPAV3fLw3lZfe4s\/jN60uQMrcR88C9EnpOiOrBFZez0skinInExnzYEDkAtavtIsdoE71PRyR\/dHDCqzg7kZ18pLX6NjwVvyB1mlpdkMAVY1EdaRaeNmWPl40RA41HKTHrY+z6mtyrQLn5TgQXvZRMN76xUYz7ayMs5reGKxJhMrZqb6\/bIMRHi82Y4BJdVJJZgwj+sPhMg05o\/ukkRyzckGw\/OsW0tpPkLGLflVUuMWwcW3Yl7XXY9H4D+Gmk\/VQnSB5ldiKMcQlD5Nr524IdDK7HSP8PT17bN\/G71L8W4XQgg51GSgKjOUAB9S83oxZySOQTS0wV5NhNyS88WD5F0B8ngP\/B8chV5QevsF0LoPzzLZXg0AbR9bUfORgjfQ6jPb0UprPbX1e+36tDhCQ10Uh7j1e0kar55VVOgvNSJPW81uGBYWlpARxFyZgAbqvJ88OllqvEawT8k4\/1yAtxNXmYu6a0+vmPKpdv2NvRgtdznnjM6OaQG9AT9KHeWFinQcr3EhoXjjHZtcq2EfJF249Ule5A"} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":66,"flow_packet_id":3,"flow_last_seen":1621489065332,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621489065332,"pkt":"AAAAAAAAAAQA8lpWCABFAAViarJAAH4RWU2fdbB8xkodT8LLAbsFTtRNzv8AAB0IkZSau0whIqIAAEU0tHfQYGgiJ0EH+RA73c0S6Zaq1R3\/CGoDzOwk4Q2KioTg4BPcXvMoegRpbrqCRaxPmqcY6POupt419T5yZmEB9o7YSIZtOKX53fGHCoc+ZsrZdAJTsVl0w90+Thu9tqk+WfepCoo+8ilF8eq+j6cYmQaoShwWbEH8aZWTDkaSoT09anmUbwmDVwEeDWMR2gVSbwwmv8rsQebDMqWs7OSh8srBRRpctj4tlSjdyXtQ\/UgrcQwLwZyJ9bsybxKQkPWcl8u0HzyojquwKL+JbZxKDXk1Pg7nHqmE0nKgm9VkdPudXzUwchL1ul3yO2j+uSSY2ucW6GJUzkbRuqcP05vN5\/18Mzh2lL9RaX2a5vbWSDbJPjG6on5UXS4AETy2nWNq1houkm3\/LsJAcFW+eybNMQ\/Nfc0orOQRsfJQyw7lxDL1ruzcECMi7m7+OPIDmAbmjAnyDrsC8setxlXVl5I8lkK9C2ve4qxQY7LHppOIbgqzCnXt9B18rSw2ymRIIb8dQ+M\/fx31qrhwE34LRBtwaOzL55FerimrdvtRhPE\/mv7IoDWsrrCajTyJVFlMWr2531Fxhp0DlBKapCIN6irm6NF41QYx7pEPTpaVM2SwERSQzVfsZROIRwvaACW8\/+fvwocDLWcyiM5VOq9hyWHb9QLQTSulOzEVAVmrwaA2Wc5frvDv0rMsW9gHUGuvWJwN9Krts73QCPZYA\/f1SV1AyEmPiYreXLu3MGFoUmEo\/LyVkXE4N1kExgUBnVeYUIGJRQKjBWutqE8sov37uQgss39hXvDSnclvpRoBNdSz2aaNs3R6Aic7VKt8gbyykfOIBA3Buq8zDmawY8YFdP1SsTa6np4zbntI9f+oNNrBriSQ14fbXVlNMQrhk1OYGIYbeXglU4ZIOKm77PLC2GR7SRTn1H4t2671bYr4eyrorlhGkzYuX1PeGMw\/j85u5uLrj61e2hEZJZD7r5x8MTQ1gOe4+Ph+Kz9X1vjFbsw9OmMDWkO65Ha+Cpf1ZHHApZ7QAuo5u2mG4Sp7g6rR1s5uclM6hCCnn2k2s8EDrb6RtHFjg3BneIS6SwSXyliDMHw0gO1PbIdSx1UUpSePV\/pCILKC\/M0H5LpPf\/59YwKN2B63+JAG1sL\/t2nutXsHIQzTGfUGp8q\/gu8\/oH2Pcsu\/oR96zl2VAWRwNCHmnnaZF9GJ22T7FDvnout2BFKs7xALVK\/GSWUrWW0DnJStDl6qSbXs+mlUPlFGuHBk4Eke31rEr4AxfQ2a\/9mZZog+0PD59WqfTjJ9R8bXy1KhNrHv56NiIqBiUw0rbG\/82hMaedg4sCu\/NdJjPtKJFvSXUMukKueAgyWcPj4sSLpvlA7iCI4ka\/RTTiki4Ye4QcJaaU15gJVIwcMMNnbkXWv\/HhOCwgK6cReevf96zzpUj1c84N8PWt9IEX6REFpHkIe9y3OvWTzdASwXJ9ovv1G9SjXfvrI7XedRdAxpB2vsQYi5gwEy3zTb3EFTDheiNc9y\/MCzHpVCklw85aHzUyvlzbZikqniVBAqAJensYNeu3p1TfbVsgAsy2eW\/hv+DDPc5Am8kV01z+FVZJbVWMPq0+tF6tPJo+fDG6\/w2\/eu949hx2pjfKmhp3d5IX0vfNEJhDKZIgmFV4d0I2S35UzYShoVcEpOEWvsBojm\/XwBtXsjwpE570c8CRHk7pLygTlIjRIrEQN0O6eP3A7nIZP\/sV9waxu2fmgOUmfKn8+KMxaVZv4SRaTB7ghieqbWD5Y61rshpqaP"} 00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621488172593,"flow_last_seen":1621488174706,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621489066532,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"208.229.157.81","src_port":58337,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00521{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-data-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-events-serialized":297,"global_ts_msec":1621490937698} +00601{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":93,"total-skipped-flows":0,"total-l4-data-len":125550,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":66,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":66,"total-idle-flows":65,"total-compressions":65,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":297,"global_ts_msec":1621490937698} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1621490937698,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490937698,"pkt":"AAAAAAAAAAQAxdZsCABFAAViDl1AAH4RTzw0uxSvdlnaLuMLAbsFThsNyv8AAB0Is32f4l9Pl3YAAEU0hQvFkzqCFRJrzdm+P7CepRPizYj8V5fWvrVXzVuBf2NRkl3eGWbs2YtmOjlr1x\/pBPc\/7TLqG34Khp0PMlFKcz3fdNeoXKYeyR\/Hs72zcRs4hnEn+4P6mPqm5uCsv8fDjYHuJRIAjvSHTbEdxqgFHEd93118utoyjtMgpgcEbs4fXoPb8uDAHM5T4MCKj6qQNjX6I7nNo6EuPNWQg9gu3uCawN9k7BQzQN6E5YfL1AdHh4udF7sZw+dow9sF\/laxj49FS3UXGVaahEsCE3aD2597p7TwOCMsaP9cpJ6+mt4daKLcDJnJAMt+icMAtT9fzWBRO4vYi5NQjh2DPs+GRWiTKh8dxvVzhRom8\/iF8KHgTJy3pWtXKlPeLfZAL3oZX5hiz2PB+HTVur2l5vjVWa6EpaFOaRykdvEuLIieDh5u0ZCT5hWtho28j2TyUwsZurEURzu6rl34H7da+I6rfvvL\/zNBXRl0T5rIEnMLL\/j4r9tphU2zm73BBkXS2V8NqavgjXhm8kqC3c5AZmhcVx3aPVo+42Q3ezUT39SUVKQVNHXmiaFVKiSaFUFlpUHrBUR8nGg2CAYm5iRBq\/qCatZ+wKK6Jor9Aelj+kTAnp5y3Y17HPQCp3A9e7GN\/AQvzanaLBchENACUbp6PsLPG0WwONlg5LquPMp39gYOflC9I0cMA9lanerY2UKd2DIvHrNxINIhafo64dTHQ2kruV+pvFVizjiYGEPTHm5vnjJ+vNgtO8FZ6Eymo8qJM5A2+vwe1kvg4nJxdm2E2Wn9X7T70nm++uQBCATbDwLy4YWKSHsoUqqJOZluOGYa1wXb4e+XDlmQzD44JyGBZoUrd+\/dh+KC7bZ6++qLMza7R\/lgjP\/l01SyMjsktR9TKWRx8l\/pSrp2aBkNYKphapPAf6rVSB6qqzYptEM4+9RgL5fiahM9zZLohrgrmNstzopEBbSjJHKT2BtkCePCTq9BXTY9wpytpKjLROzmBJcxKjOlKnF1g\/rktfgoVBF1SKnq6hR2PLzX3pKRc\/RptOGJ8gayhpr53uiIJElSTx+gWcAQGtbS9w40dA7UdV0kQrKTsOlEZPv4Wf1DZo6smp3gIVuDDknJHBV+79Kgv5HRfK28giV9WHGfmEktaajImtic0wa4l7nZNKYEOG\/CyBNl4UHMG4iNm+Y40wSoxegD3OA3LFE2Tr3WxLZaukNoA74zUcX2aqS0oIhr43+nrWk7rEOCNY9O2hGcdnBoVGgvgYX\/gYhzcOFnVXvBYg+04X1\/Lu6Je6ysBSIVyex9isvdPzkU7pOxMaiH3uzhIu6T+pp2pHExh+9q+rK10SAGliPxRu5zXtXE3Oy94SyfUjETd0qOQfmkHBz\/e9FYgFyyAkQn3MHd3fMmxpKxNsGPMBp\/cSG\/LANkIApGSvPXTwNw1vUedAoCnyCDwQXlWFtAwyohCNg2btp5ZVrwJqBGM7vTCz+QiD2xs1qEthiBEr8j6ftBwGUP9P0OZX\/LFSLwiLgDLEHK\/768YbCSvzW3RfUSDD4sBnSpdyK4zahGcrI93nPJV2g2l0hHyyPgJ7X+z4BRD+aEuHW6lUHeG3Oj5Qh+Vsi8uKdlG0jwjTzMAg3f97PU4FGrQ+RjmPIPZIj9zzw+nTMrJSpqyIKsK7h2bGHuUUNWEUnH05Zth20+XAUcAWRC4suUp9EI8SZymgXxcd3IQ5KrKIi3GAnhHbFpy9beC1dCN5olmWNLOL3oSxQHzr7fvKwFtpOssY7Sag281T8O6Eak"} 00706{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":94,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621490937698,"flow_last_seen":1621490937698,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490937698,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}} @@ -312,7 +312,7 @@ 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":2,"flow_last_seen":1621490996403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490996403,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJlAAH4RpiY0uxSvbKuKtt7qAbsFTmC3xf8AAB0I1Car3PgqXoAAAEU0S6ZfGd14S8A0NR1EXdOvvljTofNOsuBTESXKp4Oj7auLmC8B\/qxGB6ytk1wgcKgb4d567f76YrqqUml1MYVDe1C\/JvoI59\/gIk5MbkrAeINiJJmd4QeAnkVSzV5lCfOcg4X92GhM4oNiOV2dGGG19wmPo1+VUjHzShTUdyDHnnuZMliAzOjvbmXBN2aOzeCn+8K5drqRExq0cBsCHzvVRFUNzNlUUX5Vo+D387IvPpUHb7zmraw5XeiFvxl2Ta\/q5W5pNrCUAugz0iVIVuWVUNPV2x3FJywavW9Mc5JIWO8xXdlge6Szt9ygE3gMdi8fwLQb8lGW8vEcTE+N\/RkpReCzQ5xMfv355m1dCwCDmEbVqFEy+tHwxDIPuNe27WWgF9XSiasGS+4dfQwcg4ORYoMDpbfXKW92OUlTCH6yDwc7C78NrMUmisC5VK1mGGLaQ9Qu2wMRUqjdmNuepip5K0XNHR5BBbH81tXrZgvI7+1m6Yw0b4kZRl80WJwqq1KSBW4yOioR69+m2UjFAyV\/DXvz\/cExixYmUmVoRdQkJvqPEwdqKmYp83pX9N6Hd9bp8FjZiscO\/ylBmHeN2rawxJLrCx1pzuNkPlwJSuJasPINYSbw1F6JY3wUwxIeNBUcmrCmJuSJtdG7ayJElCjqeWPX8iOrtpJRyvIeNvVeP4zvOG+0xtaofbgfCwz76b84GmN17Mieoa5Bg0V+IoGD7eigcx4YglpTvHcQafiVJ+PIKzt1Fb+zraYPSsDdrlZP1w+1Hf31E\/7kXH56u8ayLXgMPnrISXGFMyS\/xokT7eAZHt\/LAzOJxdLaTDPem\/QunlwKxGvr7bmetIM3A6DNVEQjlmxo+VRIkbPBHlH8femG9JcYcQo9D76bkS1ct6T\/NMC38EOKjtDrrbwB6KP891J44T0TieukIbMdjtFWBM7IOVr8jksgPE25Qg1RWYJaofEPkp4D3UDLFQ3i3dbANJ4XVY\/+L6s+MFkMJ5vBF3bZcm\/tDpVfLrqBJT4nJ7a1C2yAYs59uuvaHev2cKOStPDQDjZlKsuGChOYfuICTD4igM9\/JcrG2yRYeOUCgKTyd394CO7u7YTQ5SxBzyztPmR1KbXNMGGetSQjaw1hK5VOfjJgPn+mSvHfGKivShlE7PanYf+wRwpAG4+iHQtJsjM6WclCAcVrZNfSob\/SYkmMNb3abOPObEQM2ceixo+VTcnp7HeKPVYD1ybdnOMOXFC1AEz9wSofo6gTNdJjdRzlc\/9v7H9A4GsQFk2F7K54C2kPehQpa66BiqetQtr+UE\/dVFH6uNeScw+ulCv\/wbm+OBfrLZ2GXKql6eSDpcCVpn3MV2YEi5CgRFRyayz\/\/2woQgL8t+RxToNJ\/qQWCsxJMrThy97Ju4LAwWk5KeZaLwnxjsnunA1T99DyV8+UKz7+g5JIOC8ruYl8Cwc3nxBc+tvBSpA4ZcE9I+tZo34gvOtIq2Vp5LtGbyHij4LH40qk6nQ\/1gDcnTZVMAXlo9nJiRobqRR+5H3Sg6cc623xK2b9CkBfTTs2kJf1fvbYMbdZ+wEDmMqWAzs4QGCGgJ6e4avqUcQ0kS0cOgHx6IAe77IaK1bK2SrJc66FdwbVpj+\/3eUCOHhaAIGMeISGD7TNa3JfY6n0SkFubtUhSB0GUsv2j85xhlI1qeV+8UDynYcpwz8FIiKVdUIjfXcOGHLc9FJMKZ3XshDKwmNniXL0xT6RHfFQH3w8eQ\/YxCjcIE1MW2OGZs+3vB9wyULm8eiLTszw"} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_packet_id":3,"flow_last_seen":1621490997006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621490997006,"pkt":"AAAAAAAAAAQAXWCjCABFAAViEJ5AAH4RpiE0uxSvbKuKtt7qAbsFTpBcyf8AAB0I1Car3PgqXoAAAEU0uA5YSqiRZv5\/DZhOTssoA0DPn9Zo4RXJotK44fYCvFiyrLXWkACavb445uJAej9D6NW8Y41y6KLu3pIKWD5qGNryyrX7YHITgUXix8iJo5DiSxsH3mGC2JahEYGf\/vTyPVMCyJZWsgerAn4HVFWRUh1qe82mrvrOfq6CMJqoDiP8vlj8+LrUV\/YTZtmYn9QGfS5vgZWX2txmg7RWFMQ+Rz2t3\/jIoTk1tBYJ8e4ItX4pZIW\/53Hyo2dcr4a7USRmF1tn8rKRC5HhXyRfxIBsmcteyC06JLk45KaIFQsqsO01ArTRBrqtXELj7tUE98y6lWlRh8r4yikeZefWhfGlnFB8GF6ugo6zdES7YXjYS9WA652moLPIYC0HZ4SbnVpSbRSuHeIGE5Lu9G6Sue9cSsIYF+Q+QkYSmgthm63nN\/pLWKoU\/RnLDJHaaN+LMsKEUL21PxpA47xYiNZr99R5HeRxIrMGueLrYGdwS\/9Macb\/Jur9jEdINRcxOqvE\/Oky1YBxT9EEdmvl8xfSzGRV6EJ2dO8C3TxvmALVJdJg7\/+XmVlc7vdVkE++7sw3O91FGcYlrdAT8TCgEm4OjsLPi5Cp+NhDUd9lNsblGNPne2oWas4b8C2P\/tYyZf+gOvHLJV3qKtY1q\/qcAcDlCTflHkKqb\/f8vTpeSKwdug8\/WMPk7J7GuRqkfSiRUAHrQP9z8Ev0mxBjmR0hdyQhsJrq6NDbkZA40SjV4PLS6wDFjRKFILwhocOA59yklQQ9oYMwuJzmXLKwLrh5mOeO7SiIFPGV64mweKEGNBwsPL73yemcdr\/l7ci\/aRkjgroHfTOlRVNlwd2SMp6acpgJ3DUTPihyMBDSlBSCN3TpbTHi0mhLZV3VnRkGCjGLPs2dQwR+\/NHoWbG\/mkxOp1+Yw2+oGEApO7eTCrPIrMzOJPwIOKL240s+7ngQuSxGGK0TJiP\/b3U0+u65ktYKEIhmHd4NjqdknH73Qe9XAd2ZIJ7fI1HZmpgWCSTOYqlCtKfFnEWXjld7ZMR2bys1tpSPgypDIWux8kmWABvn28paMZ5649uFQ9tMCjlecEV\/1g+ERbp+wKDLmdogOcIzxg0M+JAJaffVX3DrOnA+A+uSiEkyKncq2c\/YTqK9cI\/JDh0JxfqNhsxmMlnwuAaJuPcBh1lD\/B3Q54dORDqCAw\/xIL5UovaES4PJSfmtHs56ItrSO911ZuIm9uOZr63ZoEcTfsynRQRr4UugAwprRYIoFK07lwdRcDiV67g2XdWXRwtNjWXsWfQGHKiNcbvetslRKrXfxyaa5qn6SEG2C2SnYaRGY3a99\/8awO5F2Qpe+vbycKzEN3ueNUgtD8y92W1XtG2C78GhMCEI1RPYj1pzZhzbrlJRrm5YT3D\/l8R+fQYCAtmrdD+CkceZwNpPKhEhVavI5Gp5XwNdJ56+RbVOrxDRVmjqTRPLg4zuWj2jEJ79chsV5GX2UrMGDWSjjSZAsWp9Mx4ndt6VUOFZip\/9r4MKmJiO7yGxG8d3B8CM0gf2O3UIBZEchmXjqS2T2\/ewwSSDqYn23knX\/nt\/rnNzky3YHLXA2PXQsFtsr2gSewQ8lu4K9Abfu98oJmGOqB6Zepl6y2WwgW1oaL73FaoUE77CPUfZc3ThUmYcus+PH3momVuo6wjeidlhQHQcAxWy2EczheDpK4PInZZTQH8B9cl87zWeaY26xiBO6\/KO4jcBhP55bEZTsGd\/GDBTnrzlfHI8ia0xyN1XOyklzBDoPTS\/1FjAcpdn"} 00964{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":101,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1621490996100,"flow_last_seen":1621490997006,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621490997006,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"clientservices.googleapis.com","user_agent":"dev Chrome\/92.0.4503.5 Windows NT 10.0; Win64; x64","version":"TLSv1.3","alpn":"h3-29","ja3":"8b979b020e67a82c4f1f7f3932805dbb","tls_supported_versions":"TLSv1.3"}} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-data-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":3,"total-updates":0,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-events-serialized":315,"global_ts_msec":1621492846202} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":103,"packets-processed":102,"total-skipped-flows":0,"total-l4-data-len":137700,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":69,"total-detection-updates":3,"total-updates":0,"current-active-flows":3,"total-active-flows":69,"total-idle-flows":66,"total-compressions":68,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":315,"global_ts_msec":1621492846202} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02305{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1621492846202,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621492846202,"pkt":"AAAAAAAAAAQAl2dmCABFAAViYMxAAH4RSx80uxSvxPU9QM0gAbsFTsrvwv8AAB0IkN0D0fi2gP0AAEU0WPLbpHtkRhjnBwYFLsQ0oBVcuOZxPwKAEGEgwAlTMTXTGM71v6BXkNyXBiiValVwFjUYX7UUrk+V5Jrupcy7Obpi2i00t8odJApt+XitfLuiix1t0F7z5Z+feBpcusmj2sOZ6QR6h9W++LWKulARwr2neypk4oGapBa+NsiNweTRdbMX3O4d\/mwfllanHZjdO6qyaQ7CnGSuCulGekhpihqBGXPcLW0di3I9pvTqznFG9kWmS8ORGWf1J8GUtGc5VJSaNCJ+Fec43BTOm1+MS\/j4zGK08zpEpGVcAuP60NQcXU9UkzZKsPw3ZWurcWQhQRUUG2hZnMieZ2iH9C8vVNFBjN\/04FbVKM4mZrWJT1lug\/jBAePvCTNRYXmLxN9Ou++HC02AMJ57sWcEhMIYguKuFYuR7dxPfL+cTW1koRSS6BsFC4n5ZRuwmsUcF9vfJPEIqvBwmCjtVhhf7VD5goH9tVyYF8KO3kIv28uMuxWcK+q6wT8hSJ\/zEHzootumo7aXQqZvFeJhyCX0EfLhJ23vbRO9FmugxWN7m4sTU7Fhf9kalJr+3D134oZ9EEYm2k3laLxJs0+YOmna+6\/rVscNjjUad0DFGPUlfBEWehyhkygQSnAC64dHYrDv0iBrOmlJ6MRSwFxUrKXnUfq3k6Sjz27UeFDKAbXjm9pfn3JaqYN+iEPqCI6LxBiewwQo6PhkrbmioOgwvX\/DmpJRnPyUe5tKPfpj591HlcbD1wj8IAwgpQiAbJmWGX26TQVGc\/oGu0wUuxxgG3S0COr+VKnO615jbylfYmabj0+tV2Uo1TdMmuzr4pfQWFOvIgEzWzlgauVuFGrxVJNotNQk7htoqJBX\/hMnFoa6P3D+kOnEu3G17VXOpjoxBo+e82xbyKTxE+HiEnZeWZL7luz5bZBmWGZc506mXLnCeZZQqiG\/9I\/FNIpPvoo3H6warZwrzbb8Um6Nvs0Ics90RO0bApWCzRG1ZbX3AHjvDgTh2p8CR9Oooi6r0cJxgwFZZY8SZy3zNyWg\/wHtBtGqhZKlBnnzNUo9ZvpjYGNFYCmpHvrwviyxBvhHkg983940o+FsWBHY4PXxHhH1BeANrMFfkbINkn+CbC2\/r3ppTRHHY4fjTIWqDjaau3fmNxn2oa4KoWNkTjA1BSXwvqc8trFGDFMCJhUs3hSHPiEoAQ531rkzeUr7wtvjAhy3yMpxtEUaaAGyPySo1NYyTXEWK8w0\/YLlmeDmev2JWcCnl7HS0O13jStUjDzYdEKkWbQEZyNXBVEhaIvowRgcn7\/v2zT1Ji\/TX8DeP9rZyEyPensHrqvCjEiXBVlBQXgUJKTAdm6SwnhUmgDIWfMcW2vD88XETNohXNP\/OdolyEZ2F5Okt1oR5HKmRMri3BoToqsELE6FkQG6EG4JyB3bG1wn7w7zqvTRpR1UjWxoXiXjFxffg92VsUmcwuEyMksgqkhRx9h0TWNRACL51r145yHnspstaxqMITdw034yIHhAL3G5uPbMdUZQJozU\/XLnjQ9V7x\/mbfIElAUaPrac3k2nvzbr5ENvEse2uDH9Q5NSX4CsOm399roi9AvuA4V7OYxCn6T1MdQz\/4\/J5eI8ez9zieLgXCZomN4Y+BUIAuOY5\/dWqfjZcWMx1s9NOKQTb1Ka9pe9XEJIuxx2s04cvGxtWZpPXA8fQ9IoJlumB17J64o1iwcDB9g1LshjWGo9lOe9FjTnwf2Uc7YISmWj+vyoFvYEhvt82NsOS0g1fbgE3nFxg5ojGIF4"} 00707{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":103,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621492846202,"flow_last_seen":1621492846202,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492846202,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}} @@ -321,14 +321,14 @@ 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621490937698,"flow_last_seen":1621490938810,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"118.89.218.46","src_port":58123,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1621490940042,"flow_last_seen":1621490941568,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"121.209.126.161","src_port":63507,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00636{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621490996100,"flow_last_seen":1621490998210,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621492848301,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"108.171.138.182","src_port":57066,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-data-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-events-serialized":324,"global_ts_msec":1621494599158} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":107,"packets-processed":106,"total-skipped-flows":0,"total-l4-data-len":143100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":70,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":70,"total-idle-flows":69,"total-compressions":69,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":324,"global_ts_msec":1621494599158} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1621494599158,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621494599158,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVlNAAH4R6ZY0uxSv0OWdUcmjAbsFTknBxv8AAB0IjEZZ7Twbo9wAAEU0kJjhzp3PFc23t3I6EGlw9Nw6Qc1SUTVOLXwfMjNoeRLiLBXl1p7gZhSviv9JQfR9Wlb4B\/LvGDs5HubqNvjy9gSGhUAoZKHgVyQNQ8sPeb+zAK4\/+3Qxk6DgExGf6DSCsV9UWtXpGmfgDVaGUIKvjlEvPlaJQ79FJEUNmnxqw+Su2z56GwGnZs3etUJY7Thex2ui8FvucKYZYvgu6wRjounSXDUxthqRvvbGPyVi+\/zvUh6JQJ+TX8SC4eFZqQp+jb7GmBSIOMm\/Ec1jvbOi\/aliVkt3gPEwixlo\/RAm9MQzPwfq70hgSkoJx46ldrVQcWlKc\/yvw3p2stokg4mvv0O\/AA2g32B4XP1S2bCDnPSyjwe\/FFG3OX0VFLRXvjekO4to1p9XPgmuVtwpQLf4lyNVfpdhvYlgoEwUjM9uaq3UiXNUhHqjQ0L4DXtkhhjRWeULrLkU0f0REry3Q\/LckyGikkZkv+F+HV9G2NIDV+IxZQ6OWB7DM0Z83epJzGFj5\/uYXKmk+BbONhvtUkbwsIoFVtH1Q4vZLc4nHVR23cDEhozshXDSC7PWSfxClKjneDPQdrDLr0vgsH8xBaaaTioZjwEVMdhbN8FsX\/rL6bMhM+b9iF41rToFIYIcSRksL0LulUfkhaEGqLUnpKwuyqlF5UpMMngzqdoYUpd0fzQgxA99TnPf\/ZibGXba4goUBq5aTeKljwjQvpfeDm0N71QVgSNFdU8sTF5RiM0jkfLo8VOjKRpirBNuYJ7DIAlvof3NA0Grn8dQ7f8YWlV1lHjXfjMeogHBB\/P2mTQzXX3ArnxmdG\/i2\/iEZexnqGBauYfcvUbCb4yWGyQ+uf4buf9Z9AyMQMsYl+B8ptpOp5x0NGkqHT26QYAV+A6a2HfCBCEg66zE4TRZrMqr6q6\/a\/IE2n6Yv2maemjmwg4iHbv195EUc9666Xw\/knVVZHK8GuAAgFkIfnCTuFvSaCEwbnOXJ3s++e1rXdNr+Hg0b2Zbi4Ef9DQNeQpBIh3Ur7TEj8IDc\/NOM35lp7oYr7QO2zj6YAWebmCqb56wXDDn5mBBgu37fQhnakjMV7jHPkryVTXnFiOaL\/CVFGTvS46bBvmJkLPq4HRzoYbmboqQx4mXB1LvgMfXrHU3l7iZLz\/2XPIqh+KYqtzkanEAs3nElKsp2sB5mExQqIIubK+l5dcRdQNfCBmPrColZiPglV6Hv5liYk8JJ8Kbi6iN9RFbJHoGR+dLu3tvqT\/dah4soYZhtI9JnUfTXwZhINQmrqt11PjUN5xy2FY4x7Hur7+46IjhG3mRUQfKZk31z3sThwR5xjbX16LSIZERlLjpMdpm+lcm2fcsmWRXoQTgM8\/ugnLqEQDMuUDGvRukyIwk88fRryMIRKV8KDVhw4+vJ2EZLvYDeRSBFQdsKzSa\/hTqJc1bTtpaEUuGT2u\/or12NqrqQU7wVWi3YOk1X+OSoNbRXciEI2LGKLRqsnbsAqS+IJRbeA+3y8sXStW3YAt1gPKq7Pgq5cW4+8O1NmIlJ6gz1+lq\/WisqZhapMN5rUgoylNO5YJPHuzHdkOWHinWJ52NWCXnOYekNmJLkh41YrSQvM7Zm1APRBCuH+h9RHttH1u+s9o2TQ4uAPAAFWi6bluDPG8hlbO7uz7OAKhhEJ239ij+NXPbweBE66DiURdi7Gj3kcjPg3OPsIP1L\/pUMzoKutj3ZBRiMec+XXaGz3s5ppe5ssD\/WW3cQpGois32lgVeJrDmpDxCsEoxF\/1Tdai7z0bd"} 00708{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":107,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621494599158,"flow_last_seen":1621494599158,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494599158,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"208.229.157.81","src_port":51619,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":2,"flow_last_seen":1621494599466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621494599466,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVm9AAH4R6Xo0uxSv0OWdUcmjAbsFTojgyf8AAB0IjEZZ7Twbo9wAAEU001Nedh8jl0mRxcN7+5ymyAhdk9NMUwxYze3lIyYWk2jP0t92iE+L\/yAM4MnpE0YCo8Yj\/sG9IYL5\/Jqz+v0\/7PZJlA72+xIp\/Zz2FHFmfCsrXJBq8qMZr4yMJUaTQ79L\/KyQSvCHFBgMRJUhRKX69bPpnAnksqJirAlkiGBvT0YEt9mMoiR55EP1zkREk8I1QRdfacOBiC1xn5oSmyEOrHRGNMlEIFFRJLgWr0XXotnRIEGBlAPOKZPZzQapDug6\/9gRem0rTXsSVsMhbztxGw\/vtcuhxHhCL\/sRMBYP\/by5OhP3fCsCPd3sspB94dh0sVKqpEvWHKRXI5qkQ8i0KiE6NKXE1Nhqr1NvADQnhHZesnr3pbbwRzdVtIdnVbg+KpCF5NoQHX8ZH8QDyNjWRE1jnBpB6l3OJ1sSKdAgaiw8Ptd9k6AGoDKbmF4ICOpOWeyjIS5UuYgKNS4W1hKboP4A0l98z1AMF1cWHOyoMcwHulLBVCbBON1h3OyJxCb+qSsMMjsumD6d4H94KHLyQlTJDPLNq5+27EH4JgoPrQnrhU70QkhyDGeMEA08Y3NMvkMXs9ScL+i2jzv5BFhQo\/tMXR8AuhJIM9staI9B52\/FDML\/NHMdUhCiYzlzdj1bMiHMjmHtScQaruiH9wV2aP0flj8aUj5pRTOyuCcs7Yj8tosR5Q7Bc4J09A\/d7uBuSzN6SiWaOfxKRsQjRiB+PoBFp3RyZI15eo0FBDGFV9z7YaWXpK\/QUxQVAHHMQr6q2XYdo34fAYM5WCCSw55MSvIPkgf5o0DYE25dUpBH2wSkVcAbptZSsQKNwzN7dqVdVmsRhsSqNIVkr94Mgea0XDKOPfcuA0DHWVB2NpAqq\/2KIzHInDQ6qFc5M4nF4o54hvOuiL+GByVbEQt\/\/entGulu7X2JEiyqmYk92gVvJPNI8Bwemp05+Q+twxKscsRsU5w0Xn4LJ0aYLhTJviBC5fXR8Pc1viFBHXYXbarbLaQ3PMRows7y8XdeOl\/bsuCdG0ch6eIFsRvMMwjmhUgHj6ZC2WxikfNArVb9\/GqEMsVsVGaSerfdOb8LTsT5SWnrIpnMmWN2uIjFPgyu8\/qOno2piahKRLskEqrRUpNfLzBpNxlY9abVFtVrTQFSn+Bv0pyQSJS4S8yhl2CkBgItTkREH46KOs97E\/bHK\/yGj3NexQldO92K00H85joQ7nGUScRMKfqIpqXecJxSM6OAroxCymb3vSJmrnHwKgY0lo+ETPgqaXNxSMmLS\/2JsUVg9IcXwjmP\/hdzYDT4SjdN\/NCNzQLqEDcD8ycSm8xG+d2Pvjum+8NDSNcasGk4ZrSjQeckzYfCVt3NCKRhy2IHBlWjMTzzyU6DPzhIcLNpxSDWwl1i2IaHmb1isu27465MaWunzERUUlOR+kzIqaRHPTGq7D8F9Wz\/Lo9VOIM5KywiZogg8pDlQ7rw5vQ2wQF5TAz7WtDmtXKPT6M2TZLh0RCInRTlcWnKpFX\/38oEnnKrzaye2ifSAUvdyfSNZNXjY2UYGYg6Xrow72NLPTC9O\/+G9i89rbi0HpJcLFfEQxFMQ1sztsPWaTAohU5yyk90ga7gEn9IGLftr8nTGe13R6POb\/td5pOruFoWbUnJjSDEOgXIJWatBnyyLDn9kNeLMGnrjo17scXrhmlTzgSFpT8tsc+6WK+4OwCSK7uN2VYU5zw7G2oqvb\/XH2izKQLOvApMhxYFBkNigiUw+ruYaH6KQmSISbShAPpmf6e3Ok4EN\/1H"} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":71,"flow_packet_id":3,"flow_last_seen":1621494600068,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621494600068,"pkt":"AAAAAAAAAAQAJ0huCABFAAViVq1AAH4R6Tw0uxSv0OWdUcmjAbsFTrvcyP8AAB0IjEZZ7Twbo9wAAEU0356vdnE85kFrnK9PnoN7N\/6cuhgJZOurPVLrUkSIEhjazS+SHD5nphYh\/Ei9oaiDY8Opbyw\/qBtRNMamhXjzOXvgznSeUsgwy1Y\/wE6Z8L\/PLMFoRidzgyIEn6rjIJKHwzzF2KGrVstlhyz2RTwgIvHMy9MIjilbgudOkuRl5cUCx4DqELWc9uRZ3o5vsRYtLfQcGLcZxuZNq+qR4l\/haEcF\/bo9RHUYHevsrmU3WGlZq2VVs06I2zfKkHonNVQotk1bro8ws9jUj7jyxUbwzWCdp3Y0J2vApeu9ELE8rutr0ZnW7RegpTFdI+\/pjDsy7w+XtT1RZkjL7KyYUDlQxQdEaIMNGHrAqXcCdWe\/PGc8CDZEYRQG4imIq3PmqUKfLT1H1z5PjAZqsks7C4eHUMCY+G0m1pwUNctiLiFN\/1UbsvMid1sQh6WBXSJiOYMPhFaj32vm6bQzmsW166O9cP+ju7nY2kDwHjX1VRLKHDBPT+BqIPgfQsjJdmUiCoPO1j6aSYQVgo0uGE74BSKhT3W7x1ONh6fXLzmN7+wWyuCCjfUqF68k4DNAO5ugG5nw7CpIh4otPJ3HMgytjz\/1hKjAQhcC4anVdWe0zLhoQLK+s1Pp+iUPac8alWHNwAjuYOUrtvLlDW5GtHXWtZeiHtJznZvOZ++hzVm33rcGcrUAJZx8UDtbZOWODHW2DvBPFPoCX6ZQVBXs9voksBXC+G9JF7eqoFmqO\/EH6soGSg6sF0snwdl4Tmbozt2\/yp4ye5MHCKh12GvgAGa\/SRfEXeWrk94V+VCNFH+5X7\/8EcicVy7uChM5zWex3QUxbJVdLP\/j5AI3XbgkHGGZyofmIhkZxWEV98Sv0kfttNMcxA841+aSpRVJN0a2XfeGieapwvw\/R6yETR9CN8TcQTFe6UQYPq7543m22E4Sg8mtjsfi7GhTVtBFlPk02hhEbcLmI3PLT100l2b\/h+mQABi\/RqHWxECe91tiAPUoarX+VKj0c3DqByummicCRPZ6kkW6whbXho2HsoAk+D7QoyjIYr\/kbmXT3ddi5XSAc3T\/AXjnmkbnhNKsXrqcM9kMdl18Kd80bmVHFpHplnIJlyzn8ksEEhjYfE\/gaufdnXnq1D3ABRKg2gQzIvoSpfYLvtOATq8ZeC375hfqRNXtw\/n1kUK3bICXzA6mFxkmQD7AGOSqcR3jSdloiLRo+G\/p15yY7zRCuvYbEtKyY7omcrKB9AP+U0Y\/znYg58r4wOaZBC4V+dmRK\/kkpba47uaqRhUyF\/yTdt5a8rnd6rmCkS\/vkMPoDjgVn9aKrD3m9zX1zDlvbDZWh6g6iUswysusJDPEcMqVt9oBikmJmTA4XJHL7KebwbAwBNS3e6+CgYETncO9oV627jebHXfk1gOzNt336lADXC3SIjRhE0xUCj9b7vGl2zV\/XiVaHp4BdieNUYdFnptfsJwounQcX5RSNrDM7WkoXytf9j\/GcyxSIH55p+0ANjoTPQ14vhNgMa5CNLbJsAFOaOAZLOmrRttaEW+CIy\/6QEDgSPdDqCmjHaTsDMAS0PJ+CViTPaRKX9Mb\/HoG1+hLb7WLn885xXvuCUz6bu45JBXtjOSd2sFZtZL5SSAAkPqTlNn4yof7j6smtUT03YKs+rhKLROxwhgN\/v7YhG5RqBATOJnmQaGvuGYn8hIWfZ0uuo2mUCeo5E23kwQk4p+DKVCBDeHuSFjGPVCnKBGHNbnoLJC5+6z0UTOz+H8VNr5FqbVxdiFV1rCMp6QITKc\/"} 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621492846202,"flow_last_seen":1621492848301,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621494601272,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"196.245.61.64","src_port":52512,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":111,"packets-processed":110,"total-skipped-flows":0,"total-l4-data-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-events-serialized":331,"global_ts_msec":1621495208068} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":111,"packets-processed":110,"total-skipped-flows":0,"total-l4-data-len":148500,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":71,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":71,"total-idle-flows":70,"total-compressions":70,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":331,"global_ts_msec":1621495208068} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02315{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1621495208068,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495208068,"pkt":"AAAAAAAAAAEA4PSECABFAAViwetAAH4RV8iokEAFXWSX3eVPAbsFTgNDy\/8AAB0IwxBIsrHTx3QAAEU0bjduGiBH9YcAvIt1wprzZRiYJMPzF1MMPECwlUSWc\/RBbV+iPDb\/v0+UPTqOqIz1XEDYAo7pbau308le6Th0FZqRlv4SU+qXh+iRpNvtIutuNBwNhb6WnLZjvRY70vVsUgD0scdNaDgMj3pPrZ0V8bA\/xmESw7VNToLPcOadkH9MHbF41jMAPEaD3xqUkat1\/m5M4Pv0eZtU0YzflDUjEcIUViabEpyfwesJgnqwj9BXqmfBSQXLW6uS7UCVUFH+dCmqa\/iJJ4SrwnAYJlCIN9NwJ+1Ze32XUdoN4V9vQ5GScujeLsdwY+HlSYWOZd9d2+\/d597gVGXqOsrTKKKVZCRdEs9QySjbJmNdJ4wcHvezwRkLYorieHie4sHilr6O5PVEqCfP8aHxH6msP3pHsklsYop606JbaZfCUfDG3w9nrXiNdmjL4dJ0aBKky9\/MhuPCuq4g15oIigu1FWbGfnmKl3BVJ5ryEDgMgOYehMyIJ+weIqtrAsvJaI2654d2yQ2OH9clUvxOeU\/jKLdsEL55j4Tpx9kOP9X\/3VWUCYt8YZ5rPGJN919ko9rZSBS1iM\/mjZCh7R6C1BomS2uqQqN\/2PwrKORuR7kRPmRkEsFpLoC4sATPr\/GTOP4nq63u7VF4sRJLtFi0qkGLBgbQiSIJZtFdtEjfxSrL6lqAnUrfYHAOISDQ1zIN1STDOnYrZ+Szd6N0NTZjKTFuAILRTK6wWG7zCeHuTNeZX8\/oHFYs7C7zyiGROiQkB8jkJD03SKBESsIOyuKO34yRQ7G+tB9M+WUrPUQDrOaQYjktHLjExIf+tn3Q0v0e\/rX\/xZZ3jNOD8Qo4cgJe9IBtNjEwXGPmZe0mVY\/ufgxNE1QutAq0xthgcM+KYUEAzsSQrzZK7ZOiLzHOqVPgXabqgy2oQWta7AlIrCSdCUHqqZ2Br7i1\/EFecVKIWlJ6vPFrZrOW1amQ6rV5WG6x9ovznlQWmBXygRZ6Zl6H11NDYyBm3Xb8pfynprut37QWSPCciwK7rtbnKe+EUnnE3Lnwb5XQzYSEfhojjMsjXsuZk2\/ovtBV2Jkl90MUUjDk4XeHIhe5n2t7qmj8rxsQKuxj9rBjDRjH+OIEZKEgLrFx5GoAGcYxzb3iHJF3TqdzTXu+qBokr4C959Ki309NAHaXzDaotCBtbPJMmwo9pqOst5Z\/tUfAwxDkswPSvCJzhA9mKCrSpl9Hf7PMyNrHdZTvaZMSASEy5\/sXqR7D3JPQ0B6dM9WwJIOoJ9KhPZ04lCOFJrW856gP8dZwzXWKZ5I\/qcrmankwbLnu1BKyarOpUL01fzxuRuamfUYfUru2TsLlGCUKIoWaMMrIKq4yKC6\/6T\/HJSYLPqY6fqVNsFh7bYwtGviFJVCGEYBPrNIOz4yL3nUg1+uS6Kxs3zX4N67DQOOGoQbq6bHyTlfJI4n01aPlGre0bfmC6Tp3JWM98e2jHYR5XNuWQjoxn\/Z1NA+ZLc3yPpyEnSO4zqV8lVzpFrDpqkbQ9ycyuV\/D1kx\/32e3Zc0t0r1GFlvu5HnAklFEwANPKBU7ocnXr4EBpq1xKM1aTAWc1RcVfilSm1xz82LQyCCJOc5iO\/zmin3ZpftGXkTCNVvQW1LtwAAhh0Zlx03rw7AC\/J1p0cID8UBIj7r9QeymlFafS9\/16+RcZYgdL3KUrKdHSbSrCPKTng4X0j\/abdtQxrxTSZYjKGQPl+WBVoLmCgqLLkuJIJhEXfQiPfgtO1fDtgu+l2TZCwO8OKgySKJH5cW\/"} 00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":111,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495208068,"flow_last_seen":1621495208068,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495208068,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":58703,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -405,7 +405,7 @@ 00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335383,"flow_last_seen":1621495335383,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":59327,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495335836,"flow_last_seen":1621495335836,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"39.227.72.32","src_port":63925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":87,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495406541,"flow_last_seen":1621495406541,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495692143,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"117.148.117.30","src_port":55572,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-data-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-events-serialized":408,"global_ts_msec":1621495911385} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":130,"packets-processed":129,"total-skipped-flows":0,"total-l4-data-len":174150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":90,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":90,"total-idle-flows":89,"total-compressions":89,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":408,"global_ts_msec":1621495911385} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_packet_id":1,"flow_last_seen":1621495911385,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621495911385,"pkt":"AAAAAAAAAAEAS1QMCABFAAViZVRAAH4R9mOokEAFCUGp\/P6iAbsFTuJkwv8AAB0ISXF10ZCPcZ8ANwCrCJzLpozLw4lUkkdlAQ6gxDr15gnzrPDGY+5Es7Rj4OEug7GPyeqPD2P7ep04DtKE\/arcjWhE\/TeK9i4OFMtcnTbxJLT+Ie\/sDxN+8rr9EpWTbrHR6DrOgebE9CnNf9TmE3FgFzE1oavAS0XPwmTIIdH8DlasdxYKazZ2\/Vbz3SE0UaIlbXgmou7suHpa04zHS3u5e9ZyWoFTxGTtw4WSnPz3ZKKkluQDu\/BtGXK0Nw2vkZHZvHI5lbvjogi7BhIgmeQsuujAYnjK\/8JvDzTmbaLJnfI0BPAzgpLAyl5Uc2gG\/KhKxSiYKBAPLQlIw6PFn0Lw49hevbrWvRHOrE9CLjmKoraWxDJ\/mALo4XhOb\/38Fr\/hKdvS3J0EgxlCXTb2thu6vO6TuyRCkuufEdAjYJ1vuqyiJCtFCAuUx7f18Eb4YEnOwiDxAbC3vGkfxkILkOjo6zw0CLRXf8nS\/NGBDwLWigrT+llhvmIHUFzlv9UH+xnKwzw\/egOFElPuDQWAHnu+onEYr+xarKfPXzcUZ2mJ8x2qVU8DnquJVsvWPKVTkAEBNrppoG89a28TVbihC9GQZrxGFJfKiDfU\/pEjYGoEkpc0EmKP6WcJTrq8AjU9GqT8Otws\/2IJyr6eRQmrOEnR61BpA68BS2gZETtHAFeV+7SvjjISU7v1iOrwnLh5PVhV2I3Yg++07Mh3uzcKBBpCykABy4RIzFtFfD0mgpctccbji0EH0ftvDOPuyet7rGzNJxhlJE5822+Xl3TP9GlIFWuu44I+7Awm4hQYyx6SZMm5VkB1u+AQoAVC5yMuqM\/oqccmH3ov\/Y0J8XBnYLvKXGFZN6w2Ie6AwP0RMVPR4KQrpr7QbTjZ1gqRIH\/gSQZm2lG3NnFEcauzrfT+UAJCMrcsBthQQ4GFi4GLid84Wo3e01Yrsz68cR\/Dgyy9EjPbiFW4MTikaH6+JGXf6NLD1CBuUsZVLsd0wLuOp+mdcUObLIIhYByY+ZgC+pokGwX4+0M17gKxSBYArJDBxXe5y9O3GJkG2iDua1ffTw4GMCTWjg\/R2g3bNlRt2Kdpw0gNsexLTtD4vFIhhqYc5yzqubTAWDS97RiK0ff82cdVn+d1axfVYDUVVOuPm8ks3AoXLvMXz0uwOT1I7eZMtFaHeThWMFitpjMx4373HtevJV+R5JNzCQnbUkKMTjHvihPPw5JObhnamIan7J5a0S1j0TBlprZNVWcpdmTBKK9FiCYUebSphRa9ldAHRwzqCWNqZR\/NnSxOGm\/diizPFOGmgelkIA+7xLYtK7TLNkZ6WWwfmMdAfmJXz152dGSsptNpHU7WmssMjos9x0nJPItQNMAxpvgaTkatuyFUAnSEa\/kG2dwBsqrcrwjs\/mFLXB5BDHAaGdSx+C7zjjhFvObf79qhHZ7JrOH0IFeQgRTI\/I\/N1E\/wA3O\/VVPfi5T2WZv1WQoakLeMywD1DSZddBLRgEj9HiaWe\/6WOpSn\/V\/zM+Gime9loFOdLfGpXUiurZsHPqUL1b6MPeMrtR937yF4HPz5BY+\/tSnZ01u2ik8yu9Q5AJ4CmdPfTqD4sA\/UJgRLpffrp7JIFjyUbElKxtMBDr0WSdiYnf1+TQzqqaiOCpGsNMZoe9ogrQfFW7\/gdsykD2QZJgD7hTY\/mVqzcE88T3Zcf5TxTTDINI4atIY1lYydToKknzxOdKjXEcoGNF2fxUyQPRMk\/YqD0njsh1Dp+iMP\/G3eoOFqy1\/r1bbUJxo+NSb1V8JoUh0VwlVF0mFL"} 00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":130,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":91,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621495911385,"flow_last_seen":1621495911385,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621495911385,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"9.65.169.252","src_port":65186,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -420,7 +420,7 @@ 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":2,"flow_last_seen":1621496437852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621496437852,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK5AAH4Radk0uxSvxkodT\/KiAbsFTi+oyv8AAB0IvPCERtRr\/7QAAEU0JaLtoHyofbRbg8jGkawveiyJ2UaoheXbSYuPTeMKCeIU77lABrfhjW\/KFsoqVpaP9JKJMlnvWCAfrhYhpHkJG+xvxdGDmZWYW6e1KGN5t8DibwD+sY7U6We2yL0NMOrSYyY67PZ33CEYMgrO+bU1ma8i3+NoKnZhxsjAkaglJ6uAUozF4XuimP6iU+KzggGtZ5AHeHRJJSrIijvm2uURkPI\/Zf52SGLY+vL4vQPTe7wS1EKJeXUmQgYmh2aup9vLeWlDTkRpMf1EwpwHNlukj5oBWVeoeBmaQD4sx+NuopJ+2QprYWTuKVJ508tJ6HgsW5Ot7jO5bBygYTExm8AhqCnq4UjBmnft2hLhbA7\/d3ydVpIp7qFrWPv9n07PW58yXrAf70XLdskX2QCxfb2EahbYmb3Vx+DoN9ZQfyauIGIQJ4G4xs7NSUBH1KpzLXiWyZKGC2bhtRyON+3HzPjWFxkL0Tfa80\/+SxEpgasrCwJQb+1o6V\/lNwqybT5vHn79PHBIvEpedoaDM+BEu+O79uo27iS8RNPO794dIBqh+wJSlgKlH5zeUshHAvvFJn1TFlqv8TRVbuRhgffiNiYg0o1CeqH6Zf28VhJJpbsJJD4AZ\/jSirQZxHEWJI7alxgK\/LiDdkgpKDEWpc3pue7siiUI86wkuQp3ziUbYYUwf+3S2XmN4C+TOxmkT5fxEIOXMUz4o9qBlMvVx+HeJXeP4+1XADUariBmhpvXNO6nl8VgSR05a2jc1zcSQm6hoH7Sjq19QDV7jFEfc7eLbvAvOLM23DWJ+wh4NpHj9pZdPlAmebA1IRONzVUDs+FLPzEH62RBEORoAtOT4e39cJai5gPk0i6dU0vofBLpifIxzMyKYaGd4qxHI1hU\/vumyHtthijttX3+DFdn3RYaqCp1LpOaUmoX\/6sMVu8m0LGWnwhQqFoSAeJsuv14Al7ULvCdbJM06GXHtuP8hOpztz8GERiD3IE4+pHtQzzeOFwW3gBxM8vb\/kgHuBEO3Ngo3tjKIHZU34x718MZS7qAptuEPHVkm+ESamOD7xBmeB3Lqe2ntH0yaZ0R1ojSk6QGp9l\/DQGTgYlqqmVVplJJS9Mq23y4sYJANTI+VTWYMkD6NqRCbwxSayYlRmpI0bsWTBa3Egd5P7LRpi+3cNo9ZuEhXIAF3ycXIYlhzeSYSYvtqmdmjkTzNQLLrulkQ5zCYRtkU4zvk\/g9mgS2CcfxLTkjgtei6kwqIx3Nk4h0E0OZscgKCSJf4cRmCCOmfcnN0SQlWhChNjlpr8NXwxRXP\/99Mm1hVM9\/1cJQ8UoVQJDRNojN3SkiUl26oijeQfH807azHA\/97ACgXT19Mdl1O3NlO9Iz\/csL8LLesYa1qB5z+IjimX42W8TXFqTRlbQ7oeAmIc8H5U32U0xeqTwvh76ZUT0WO\/Hpn0xBlv6aqBcKb1Cxl7JTIzz67aCTV66YXN8NeR593i1+u0PvZCPySYf5PqAIuY3yAjXufep0Fzzko0vw1dgNNd1cSLqgPBALOXp4QpvYDsh5OdOzrPtb9Bwn8\/YjM65iU1fQJwe0pFgWPBk3OLAC1ivEA1X2opEADJmIj\/+8LvIdF6nYgzKjVtmvtV9atGouRJomruCL8JxrFfNeHoRpx0yRl9yU\/q2BGWdEuqEHO6y7Tbfu0SWUkh49LajcNcpvqE+bJljstNdRH3yFDQnBncwCCqj4zSbXWQeeQR2mI+3rqRgA1HwOB+cQZChDPCGByW10tu7BtVyE7\/y\/Y+sF"} 02320{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":134,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":93,"flow_packet_id":3,"flow_last_seen":1621496438462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621496438462,"pkt":"AAAAAAAAAAQA+mr7CABFAAViYK9AAH4Radg0uxSvxkodT\/KiAbsFTjIVyf8AAB0IvPCERtRr\/7QAAEU0a1V3BXBwEIhDElH\/1qUxqcqfVK\/U+I3pv8jXB6GKoLcClwfi5i+JVRi\/+qOD0jSHpVm+CcmsqV2quEgqGH5Gn0rihcbJDGj870ULZI4KmDKfC69q5r6675Wy4U0x28m2t5DK6rGqmJIfuY4CLJ5+JpnAGepaot5zw988NS9MjaUUAwJq0KRJTk9TQLF3FkyUeCnv+L2\/mCZ4pQPvTUHoai0BPsJAkEBQbCDT0ne2qov3gwfXPyGYjT+qpU1DonWmFNb695dnTcteFv3XvXkEd58E8n7ydtguTKEpl548CM+1ZWTRyyMlXz4XZF8nSLIMx0GUIZgZvabVLDS2+F0B521wAlGhNrm8PRINe9rBVvQYcP4xgohRdv3nDuVcLpMwOSEXj4YWgyE3ZUgeAzYB\/H75MXEyWx2rB05U\/7TWZ7NlkA33O50sz9d4a2o1c3cNntoxGwlEfyLKcihZ\/Suz\/KxirS++R\/qp01ueSmHonRfmrrM1LSGcMyKd+Oc4e5KssoiJAFl2Nso9pSh\/Hc4LC0BNO2pv99cb2fqWMrvtg4RKbfx1R5ZiccoCxgCpi46Y\/bGbfrDImS2xG9ERCTD6jtG0jRR1KV9w3yPJD6dZUx9vPrSlfE7TRtUvV2tg2P8RQt\/NsSQk3\/7JpfMhAIPApofSUgXm0f7r+8Zw1J12aP1zZsU9ZyRmQPc6usI4DXJN8WSrOMAw2YJx5dHRsAS5bRsxti2UCq\/PcqbnjXZexpjegsnkWKYnN\/pwtZdssK+ny+99042hifAuhg\/BXmwZfuFZ7LWOinb0yOszMgV4GVujdcSyRmmJB+im4Mj4o509W5k04dZ0bDE52gnvESt2EXA8x4iUBeMzV1EC9VoL2Zd72WZ2Le8+\/S0MFe3Se8D\/liSQe5dY3M\/L+3ZXq\/9nfvzioEORhqMqj8nSgClQeG9dmdKGgxM5mcQ9CeGNozwRdxhJvWFmctGZQ2NjWDhhDHDaqU259Q3FvsbElzHVdrJ5mJ0Cxf9ajFKPgkVOGdrDG9ApKtfsvTm8mcEa8n0Q62eOymCVJqvif5jaYy+ecjinMVsEogfItZgW86yqnm54hcKotzJtaFtp3CA5T0NjiL0VfXkiOTKfOXVWtwS2R+LPX1ibd8kfkwAh\/XXkesEqkGqJKfxtLjiY18HS1YhU3t6JkzeJqPLrJB\/PbFwyElYds\/6m0\/g+LOXOZ67UcdCScV0su9cTzTbpFuilpU31PFlGsAgDKmvkZLzN7jt\/kqOCXoWwgg9bPQkbwwNwl54A9eMPW3BHZk0poDKL2DWdoWQmTEsHc0pqdf\/k0atEtrhXPDE6dm9ctnyGia88NrHpejAS5iOiAf1eL4iWXQNTQkLKwlOqi0oh5WENqyW2gdD3O5vPNDr95MLc6Nk9E3B2M+6BndVVw6tTuGClOXozYuEVgbdPUEQGHunkA\/dCQkelRbanSo5cdvMQPWbxeU5G497tiSuxNDfmsujYTz\/BK6JWmejCS\/KhAJaMKx7PrcrPsaNqhZU4Mn4\/jSs11bYdbYsLm+pMXqsl9X68WqxfFniiajHo\/Fd3P7UYw9qKzJA5hFllxa12+AedgC513u0kPjxtExQUdI3b78Ms+FaM6UYc1IOQ6tYJC\/kR00xvH3J0uZZ0HafuTIIxCiV49M2ik73I2gkK\/TLa9hQf1LFJjsPj9VPpRxrc2Ly1SzJ7P1j6ovi9NMEeR\/e7+QcpnMJTH1C\/dGDgaTfjeelKzH0zIUwM4v73ZogzQ+Q6mOQCAb1RAyJQ"} 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":92,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621496172813,"flow_last_seen":1621496172813,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621496439665,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"93.100.151.221","src_port":52942,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-data-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-events-serialized":423,"global_ts_msec":1621497523457} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":136,"packets-processed":135,"total-skipped-flows":0,"total-l4-data-len":182250,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":93,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":93,"total-idle-flows":92,"total-compressions":92,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":423,"global_ts_msec":1621497523457} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02317{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_packet_id":1,"flow_last_seen":1621497523457,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621497523457,"pkt":"AAAAAAAAAAEA737VCABFAAViBEZAAH4RSb6okEAFI8KdL9kJAbsFTlfcy\/8AAB0IhCcF96VVR0wANwBlELxIAYrJ18RJAopwESH080EDiTGBxAUIotc1YUcdQDx6Fm+qNXboDChqvIPFhdQk4GOqHNpE\/bcP8275wY0w3P5\/OBD00jBZFIIxdkIc1CxBuDirFHD1tP5B64vwQ5D8UGBMCwXBE5r8cQBEBueMDl1wCzedkaTPJndcvmabltC3xUmd0wwNZF33vrM44e1g6fvolfFIRSR585LU+EPiXYcJSO8XezQCKfsKP9OZPhOtv83h2Ovh66Ofu5lyKK97w1ZRH4fHbdZfIN43raCsZSEISB1XWpjeStwCQgX4pxEVT3bu7OPulibsntpcBDvvUq8hjhYS\/PbA9GsLf8ab2oDiv9nzg4n5gSjTjYJYqGNdpo8pvu3k0XjbFxeoYR+3bONBa+e0\/V5cimHNpgKrVTimMaMMdAFaY6tT7OKkXataUcGKIOpI4ClrI1RfjXBlfZBLOZbQ1ruqGWnukjIXOQ89MmoF02WXH\/OXh+KKRAFzwlapiv\/cQ9QlO9JZ0BB+POvvg0IQYksHMghnQAgMTrJM4innxppRZzBoWz9zsOmK6XhRhELNfRCbi4bc5YsBdjiD3ijjj0vhvLYkE8cmxkLuJ0qhNxl3p6hz2KHodGMRRnCY7+yW4\/w95\/W2ZXETMOaiPG4P8rFj6ml8\/VAIeNI42nP1oow2vPc0sprOkAOau2yfl6UbQppTRhQbTZO9wnp0+pb\/YLR560RKcRxZ6gUiuP4fRQpX1VnT9F+IXXx+\/hKRHGdtC446mKetR0R2fffEU3RdpszGGUSJYY9vViq2Eomp2NB2XsGSDZ7grvOQePwuxkF\/VdXMAKr33SX3CCDNZsxfwsHeafmqicnZBNljaecFtLy\/+9HYZeH3f2cDOX3K2VDbGR9cx+8R4uBk0EX\/px+zKszwuAcjJAvJeXJiBBoZwb1OylfJtFW0xyteXH7T57KNedRu+91GNpzswbrgQyjlkhovo1OK0t72ahVmG3ci4ldbaNoM9Er9o1PA3dEHVxpZIkVGwMvOCLlkTsNn7BvKy8UOqhGyMtxMVZXmLf+vQAImY7kO\/JmvUFXGBjLGGoDqDl13TqPutG44hrxR02KIBhULXqIMEKZ0qrvWpm\/\/odFSsCLPU5KX8gvQDTeNqgXvhS5yCTtJ\/E1FTIQ62Whbkz803oSWqHMyB9PTWsfyUOvQ\/rOPfM2Hp8037xRyvZ557yfBRFUiv70NQLV2Zzve\/8q4\/+h+Fri1+bTl59+RUidiY1TO3qvxPwSqJrc\/iUXUAxTJ\/iVUXyZcuGGc8bsiOTTBgqyOg9Hj4pZ\/3cKkgSVM8pOpKr\/hPcaL1tH1m5MiC8PYtFySKzAit5RXN62RM\/yP3bFdJNWXn3q6vSa6Nwy+6UJmoWNwQrB89OTwcDbVLvIvUrUOYSdw5tw4rl8hCKo38y10qvUFE7S\/vxva\/p2Znrp2ZVkSxayvzUJu3VFimVxiL3A7sYZs6c\/thutzyxZvCEQ2Ehf93l2gbRl7+GjjrhvbWDav5GzhJ32x7RnRqMQA6g7ihAB1sROsstlfmwTAaFrKCBAN7dq4qC4xFv28ox5F9z+6hjCXyOJStyP4WcjK+tovRhkLpdG2Wvd9PUpQyVc7n2VNtkJqiMlfYa2ialoeXEG2XlWpLp8Nvi5ARgJCTGZFWy91dkcCOz8sVye7XwnEDxu0kn98A2gCBLP47MxjqlsbBe\/36a444Y35PEcLtU3xUP\/8uuTpLZz8LGaII+NM3hazyvTcHrfjqZ0yk555T\/\/FaKekILXf"} 00712{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":136,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621497523457,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleCloud","breed":"Acceptable","category":"Cloud"},"quic": {}} @@ -431,13 +431,13 @@ 02310{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":138,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":2,"flow_last_seen":1621498081821,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498081821,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRtAAH4RYuSfdbB8xkodT+8SAbsFTm91w\/8AAB0ItDBJ3NIuqUkAAEU0OvufirbIDgp026bZbyRK+lP\/li5aeFJuMGsrKstuy5GNC2z4iOO\/abPbTq2u7PrmN1s1F6w0IR63u9BJRRqZsjR9rWd14KbZN92cuC6PwQZASSZ0PWLjMgW8lo8bo\/p4Ie0KGPVmarivxVc7f2b8bWK4ukJRx+v403t\/9CEnqZ+h1nQX3cV0q0wYsDcL4t89rZdkOD\/2h3Tynd0mKl+EfWaCiGCWZTFea00jKZkzOYtci+ntlHZ3vN\/5QVk+nvgSVijNAivrMJEWbvt\/Hgl\/NDn711tOaolOUN7VDWPKhmxO5E+Vj5qkX1JuMR3poM+ZzVmshiDYUYmCOo1\/EPh7BUBA8amQA2Pt5V1UAhZ6l6otPDcgPLAghQgMXkuAiTtWFzpRy1PsfSTGti0hwoBRmXcX4Osy85gPdkMPPjDRL9sxMWZ443WQaNmLu2NCZG76oV8Q9r6elrs8nfp6cokfwyjQiaj5lXdtmWez6Ub9zZ3hVLN4ZSFJ12MzBDXFLF17wXLFQVEwN3J0hUvUhKsfZyTSVGXukr50e1LIUe5Vk3iGcV5os3CuVaG91MxXzApOzbVLLESlpzPGauzkLFu+7wEmphQ8EOGPzSKcgPkIYTuk7\/p1\/qR+e\/LIKLwmFLece51gXCJDFQ9PjUsal8fhmjAQtOvr6WTWXLColGnpvdaMDuQKB8HjmmpR9dJ4DqjExdn9ISewALk8HydNfk8Uvr3B+OVq71nszG8nTFPdSYSBzEWhRglIanWym5rO+STC\/8vTv\/W6q2hhkLWj1q0jtPjwAN\/v2Y+D0A4JyNLo2FkyIJcbWfplQ39A3\/xuxD3YAD12Vn57SeHhSWxO1uApQ+t+zJkEVcrhY9SKtmNwQm+6eVRxYFVqew4rn9K7lyAryiVHDQMrxz5ZBAq541Ty6HHtPWBecGy6gvo\/iT+yBnUFd6REWeOOlZ0VTsR\/AFub95hlY44g8UyeLChHkWygL0G4vYgPCQgWNuZWs1f3PFB3C1r\/neQaHWsEqXfzcFPI1Ve77J+5BsBQx73by2L8lYfyixggOPo7sTcoKYKSodtv9pgExVr24O4\/8tkR+15ZqhYeGxR91PaYugbzj67u+4OLdjdufEwK1FjqMmXfKMkZZSRgMY25aCKP6w9RpGPzU6xtd6n8eBrjegOuQMY2i7GThrYUeYiCj24dBR+A\/nS9Z4ny1MZWcp0jfK4ALWIdHAvCMvFkaEoCrswCG3q2FGMP67Qn27U7Cgdy6Ae8bOKa0gpwD67XIbZ3VnJtIZI7zP+FEhfUi0Yu6AMqmlLsv6OXFjKd16nwj\/J9CUoCsvFZj7Ux\/GRuDCul1XmrxN7CCNOU9OX+ADt2L\/fQyWzOZSvKiBhqpBtkk2TfqvuCvxVhzPhUfxCU++aidWCrZQZzSrwuajKW3QvMvG5Ss7lOXFiKY6un0x+VvjFLGtGPVVsETZAhpkxfy9vVl7cTojfKYb9BYI3it8kRtXGrW\/xIOQ9niF4V1PDpiubAYqMeNRlI3NLhOOvjMSc4gQyVKtScIYXdhvVAZtuM9Yabsw9P+8B5XyWEuXXKfq2yxLzBNvM0uXuRSEoFhzdgUADAIq7QcGiDu8G3IbB0DnhTLfiqNJcrjj5j8Y4Xh8KAEXft93SE+XzT7U\/L3dHtIrBdUdCUjN1yTskCC97fkKUSEv2nRSFu33ULAhr8XAIBTeRzax6cVNbIQtbTQqO2neCBmpL85f0DISj7eIkl89oCYMp+ZXfxIpCUVAU0uyKjoKpFGrNC11tb"} 02321{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":95,"flow_packet_id":3,"flow_last_seen":1621498082422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498082422,"pkt":"AAAAAAAAAAQA8lpWCABFAAViYRxAAH4RYuOfdbB8xkodT+8SAbsFTriWyf8AAB0ItDBJ3NIuqUkAAEU0gEWSz79hSjx066IgEUilTttXNnBdxCIzGwyKgx22yggjYxUTOdMajr1\/eFj84LW0tWwiYEddNG1hbcYuTsjgufILsroj24Q3t\/uzrvR4hxlGIipIFKFQSdDIGcYBqlNqAaUOXFFDKWM\/NJ506Je2fGuUskxDQKAKr93NLTfrtVPjcaeEjkYt31c\/SZTL75GuaPT2mMN7etsFLArPTUK71+1V1afZAZptJCfmKCNVqwgGuD2i6NTmwkVh1735B38SS9NeTwvibpCCgqWLwGQceudYrYixpQsp4ysYS8hpI\/FAn\/wMbNYfLg0ULXfgBbdtqpqAz8gzjz6eyl\/Rpj5MNvbZVqNxScGru+OBXQwtVEZhxEtA00gRt2yig8vtLXbxeTHNHLvc1tr8ADnBwAus7BUb8Elx\/8QbOQJikFJzSqgm1q4x4Io\/yzHxvAmLnPsiEQqTqREOrKHfmlEHcPkGVkGtxFBNN+2k9aZL5JbmPRlBlC0G63qLufVXOEoqfGJNMZ\/r7nslJeVC3RVHNHRsnQaaVqTKCmjWU\/y1v6+B27XHPLKXFcBZGuXpvfdMRAsvAkwRzf8W8dO1sAukMkeYXN0V0P\/cdEmXv\/Mltpa5lcfPfiRw+bcfRkuNSD7Jc2b+iebax5ug8xwzr02wcXcQF4cGzsQyRZl7DyqI4QU91QrAsEcoHNeRg5JB1T9kQFDdcX\/REgLdvgMgBzxehG7z9OVH69vE5OHzw7pvnkoKe6J1pspEyN\/MZnsAVzaytYx30UuiyRgMISQWN1xfqum7\/YAiZINczHJ8y57E0O2FZW\/YNr4IpADWEzCYwTIu0x3DfRnVNbEZaadYGhViYNEY1zM28\/67i0wKSSLdh+0hygO1BEurBhEzdIroBw1lBfGNyfblV6uG\/7uEn55zpbG\/7qCk0ktkqTFveb6WXCOISST2J32xBVGziVeJsWONMPJ8Jm9PT1AEZcJwaHejFt9DpalZhmwFO8Enc\/ogZQaBxWPbFFyyuh9rvm6tNvA3jaeVh40hlLlIMUxPLddroFwYb\/9EO2mIWdQrHAdGk1Lh6AyJa6YfJKwGpm9NYCxghscJLthycNymVYnlH9ylQDmgmJl7hvnLAvwa32EnPRpWHAkiUhu0kcIqcpT2SkZyiu4cMABsnU3jPWri5+i7YqqcU8clEZP79ilHPctQYpBtvEKAmSD7Gg6PfMEKZqwwpeUK8+dTYIp\/o\/SmoPxYAZFC32OjsVAjSgBTgUFjJQtKJNO\/Q0n0\/Bx7FI53Bh8tOLKaMneKlT+LrkWYQa2IgT0Ubj9l8leMgakA+hFRx5nhKVT+gHy8BijJa8hM45tbFLGLuaHb+CeAqgmE\/m8Ud4ovePpufZDd3bW0o1jrz4rn0BX8tIkQy+IUYoxrBjuExnNvs4TRwyfTblAI\/I31W8aDB662jJlcg\/QE3btTahMgEReMXljoY\/ZRh3u7JIQ6wjk22ntsR1sJRh2WFJh9oJxWsj2DyGf96xBV4z\/aPhEV\/yote5aKxrDNBeQknvp7Yhfy4En1FEvSZe8rUAbBQgDc1BHXrROj+FBZqKGH6sdegaKRirXJnQLUtUJ\/Q5NaDydpZmdgBmsplWOT\/sTyUwVugBQNQqk6\/7I37T4YBTN8nQWspDxdmEOSVvcWwSS7UJNsfcrNGCZpeXaEIJv\/\/lt\/H8+PibZ7H26DpmjUL7J1pXuNg9btTIv8GIPiixqfenNc2qdVBe95VLeHtbRIWFOipebc7xvKSmtYEtFRjvJuANVxLMqf"} 00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":94,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621497523457,"flow_last_seen":1621497523457,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498083623,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"35.194.157.47","src_port":55561,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-data-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-events-serialized":434,"global_ts_msec":1621498212950} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":141,"packets-processed":140,"total-skipped-flows":0,"total-l4-data-len":189000,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":95,"total-detection-updates":3,"total-updates":0,"current-active-flows":1,"total-active-flows":95,"total-idle-flows":94,"total-compressions":94,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":434,"global_ts_msec":1621498212950} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02312{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":1,"flow_last_seen":1621498212950,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498212950,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDdxAAH4RAMSfdbB8gPgYAcFxAbsFTooVwf8AAB0I+oTf3zKXQjsAAEU0K2X81CUUYVNTb7c\/gt6K92g3k2uie+OA53gIgfaMNjNuH4MUMelKU6Fsw6sNfg5GG5qJ4eud2MFOn8X2tXhI8359esLfPp9WmlTfT\/oOrLme3MuOolugSEKcrrCVkd0LZuV6Av8DKVlHVrlpv0240Nf37vxag6C53FBDIOQ6LCd22JO5xn\/NaFOQBTN5MwhdXKe8H6r+EKu0MMl3i18CTaxer4Ec7N0oGrRomY7+OmgBg9TauzdMWJj0eYJFpdct9mnNghVe3E+WWeOHpf3NCjtkwso9os\/I1QOoZPXB9jwIdZ4Ne8+CuKTG+9tcqCFaaYPOS5DhXjQFlTS5J\/C8wry9mRLfPxmO1BQiHAFr6GP9Y5vWBsO1V2479WWJiBEJug410DZ3eaQ6ykeEHvnIbiMvMtSdXEZttkVySMQ31Fw9rOzeUgG+BPr2jhdWKXNu3NdlWiImj8cTTjQOxOtPhe\/+6Fx3ryMD+9KP13OjJpbH1TmVC3+wAJCtRp7htijDfs+djtrDtQtmYoljdKd6zc7r4DUgUx5a+lfJ+CQXmVSyc22sQwHuhLv4tZCwLDzjsfyd0tH+hoD7Qa72Swsvd9iN8a6VR5VOVL4dEXew+OVA9WCef4VgLk3PIXZKixpDLfYCSJ\/KS3IM1J4\/k8MH5DuYEu14a4bhYLVMzA+\/6Hh+TKT4leprgFJ91woRA3ZcHSFAFDQ6JNfWusZkMrX0kYWHzOn9N74ryBahTJAqZOQDKe7hgPc1zvzFZdQI\/CliH1lyvZkKhGurs+S8SAvkW327v1xIJ3a4v+knVz1HDiu9E8EjgQkT7KRHRIBqqKZ4ondbPabBq7uV6zq471LYqxhGKFGyoGxBVzr2DttB3Z3\/pwDEIs07QNSxcUKBzdZnJ6x2Fq+YkehrvOFCXOy3YCMutFzVwvOnQCidL8ohHIIWEgjIbGLfpHm\/0aWrklIqjrJSJ+rTPRW83W61p44YDEYx\/ac\/msD0XGRhWnBmicJsTwRBBV5svGieLeU0wwoRv\/LHI4mThjAG6AiLpvJ81A8npvcEWQ+MjQOgMjWQq72fQ6mncpsEh8naywuNoXmsIk4BB4ZGwmYN2ud9\/oZeqWqvV2B0k5gYpBOaiO5AHqvzEZdSTEayKAQ1YqXbuCf5QNmeckJiVyF6qNBoatmRZcQSwcZ\/T2ApNAyCKTurIastl6KeRV4+KqYzamhQB2W0\/ku7l9R8YLUGXIpbFAVZ0uF0OZyLqs\/v177JsDndRPefW+Nou62dLsU9VVlluBk+YGFmAONdyhN8iZeA5WCOwz3iTTD5N2bN8mMzQIgg7Bqo\/E8GIRug9o17TbkJUN0YnjfCIbHJtKaMHxL00NJbr3VzPT+M6M9yFXdxFqcigT0A\/lSoDVW1cjJ+LLyxe7NFjRQd0WXacjomlU\/vSqOt4d7QZrZUGLTeRU+r2gGG87IsvBtKso3QQR3flphwZgK4qieVr6KE53k\/ITHpCwbcQAfeWsRIfVZj5YsjA9TaaJLxpay1HiqTxUqZg3plTLPwXIAI2UEnJyFqlp3LNmknoPjV\/RJb\/wzVE1l\/2TAXdCsnVW4\/RvYAIgz1kbEyY+mdBPPmN7r0m+q1IFeOg5RTG+Hz1u5FTDjQLy9DaHat63UbFT45W72CQGLR1YbL59Rzmw7wT02BDrbjYMG5D9ap\/FxMB4LpXzY4OpaSIPgoD0IgD6kheO9CqpcZaNN6hMfIgQu+UTF39\/ec6XrRl9w5Mu88X6Qox2mOpT9nNb4CbMfitF4Z"} 00700{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":141,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621498212950,"flow_last_seen":1621498212950,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621498212950,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"128.248.24.1","src_port":49521,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":2,"flow_last_seen":1621498213250,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498213250,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd1AAH4RAMOfdbB8gPgYAcFxAbsFTulVxv8AAB0I+oTf3zKXQjsAAEU0+eG2aeYr2ZwxMQeoNxrRVbNbZLWTAPBIHGmzPrHj\/mbYKL9ixyzcBxmQnCXQO1lDY0ds2+Uxd8ptUf0B8IEyK6HWt7XDMsSm0czLAJJ5gHVvFp4WvT2QOxWF9qk9uhVnOEbnpLXsHxpRz\/dz0mNah\/t9a+nz9avu0o52y0QKIy8LvNVm5rColse28vLMEqwFt8Yhb0a+e8F1WQ2Jog1lBFaxZ9C2nVaxdCT6fJgVQ6neO3NzPAYvQeMe31c7fRAOphOfBUEujT4YzhvNiFl\/wwufDbC02lbS32wQDoSwANLD4ijQelHtGYhgR48L98xirGA5IPv0nFtZ1GWdgn333AjOEIFGx3pnnuYgw2iuWo3m3sof14XdX\/TJRFaZuHV1ez9+gI2LSQdjuDaB+lcNc3pexpckY\/HKHazTzKBQe+fUELgAOI36zu7bwfiGs1DcCvWMT+vwQrQ74Yw8jk4Z4SiCS7DRZyln0DpQKDMsVHuAt0JxYrc8EmeYHpAa\/WU7imzzrVyCMqw87RX13BgCI3YyigtKRpDM25QuBSbMZz5ZYeiWXPyE1k+Y7t4UwBli+J1tJgOZYuGdHdpf4dfCgKgBpCB\/sV\/ZjdtG221HiWUjAFU\/RX+F4Sk2nlwgBk3Gu4HyZl\/faOlZ4A1OSdQ+fFuezBbnSGeaqbNo8VqozC+DV5QFVDR+iO+QWF73iaPEDFOX3fumQIGEeMxUCKQDbM3wtercBjGaPrgwSioQrTtGhXuk2URGocylTgSwqUuBqVOiZ6JtnYXVCLz0j3YmG54CGZRJwD6Hdzt9JYrpmq6dmeqLlnGt1boRR50qkJxmjqBOKv7Cl58UXZpi3hAhdW0L1aeY6VfIJ1ywx4a+S3Xag\/orC91PHKrMCiRMP7BHfcAHP3cmMHXdjD7rw9txJdTGOjn8lX\/mclH9lQGLRl1v1dxB91OITgYtiPUptU\/FstAfqQUeN7VbNzZ1K7myM4eKtKPa3VKJ41NTGXaN0jRG3AsJ1FJ1VXwFsxEXvqnYXdbQvqIAtWI7ORnGc4RUiKLZMaiOQ9ZpeJBxqsAYf5Ipe46sFpXilr18+FHg4XkhotA7suHK7WRKyC96nxR2DpEVf2iW1ectFaPFEKsQ\/H1YQbyGSNOyfsPh1j7faS+9snjbmdWCAfHpAxSqQjfbmAdHw\/pXpU8QfMr7cJSolfwHDFsekvEeA7haX+xyxiOvwU0xIpKlGttzlKe9Zs+aw2lgL1+sWhZVxiXxt\/gUA3TRh0SsDzH5g+XZJd\/neVfv5Focg0swaZtgQXQlDD7IMT0JIkbpudBNxUJaoKkGBhyJSXW3YfdpVjMxqZHSyytUW2OsHTqTDxRLDFBCvuJkYPJ\/TXIpK0\/4wD4L9l0omgm3px2fr7Tg0bZjKBZqYFsrt3HkLtSGTbe9Cy8+JivD7AEnEUiKufzcgmavYoKzlmopX0FuwXrvI3Tehohc9Un3CymwmJwzoJogxWbDMhpF+zwoGBGss9an05aUuur3iz7Wxk0lUMrHG4RhjccCzdOjsiU0cpH7WOa3JeWnb8oZZ7E1yUHJnEa8TUN7DI2nHm7hd5xvO0jYRqfo5cwZY5XIuQteKO6d5vyOsi3XP6L\/1\/B2Ut2V2caOd42VO5fK9qvI\/d65vyKDadxtG52mLCNi3gzdraK+EO18KknpwVwSg5Jv0pduYOIgWdKxcr+HnXkkz+KrYNl2w\/cO6BHjE8z+P6ziiwIfrr6GWrGLS2PfoqxdL2ey08WkeqrNpvHrYQU2a4rs"} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":143,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":96,"flow_packet_id":3,"flow_last_seen":1621498213850,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621498213850,"pkt":"AAAAAAAAAAQAR+RbCABFAAViDd5AAH4RAMKfdbB8gPgYAcFxAbsFTsNmzf8AAB0I+oTf3zKXQjsAAEU0TYW2wa0gBSRDkkdmZJDu\/pNSjmjccl+kQig5mlxVsILRFwOMT57XuOv8+xCb+87uWA9dkR3MCory+CSA9k9IwRunZJ+BETH5SfmpqFSP\/EAiXYBfiyWfexJyvvzdDNIlmXLEiyQv4ixIWJIO3WnbJCrbDZ9yN4PPh3+ZJeKdbL3pTJsxyDYJ\/K0AwIB3uSpy2ZQ7iPtPDkHhwAm0FbglERefDANRRCDt9UuWOODuqe\/eXcYzExeuApS5d3YIK4jhh64DClYEzzb+MKIc\/xPP+Kn3lPcPwqqIF0tNqN4kidjRAQThHdN0m2oore8VMpITgbE0pV1MgkL7lfnb1BmHdqPktFFVvg4M9R9oBo\/vgEDDJRAWAmGcmVRa5lB7oAaJdxN824d+GfIw\/1qMVVQy9mbPreGNJI5FA87uOjFOg\/W5J3F1z3HhaIyqbtwEoUGiMpxMkBVwhQJI\/NqiQ7cCTPyStz3iGYjK3gR\/9Bbw8+tTw5id8ub9L1LWEZk7DqKPgXVBJu8OGwqpaRMSGddcTDBphFbTHUszReIPXXK4fIJ8vnhXIbSCNh5usnBJYxXalGGyP1OwD2a79wMSUAPRbTRq3rslV5\/OoRSqu\/Zs+8jHkIPMW4LtxNfcjjkPK2kD4PebKMCHpmd0zooX6LnokRS4M4p0k3XmNrQeH1SNO7ooZjgdGcmI2qpnjZ50wZY0FVF84zFcfhdXiDRTgFPFrSaaxPf0z8xF0n\/P2TpBv6uEkyXD2A5+IeZFJHXEf9qwaBDrm596gwBmYOilpzlnw+vM13lluTV8LOtESGS\/vKE4CpcHhAcjdbP+1ymk+om1iitfEwkvvDF1j1qafTczkx30v4HqUJUwF\/9b61fj4o\/7elbSAAzfCZ7ESTNk2A2MHuqy\/5+jrriuO72nwy6VjhJ+GulTPzobteW+l\/zBEckGEa8FJfTQdOStHqid4SXNF5RJb\/1ytpyxjnE0mVjMP42pjeQQpTUsUPMa9heF32n+XhzIkoHVuTsSW8KUDb8XsSKBKbYY1eJqV22PrlbamGDRPIeYyZxQrvseBe9ZGoW+ojFuhr345lGnNBRTbyV\/ifd+H3psrwilnpBQYZmIt3+yx5+Ox2Fl2MHXrWRMFlVHgyr3YspcY0pZlBmQSZOmPefZHN3UeMEoicflo7w5P9I2OILP+nrgTefS2ax7woPr2siuAHSliWnIFGW80aK6MX04MDmNfZ9qEi9D2uzji0WYs1aM\/FrXpTtqj1SPUWWhLEfXiBcjKNmhsqIUIEkrKDmesaaohHC3lT35CgqVB7Sitf+f3SeyMb+bWGart+IRgLgJBcEhEKoIoYkh0VLJVV9+doaDLpZ3HUz68vvJqjR7RJ0Gd5ED6cjJQuN+n45FpN9LmtbOssh2iF6qqJGi+PGx9q0M1M\/HUKAy5AN1S8YkWFsARDs59lonK62ZegV4vU1TBWQC7PGQRI84JNqfby2iYcagYspBzxJ+WakTI0qksHmy126F0+iqfIjkScGi9KPimhJZju3YFlyo6jNdjnvMmOvUUuhPQiXrORQ0r8qWWWh6tJ9HkW9sI2\/Ef1akHLftAxsOV4Tw7CFHLJLIsPfECdd0l00i7lyYzOrNaZMF3Kzp8XNi91vmLaBsXnvB9zagu0mQRRAnE0+1FdGlzcqDM+y0Fv02XWeM5LLndn5G6Ul+OdbTDl2ol0tkAwTNskAn08T2HhWOi5x48zrrAMi7Lm6AQyQ1v45a0okIW2FPRz\/fVqdN69MfaqHeQccEm1Iu"} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-data-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-events-serialized":440,"global_ts_msec":1621499083794} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":145,"packets-processed":144,"total-skipped-flows":0,"total-l4-data-len":194400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":96,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":96,"total-idle-flows":94,"total-compressions":95,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":440,"global_ts_msec":1621499083794} 00634{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02307{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_packet_id":1,"flow_last_seen":1621499083794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621499083794,"pkt":"AAAAAAAAAAEAO9I5CABFAAVijipAAH4RD1eokEAFubq3ucBBAbsFTq7MzP8AAB0IRh+k7PM1K8oANwAxa5vCXNWzfj2PGJr2ZJppn9nfh6Ikx8R\/J2n3pB6hj93tRIJPjf+f1DrhXIYFADw2Oc+Fr21E\/SBJZyXpa0us70tz46tHGmOeBrCokS3GTXPLNs2f7i6PVg5iYBx2tk44g5C8Qs71ezbhVdCLpeHqgEt\/KgFUjX37SuS08dzh1hVBp8Jk3e+0\/4OclX8JP31qwN8hw4wkaeOcFhqGvTvb7GXAVee+0nZmchwlYaeZu2t0+br+FVqhd9lHLvrcyz7DhDlFCTLeKywE2b3EdmYTKWQbL+AaOaELDauoXSTh5q70gLIFBtuSXXAm1sLAL+gBd6WGAsCkwCZK7IBbXbpfWhwnxlVgDIPibi\/nJn1TA586o7oqTn7ceMNjjzs6CB4Mgf4cOzn1YbtrCp\/6c+BO8SdxtB5t2vkCmwP5K7T6LfjBIuFXQ2o66LBu8vSKvZAtVO2yj+LkUyzGXrYGwfv92RyYG7LfM\/qS18M93d\/jLQZxmPy5yiGfWVxPGI0CPYVZsfmSBJekaJCKENQtKqBFs6AVPQwEuwFcacGyY3xE6s1Lu4QTKe\/QxafP6viMrvTQxzW0bcasUyFE1R7C9iQNIeJ9yKNA39s4GHvCsBht5FKpCx9AeuLYalRseEn8YWrDkPowTqNRxe0MscA8q6SQSy6jR0pOiyDsuL3gqILv\/SY8Rac1R05nZiLplGpiGDhE9pweKrCSsLdVSYAwcW3WvtmtNMX4EmbGMMrtnYEWdvuR4n2IdSRyv9gEYX6Q8hzoHG8BLHi+9db7fSutvIgwHCOUrjIPrH1I3iuMdZlcts6TP7n\/rLuIJQ90AfdfuDPtfyv1mHgxzTtaN2PTxwVb6duplHtdyIHwQW4JxQZkf9eUmK3IFE1g8uPWvlB3korqRC3X0AcAV+sx3QBx\/qT\/7gF6DFP2pyevadhyCvcOrG457OyVD1AcTPiu4iyRPIPs0ZJvBKST0kuFIAK1RoJYGXKAWb6J9ZLx+s6hzq\/1f\/0fVYymn2hbZDLHShxwbQkfEQlrOwalUO2ySwNcLdHaWrgafMwU1Jqwy3c2Wh9mqTVQACa1BySgEpwrkwNkoUZ7lai8AVhdHtwXYpL1gB\/TH91SWvUyF9Dvtha9t5tE0iXlmpfJuZOaqCkHSIu0XSKSxIBe2ySee8BdNbxqds4tKl3kUNeesA0aLrk5BIYrRjA9iqsg5i85TcPN7ilOO\/einXalctu3yF2I12P95cnmn8dVV+5aGLhS7eTX+TflkPHiEhNljw7cP3w4P+5GLFwM5tudCaDLA6afeuHwRmNyu4EHuYIuyQ95\/VnxA50tA8cTxnIXtWDvz\/V\/1jC10E8ZRQOx5RAzeQuGCKL+yBkb5e6xUFflBWfYCece3PTocANgv7MamRt+5dIoEcXIWJrMMSlrfY87Sjfbdyjyitgx\/3GErSHkqQjzECLn35cePuOYXjGdauoaI0FdXFxX0N4pWRgIFSMOMgv7WGHyUa7JL2uW1l6IWs4\/VyxVO7nYI1RKa0HSXbv+H2wrJyMWxXEF+FapMN8qENUanZn0DBN3nS29l14g27PiX1KosPCMvNsAEyL+FHupF8wbuG7hhioKZRauujDguEg9ExQ0m3tL2dBvtN5ROVDD26LyzDaWTk5zwZ2+bt9\/cncF+BxskyVsaDrMG5BAD+R2MBcjstM8WCqDrGmpTzd\/RDmbyfQ94p8EE9NW4bT2joZcpOovGfpfSmOfPG01l3k3sCykGLsIrKUzsxdgNn2SuQjCvYA92JZ4glYI"} 00700{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":97,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499083794,"flow_last_seen":1621499083794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499083794,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"185.186.183.185","src_port":49217,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -448,7 +448,7 @@ 00706{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":146,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621499130835,"flow_last_seen":1621499130835,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621499130835,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"198.74.29.79","src_port":61286,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":147,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":2,"flow_last_seen":1621499131134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621499131134,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavhAAH4RX480uxSvxkodT+9mAbsFTiPZy\/8AAB0IgC3o3GMiP\/8AAEU0xNPHNjkzcBN6tG3CMXMgN1VQUQ5zORwwdJvxC+4U4Wo768p0CS6oitGkvJZyjwyc3OomATdmVH8dl4u8+5ZoRqU5nHzh8arBwEn1ailAEl2\/FeLrAKukjlpYd2Uk6yjAdkKgzRJUrt7\/axFA3LL6O7tdgC5hzo0E0\/vl4YnagMJM3wjFjjHYO2MS55fyThkTKtMGKHzAVPiKv2kKUgzu3g8FlFf4vERg7PBca9iFQwa1e6czfFLHU3jmlRamr1hxIWC8ey9XXVda7oP9kCT82UgKpNgsvn9ag0yB6QxqI6o91lGsTfzgwNOJcVvwV3aY2qjfabeDbzPU82GWmC8dcxg60wWM23VAAZlVYaqE14ppMMyorKrKFMn+86H5\/aNgSXh0MxcYpilmN6MgsD5Jpkp6OIphsmHoNdSCO0UVCwGJhSGovYG83XAmetDlCEUuBf6MaZFXBjrfL+9+VHX4irSmtkovc6L5vSe3Nf\/Ub6qgARu+YW6Wwl4tUjGEcM7JKUQxN2Ukg1PimEsh9oAZ12nyYh9FV1JccWxNJ2iNa0HzjjZKFHsI+Wpn2wjQu6fGLrQdYisl3dxVlFj4jvRBju6QBGPqW8L8vdchXv3SI7zqO+NhEBqeCwisAVMGs3\/e0eLRoiqrlCvpzdd6wmWwzublWtkESFBS+GKBzAzbuO4L4Jk3UFfDunCYtqzhO+2c92mAtqsWUkc7CKf7i5TjKJZM8unl261yU\/jXeb6zhnBK28FD6Pf7vze97LmpT5VanmKiGpb8ZFvlX5LvJwFqOst\/Op1D8Xr+i6cOe2zujddvgkGRpWHduSyvlJRv5eRBop0FHOugDZjHwRl1P5GOEDM7AA1rf2k\/IZ6eHOqZsGK6AJyenzNCgwn2VrrkC9JsT5B02qcBGp2ieI1StsetnNDeBxqD01kqrPTmpVvwJxCy2yxgJrEXUggkwFbWIS7thWSjjhXDU0J1GP9L68+5UUKxu0743nekpL+HTPJD4N3h3CVTgzlGthPYulkO8tpw\/xmwb4Z53Jqw0aGKoz+dhDGMih5n97yaHi969BtPXsVrXOzMwgYDcGdHV6VGFDrRp8MvBHKVCcSB29+r+o\/y7gXXTkYGvFUdNPQnjtOPuTA3g6ED4ZH8pHwnFuthO9KrwMMPO0Bmio3US2E5BtPsHcZEVYe8RumZt3y1QcMWOvon\/UMvBjIjvrv0jsdmxjixC9tBFNbGe7r97P3sSHcFQ62T6BzS\/+NgBh1Yy4NhP5OC50DrYOUUKT2FWmyPF3rEeN7cKlVvDoToDTZvmnHz0lXki3TSjmEpfEl8VTrO2dVRjEyX6UGi07VXGODj7O0oDpUYCDjmG1IY0i\/swPCy3NuNEJt8yL0p3nKFjn1FYCc72eaCLxOWLqdkUlTWvm8YpTERh\/\/2jrhdGM0qtsJ7FcXHR51v4J\/QVf7rdJwPLrxNThdnZTGK4C1SIOXmUd+I7RAsVphCtMqkYz2xSC9bj0qFHuk+dNgchK\/qNK7D\/3TQluL6drX87zcJEWbeEAz++Bs4gMrOfH1c41XMna9bpL8uXPg\/gpvGR2NJd9tPrZADqH\/l\/5rjIhOiUnkWVyo0TCuowGc1U+R+LzRsroJKH\/6INUIkFvJyqDDWDuiqbuF4a8ofyZWpGKXbY6tbrxR5vwaHY6nEBEtgpQDNpXreT8uG1VJNuS0qFW1sMAQeSlsJF2xsZqjv925b07nSHBK8aJ++l8pku10eV9oj5mc55it2ZlpB3G4BEsXbBXW0kaMazv8X"} 02316{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":98,"flow_packet_id":3,"flow_last_seen":1621499131747,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621499131747,"pkt":"AAAAAAAAAAQA+mr7CABFAAViavlAAH4RX440uxSvxkodT+9mAbsFTucGw\/8AAB0IgC3o3GMiP\/8AAEU0O8kVjzdhFbU85yBt1iwqehVgv2Jezj6mn9SdO\/xAMoQ6Qj2CZu4L+khp0ED4qwgVsRimpW9+019RfzBmCFh99aBBiZCv05rUnXo\/AfLOGNQtnfLnIt22QaI4txCY1wQh4\/Yqe+fANHZK\/ZmF\/8jsdmd71qfw03URemmchuDEmTC2QyCtQDR6IgH1doVCRoOWgfqOlswkaRTmqWfAdyO82HcYIhAl\/HvuxVmWaTRo+N+1Uvg3vOoeFbmkRfA3yUNsNKKXj3CuZnmwqgawAkhvUNunDuSNb6sXcWQSLMYzSYokvzGSrnCUFzWEzLjsIIkXyik5WMtbabj\/rXxW\/BmKnGxQAsyLYjlGWLl8IsRIUrFFSYYnArQnHAypfPl5sP2d4bIyERB5Xk+W0ngzdIfL9its1S\/1UVAsH\/LCTr4l85qg6B3o5lI7DKEPxygD1vV7v2kHUJUOsz6IQEA5cB8per0TSrcw70EjOs2PB2X\/KlkRtnF3cJ9mBrlLk7KkAdUnU+mv18q7Ur\/HRCeSKZ1IDGV+ySb3Pkkbb41pvETv2t9LoyQAD6Lzg0sSPQ7JLV2KhP1jHyct5463eYlSDK4lKsa29bix2j9nRvZdlPAs7HziAX+7Yre3QLRHAPqf\/Fg1bbLM5UQ4fWOBRZxhjJcdvgOJYkAXggHGTSKUtw58FK258BEuvGOXPaZLUbUPnco5cBPBIPnVm18eagNa8I5hoD3V4qJwr9MuaRW9lHG4afIywkdpNhJvwCaU0fJZ7zWnop85QgRGJTV5214WTZL+EUJZ8twDwaNzSY1ggAfatI1G32TefYqPxD0muHegRu5a+vh6GU9Nr4OZ\/spphiT2QHSVclDaYx2okizMN5ZYBs0bQln9i6XBm2Xldh+51uDHmQ4Zzp5v5YqyrRXhV0FfzvxrdzKY7KJJQgW29XcUFfrN5qG1mzTku37OdUh4OsIIhl78ZXl7b4B4gtfU2MlbyD0x5w27\/HBKRN75vA6sVD4434hZz0CVYEpHiS\/\/F+U03dYEtR9fBHiid5ECmvh8ygYyirip51ZPSMQ+xf+D7QciO3qwP0jr6a1lkCiOGvIgtxOPSkwBE14jvn4b4AgoxAwzxMoNWG+KiIzQcc5d77j3SVtd+zufZsoTaSVxvbWmtRH0a31c5XS8D\/F0m+6IrOG+sVg+DE76dDddFTb+w9dffyNc0Dy2WGhcNHMlytYl3hpyDxLT5XyRXvjxA0\/VLZiYU4eZ4ElyHnvoUsVc1zIaglmrF+UZkxVlMip6nMHZ9lAEsM5\/RJYf6oyNArAqc\/usJ\/9w+reh+ZP71fVKQMu8hkbAHifaXr7zINN8beOioIt1MpZKpcyaXZRCKvAOiunMN2HFg7gb4p\/O\/EYfkBy\/QNmvkqv63ADfvqVNbE3rlc1Spji+jLBIq3nPFuy\/5gX\/hKpM6V+1cWwiQk9pBOX4ZM5SBBKjwpGA59adqr0mV2fpXKtxohrt1P7YEzdHgk6wi5UR4cnhpR6ATzawptEewUpLpO9E5\/GgMkhT3mM2LdLlAJbflcld+TxymmmNvb3UpmjyGh3\/j4AG85zZBWQGL4jZJFWwd8JkedM8UyyY3+J7Hf7Llgt2XBjEica1HmobGyVnvxPpQPkJ3hFFYALzmeLaq88STNOaZPk6gzd8otilv70M1Uie7Wd78Y3H+OJSDOFEeZSWpO7cC\/0ENxs6hxSkpuU\/vHtior07jJ7OPSapjbYusV4q2O8nnSUJJ+wHjLAkldls5Mo1vwKpLEojKmMh"} -00524{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-data-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-events-serialized":451,"global_ts_msec":1621500710201} +00604{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":150,"packets-processed":149,"total-skipped-flows":0,"total-l4-data-len":201150,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":98,"total-detection-updates":3,"total-updates":0,"current-active-flows":2,"total-active-flows":98,"total-idle-flows":96,"total-compressions":97,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":451,"global_ts_msec":1621500710201} 00635{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02304{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":1,"flow_last_seen":1621500710201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621500710201,"pkt":"AAAAAAAAAAQAXWCjCABFAAVidHpAAH4RAzE0uxSvZsLPs9AMAbsFTi9Ky\/8AAB0ItCn86+Se4YgAAEU0MHhrfbtIJTtH3QVY6F3aeUtwMPN+HFDoLuLJNWWF83Oo91F\/IrU\/4VzzpTeT2Fs3WeheARS7a3eJ6+jBx50KgL2Mtap+DJiMUnv5+MiK\/lUO39U0cv8d7GpIK\/I60LKV\/5UKO3hYdAl9H3sKf\/17sYn0RqCxn3h27SFb14UfQMrK5fzHbBIcyCTwAI8EH1FUNiii2EHC6MKWOlasY1W7tTdhYLqIJe3Pnw\/eMMH4EH67C816p5GMiQfDThgfQ2wgQHnziUTQvAMRReqOG70usUWRBc0H+BQ8YvPfZECfgPywP5jcJ6yFiW20NNxDHB6aoJ4Cj+YV3HYe3hWH6RtYkzgshfY2d5Z5SXiixf9F396ika8t5YhgzUJqm3qaduYkkuoKsKEzuoXUVwFjy4mdMVXENEyNoKQ+m7hVG2MtxWAe5F0iilBt4B+B47gPKblladD3cYJ89FSWeT4JmrpSKq+sitEawWg8mHrgGTQq7NYbu7N+XGgNwfYKSGmo+wJ4PZoiqprX5abZOW0AcEO4GmP23kcsiaw6jBKGRiI62wQkX3CdcrDC94UAE4ETeCTM7KGTkc2NjqYwxvCRWtYhRE2jKZjoxjsBPN71ErHefn1F+hbfKNlDzSGX\/XS29PsKXDs3Zy7d5AvyJhbeMO5c9ZW9Z367PIIkmQCfsx7uUon\/NyNKlzzrFPmj4\/Q5MNYmYJUzIjfkdbkREP\/oi3qdVUZRk6Qq3mEyntdw2m0x+Fl9NnJmI7wPyTSTYM1zGxtoprNKLZoKHPJUdriJdNO1mtZLgz\/iMksWRPpo1KJv17xWq6zVr1T5Rb\/56VZDZZTzvvnDR3LfObrvTjxHZjpDe470INkM91Ng4x1MGEIzMvtmxatbi7QsiBiDO\/OqdD1JZRhadEr1SeF+j+x3pCgDJPrTxUQNeLKGpDOINsHcCNzi9E6t6xSea+mxi6UCuZeVqiu7Mq6oTDEdYhM0f2zJdDmUwxt9ntbOaqb\/70GFQw3Pu6A6FPriLWgxfjbt820gGfdllAq3bd17xNlN89\/sslY71CRXr\/AXS9zW9TVm9cE3ieGVRvpPlBXLxR3CcDRad5beYHB2p+59RVP4JEz3gq5xGAJk56U10gDcUMuTu9lOP0LVK6rTCu109YNLsvJwHDQHJg6cMb9ghMycYjRH9R8GiFVxeXk8FZUVTPEwK19hu5R3J4CDXQi+bSlYR8ZWUeNFXdURMnp1LQodsU7HXmk0DNjXTkB48gPiecCbmUF+uqaDsBFruhCgfz1ajvkEGLeVbKosgz80uhsQmk3MpvR16f+ZOAa9cii2ACYegZ1+a4KEx2NvHlXUrXa2GOsjIAygu7UkwCjyJDh\/KLNwjSadZAQTyM7O4lGORdsjV5FzQj3iyRFzjEjdAaMYFQh7u74sj71sIjcdgnajLAngwvieEOhjfkDL0tvg0+xr2ScehwvmJTYQZ0A4LvQTGmQ0QSop8E3Bdjoib9O4UduuWyY49M20Z07qfK9fbUe3P7MyS0IssG5j+o2HGVtB2rGDGegUxPzqBriraNuRetc+27PYobO7JO3W\/n8cUzNrheWIWi9IB4U+pmyDcJIP58jjktd5G89dt6sAMJR3A5kbmIbJ9iNmSo5NdNog3tnD5t5HDujKlpjs5YYJJjfEpJdk07sWx3cs35o4J40ZUcj6dz2f5kyw3ZDKB\/hzEHArYpTkaJY4Gfn8PS30KdL4TNAJjWtoOfQevIKVcxh5IQLx0UwAHLDP4qnlqslqSloufJGz2Uh8"} 00709{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":150,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621500710201,"flow_last_seen":1621500710201,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621500710201,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"102.194.207.179","src_port":53260,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Azure","breed":"Acceptable","category":"Cloud"},"quic": {}} @@ -479,19 +479,19 @@ 02311{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_packet_id":1,"flow_last_seen":1621501305362,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621501305362,"pkt":"AAAAAAAAAAQAtexhCABFAAViLHdAAH4R7mqfdbB8EM176sqQAbsFTpTBx\/8AAB0Ivw8tm2Ku7RQAAEU0Z52IbyPObDKu7BbGHFwXmr\/rz3QfyBRTJB3p2RnE9UysoDSL0A3iYi2pNKedwkl5mpvF\/Vk60tFlBZiFzkrxIN49ZjHA7MZQYh4BUIyAfPPuF03+ZMM0Su3qn9AiiUpsB+dNsu+962VPg19tLI\/VV6H3PHsG4PuMw4cn9i3LGYoZQn6aHv1YbAMYupJTDvNFcb2s6pFl8eB\/z0QA6+\/NcaLseMUOgNf8TfMmV5DJVFMWinQmIIE8GPttZVUixDh1PXr9\/XOfl5MsudOHGbS\/BoKDVUuxmXWMLXGEKU9H0vMlsYLhLUm0c3MDnKGeVSrkeYvPjroMfaat1Tiu2LmC1yjTT8Uvh3DZ3BJLLDzubsslmJNrUgLURH5a1TFkvH9Q96Xa\/CgdBXGH7ShdRTQlh7Spx9l0kHtYDDWtdmymj3cp0EdEjn\/au5ybI8UfXEQ40NFe\/bpqHpIm9OIaPawLRKnKVCmPwkTkJQmFtLRT8FIc+hxG8+42VlkD9SVwOketnoEDo67L6UjWGJq8Y0bKa6DKJrJHKlb1cBaN\/n0tnPhMblSJyBYOeYoXsn+gmj9b+VHHpisogUCwUgPQms6WZ1Tn+icYaQ+CSAy4kHR6jZ30M6ApyQmmHvzN14vvzh+CT59we\/MSd6bYyHCxqlNxNi9gnxXYBhI44N0AGk0Qqhje+CC0oYc8WWkUM1686AJps19dxQQb1m18EQJq7trGNUuhfyUdSuAwL\/l0h22i0uupo2DPl3o0+7Bt3qwlrzpKyCufm4ZmMAPpvK65nzp6cFH+pmlOQ7s2YRoxtUhnAtjgxag2R4\/nlewGsR9ygeGjxTA5LiirItmkj97AzgWwoIUP9ldEWuIUcvVhLe\/QB8zLa7AJgeB1R4vJAZowIkhS0+EMWrzuyLxX+IfaYE0iHLqkcbQA3BNqXFj4h621k+KIOiP4lvVResrE\/c+w\/Oj5tA1lx4837jiHi0YZT52YvwcFEmqMCZU8XqMRUIGXvjZqo9v4Gwo714AlFrATSjPNB0rwwMyUukaq\/3e3DvrcgQ9NGlBVWFxhz1tqnsLP7Kr\/srqsLf5Bw4wZJQF6sEZW4nlUnupPVa0tpr\/+wGxQCug6xHyGNDxwnWnyjCwM4oE2hnNUNVujvf72\/dvTfU08lPagglVjnYIuPVm74QZYTZRFryAhxJK17r+BPfOlYKd+vVYMtivnHXjiFQVByr8k1Rcm2cpPeLXL3f+bAsmGkc4EG6HjppgudyHK+UV5oHN+m4I6LZs94OtdQcI6RUnBhsNPqFTdenognWR3FDybsz6sXPvUHez6OFefzWFvFSrz6XT7otFR8cdYGpKRwwSfHP\/PrekwOkrlmZijlypd6KXVAl4pAFkRLTGqSWHEA1LRLEvTNukH3xy5z66DEUDlFW01SciuFipPqn91VwpPL0iC6UpfNOoxnK1nHPehbzvx3A9Po2F3NnKEzfedfgajLA5\/LmaIHRmUo6B\/KmNXMWBfwWwfMwOtQ+o42gw8mnZvG2Qqex771hctyXZMqH2SJLXmmk6AtETcwF8B6jbJ768elE90Bhjm6anLtIwTYQnbLc4EH5TtLu5+uZ3DUfoYbPMOgeH4lIEDjI0kYQ+7lnl1zdIWgKe+MmglR86en4u4M1jb\/5BPspqYSJQDFVzNKI+9EnvCEh1nm4ZLP5q4L5n4Y\/OfoQNHRw1mNsvzMmZ1LR0N0nXyXURG6oysqTj3iTmd8NZXAVgqVBMCFaGWht6XT+2k4r7buSS+jBPmF7S9tGqU"} 00703{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 00632{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501125036,"flow_last_seen":1621501125036,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621501305362,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"65.33.51.74","src_port":65360,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-data-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":4,"total-updates":0,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-events-serialized":482,"global_ts_msec":1621503088279} +00608{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":165,"packets-processed":164,"total-skipped-flows":0,"total-l4-data-len":221400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":104,"total-detection-updates":4,"total-updates":0,"current-active-flows":3,"total-active-flows":104,"total-idle-flows":101,"total-compressions":103,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":482,"global_ts_msec":1621503088279} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_packet_id":1,"flow_last_seen":1621503088279,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621503088279,"pkt":"AAAAAAAAAAEAU0VlCABFAAViNs5AAH4RIneokEAFmWIcTtNoAbsFTmuQxP8AAB0IeGU\/mdbeLGAANwAZh+l9xBKAiSKB2OhrwN\/hzDl51JMe7JNbapPLHMOjmgDUc0Kyw120FAqWdbLajL0G7x+rThpE\/ezHsYo1+wzly8xUgAolT2BsTpI2RHGJFl7PB6kKEbj1oJ2aRfN0feK0OGTrmVtkNP9R+\/rEuFjr\/5ftbiLlMiGuS3H3QpNIn1LP4hRzRdMhEMaL4tpWijpslIEyIWPJUu7rklLDODiHtimhfIO2wkBoYI2kQY+hFw906HJDazA9cw+osFQ\/bzvopugZzilDKv1JaRYx1e4+hqHH6L6B1UH9\/T9\/HnMV2EpDa0Av+iDS3F9RRywHXZAIhY03mMeM7GrJP2Zpz4QhJct7zfEW3x535nQ0edWGlDKJvLXrTJAeOpJnOxJ1r4baAFi3DRD+vKNPYnsuGfuIY65dgPclLbLGQ0fUutzS5iBfTHGDPLr8VDoE6brnwH\/5y9mzczXm\/kEf07xeWOu\/1opIMye\/Yn9rwK9T2MMElD6rrbD6Gahnp2r9RHhIeVU09JhM9hecDnkQZ6178V6oPYtSdjz2mTGsw+LPdfT9S16RCinAfrzSX3fRQtDiS\/0lA192fRii3J2KEljzmCRknudcAIFxTdxxb9A\/G2TbmLeHepNu2Vz0i6tcgUnXVFPrdPymqw79zhx7DrjVNwDXeclunhYwL1E7tG0V3PTUnBzD7E5OrcUKHgdfHTYLI3pYV9K56ZSwrEMPYw6PdTGd6BMaZRgmv1zwBM8F3abkA+q3Zf8DmaTM4yYqUGdqKt\/rsJPP5R8bBJC\/k1fqIhjEgyfV75RWWjvPOT8vpG\/Zf\/Lwho7iMvjqjS6+1DpZLIajkAZ0nPm\/rm87HLI0cdJpxuRH1pwBLDdf8pMJ1mfSHXv93VQKMlba5U2bhfGH1Mqk7jCyOgbhoG\/iErOEjUrAiw7X6OQncJiN9Mkd\/SEm\/\/RWlqvwMLkvGjPHLC5e7V2TGXlnOhRlZBU7qILrPVNtxU7dCPtBdbxIDti1\/YRndJCIPzLPa9h2mTEfoIgDEaAE\/7UawhYqjGFuPu7cykm8DYwvbzLfyH7bht4ex13mlrd\/FiPYOE28osrwhi1PWiAzhV1qXqi4+RWmb\/5CisAguq7jYLc0h5FGHrR92KCTjSdBEZ\/DAyNwtWa8nS6w7j5Hbinu4C0ABTwJE2l7GH4ZQ9omOr49dyeQCQatUwx0VqYJSDhoVCe0TCuJntWa02NbIeePgGo8pWxM6tgM2H8YNfSNUF9avzsSRS2VyMPLnBXpk9KiQb0mc7BEeTRigvV1S+9XKWzbnd+uq94u6ElOSGdKojQAok0wFU1sgFBAgT2mV3C3\/ZQ6n6G68vFnfmO5+ZuiNec\/P1VvDC8vVIjLmaMCjrgt9+jDuswwkMDFQIciL3t4FUlUJM2MVHvkdLHSo3q+qgTRtHtpBlxLgaLGkfaorEJRtfDW1GQLecYh1sTrhehn3QcG0nR2Ih8nO3MktWlFwRqGrK\/t0Qsdsusr3bQ36R8F1tTznS8ZWGUFNDf+Lfwf1VRU+IBvCx3kULbMabelEKmImDqvXmP2zB2BjWHst539anbYbajQw\/ZgddvVcRhVSUqIpiPQ7wJ7kw9\/TtjeFcmJbCOn4TBNtXEAFcmESf+wEZSMAzbOoMV2uJojX02TEHH7lGyR4dilgOga\/fEzmhXhoDwn+0SuTYueRdcC6yi0FFtVe7SxyfJXa\/en0rOfO5K8UmxsGwQRxH4PjiJBdspE+yoKaJq6B76ZXjWQshEvVjgOi6H1dYlUSyL2zSCF"} 00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":165,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621501260783,"flow_last_seen":1621501262883,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"207.121.63.92","src_port":64134,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00637{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1621501261282,"flow_last_seen":1621501263382,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5400,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"52.187.20.175","dst_ip":"202.152.155.121","src_port":61484,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00638{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":104,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621501305362,"flow_last_seen":1621501305362,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621503088279,"l3_proto":"ip4","src_ip":"159.117.176.124","dst_ip":"16.205.123.234","src_port":51856,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-data-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-events-serialized":489,"global_ts_msec":1621507440293} +00608{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":166,"packets-processed":165,"total-skipped-flows":0,"total-l4-data-len":222750,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":105,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":105,"total-idle-flows":104,"total-compressions":104,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":489,"global_ts_msec":1621507440293} 00632{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02309{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_packet_id":1,"flow_last_seen":1621507440293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621507440293,"pkt":"AAAAAAAAAAEAU0VlCABFAAViN3ZAAH4RIc+okEAFmWIcTsysAbsFTp5qwP8AAB0IikGMkqg\/9wYANwBCbbDOkKE3I8tUrhP0019VoFQ42OGxkeSDSRfCVHVFzGS6OlWzWiT3fji2Q9e2uBbhaayYtc5E\/X007tKAEm9FuNGSPz7TI818Sttxs3ujdp1DhJh+NpZfeeSISitSIGvg2MzufhYYrAjbhnoT1XHoGCBc1rAFUoO7UMuAGYC8SYPLocVC73lmAf9DYHNSe5fUCJSAAH+oZTPgR2yZUUzLo6fywQUMulJGI+tO3nXiCpCmWVZ53dVEiIJeeIojZJHsLSZxfmkzXZWYlR6uPBugjMWutrpp3d5v3AuvY2G7Qyk4Lv7MAfdysMbwBNbNtmNdfZPJ3\/pEPVHOv\/559Dp4RvW50HvpUKtGVrDOqJeFYelmkJNmPICcqoerayf1TiCARBZAnCn0MwD3qiNb6ZcgubQ3lYbFhXEcXw4p1oo9c4om8zLGYKCC6gMxWMZoaZf19pIOW1N7yHt\/SSfp8qPr7X11LuJnuqgknnxWBGr+1wZiL2PTq482lAJ6gF5Z2f2tN3XLZipWQds6Bo6uWSETMHj4LlIoOeoO8q99yIrIxEzO\/f4j83sVtl5ErO58R6yY0ijEedgoeOZWD8SVQDMvzkmLAx1dLgYjNi3zBdewahsS63kzpEcxno1c5HXpfC65SPUfK1u9t7lKXuScst61LMT7gD4xRvgi6ny4pOwNfDlEoBJxFCoaEzFQba0SYnQmz1wlKHdeciad8aWCTIM+4CgIGyXfMd+X+XFoeu3ajcjzAF7n6JeYn14EGnQY8unzlXF4p3i93fMCw\/xlMi\/OJq\/ruw6eUXgNqb3nrxm0BR4ksvgfkB5sFTJQPZzM8zEmRDSqngasEorcI7WMz8C2mGoX59tOv7H86rOq9kc0rL9XtCb+NWplconR2ejygYELbikOOOslKugW2zA2OmoHHi2Na4MTk66Md2Uuf6WcAKyFaaQpjc\/tMudn3z3HXrJde9BcZI846R4IemkxY1\/Z3QY1XcsM91Esz8+Pxd74AMqufrPf4mE2zfMQfa4C4336cepitLI4wuJ1hBcTktGeDMWo3AxuFTPzMyx19tB4Pb+QiQvYM29oIx\/p58YHbJiRBR\/2VW0LXa2VmGF1yjBfbyTyaiW\/0aG3AMd+pDl8N8KLpVPA44wpekrJkebyMJOc8G8y2nyC0MA6L1m0olcRvwsPyg32HFyPdlugxC3gCUDIy+\/UdsTVejDWt8G3KF2zBl5z4vUQG7szc5MTIFEplmTziOxG9vpu8uPAGk3JSUOmEY\/36oGBDkAhxzxaUR5tfsiouiWurq0NGGO0Zerjexoy1X+rM8JONjVsJbya5hJGT1\/EyIrr8IuI\/DXHAAsxAOhU117x75sR1FYPo+cPS2OX2Aq2eYhfspxYNG0jwN\/TrKrZDda9AWe9Yds2HmJkKmWUnQVV7eJUFPO+7T5F\/7VpvLpDyDx3HI9ZxDJv4+lVDYmr4M7ancc8vSp1QLKUuXa\/RRdLhFE4WpkMwIllcvDn6w2IGiZvdFwwcz0o7+lWiab+FQFJvQj5W6kBnsxHpASo8358\/GjTTHB+z0Y8rY144soNEgilV0+eFQDnbygqPbwyW1XcdsOUsoU+5ncfr9q8EY2mvfVYGA2HoIRLv74rd9Hgq035d00HMutEK92GJr8ZYm+qplcEu7zCn9\/SDJP9SVZthGjepNQwhkU8gZjaxDt0kSAy5LpSeuV57eDXzlO\/myoK40cRqGjj6TY\/1mZZ4XZJntQPKWyMGIHJzxZKIYXKlVPoQnqi25JmgSDVSszE"} 00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":106,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621507440293,"flow_last_seen":1621507440293,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":52396,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 00633{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":105,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621503088279,"flow_last_seen":1621503088279,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621507440293,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"153.98.28.78","src_port":54120,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-data-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-events-serialized":494,"global_ts_msec":1621516392616} +00608{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":167,"packets-processed":166,"total-skipped-flows":0,"total-l4-data-len":224100,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":106,"total-detection-updates":4,"total-updates":0,"current-active-flows":1,"total-active-flows":106,"total-idle-flows":105,"total-compressions":105,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":494,"global_ts_msec":1621516392616} 00631{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_packet_id":1,"flow_last_seen":1621516392616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621516392616,"pkt":"AAAAAAAAAAEAS1QMCABFAAViOJBAAH4R+wiokEAFfgNdWcQwAbsFTuapxv8AAB0IERdUk7u04\/YAAEU0aOs+L2NbS8h3vY4IEyDvx9d+UduEUSP3UFQHQG3NjO459splk2VvFwj2AOb7c4buoNQkQrDX9vOCnfv2vAKh3jO4JsUMREjT5vNEDbeeIao\/p5PHGkGHQhyZBJDceMVmmdTd\/uhtDdk+j6PWnF9UbEFtNHo58b9XyfB2nWQ06pT3ZlYQ9WK7gVb0I12TtO\/1JgOp7SeP5Djnc84cBKVneYBg230rYLPChbpIzOYDBN2v71vSy3clCOV3NHQe9++jSFmz01AIsjPo0b7oAK8pqXiYvEW7DTC9VlrG7gxRC86BUuyPkAEhQ20RdVW5Yf10xFe6ayadGDnT237OAKo\/\/+O\/LFyNHbgVfKniSrMFRiGghfY1wLG1Jv\/b0caXf12hI0LoNCqVSPEG+EnSUUM92WSb0C9QePh4RT9rbvZi\/xbgMAiaBMtltwa7agMAD0SUEyPtFV3C+8gLuPxCYmnjIpV33zbnthqAcxQlIZ2vrKiyi+KhmHrNr9GObbxxrlP9ljjIiTHt\/t7pUOT1Y8FS6S3BV52+5yFbyKd0LCCvLS6o06nay2+nbWpq3MMEnIy2ErrDasXDV\/yTFWEtS+9f7sWO92IAVmXzrxbK093nsF5MajPhwq3Yj7enMlLFnsX3TwRJhVqvSkB7sppzgxggdf79L1raj9XW8XM8V4sShlzqKJNXWgV0Ic3AYwyNJp1wBL5vRbaDded8wpXErdg1Guex9BOOifEyh8ItX4yvCdMmUa\/SxdZy7sKrylT5MXV9b5DrpfLxY20Ij14Lk6JWUcZoiy3j7yw\/ubYUYzuIFwHCLS1lok6SgHEGlrR8xjkxHY6vGzVbWVDiYYq6XgJZVyWx9Zr21JeGPGR+US5r1E4SSQfwwOWaQavhUq2zrf51HYEGZm8p9Jic3+SIN7YCHgoI4i\/tTXM\/YmMyB3h7wKOaf5t8OBGmgTLUm+k7i6hbT9r3Y7OmK2kRsbBa0dHYNr5d8T\/VGuiypPl4TtR89RXwIfmo1y65zMEsqRFLzkK6P2g287jebk7ShyfkPP1oD8ZNBDlbBORa2duW2pLxkyuhyWajEEIi5IZPiaUkWm07VY\/3CTB8jOxZ5+izKU77hZEJk0XVWc4uEb\/QQAq9sUOziToveEoxQ8lVzljsMp2uan81z84MDcopGEBneePiZuuVSoKKmRlgQlyZ2l\/7Ctf2AtaE8R8Msu4a8A0Bz498uXG67md1GQF+0zH2XGFwQZi645tPEtwFrQVnFbTEKZ8BXx7Nap4taxxtpDt5spf5pj+Cxj9r7SClNizeuJvypZINANHTovJYhzPRhqHIpBWwpQfA3PntHJITXnxC4WmNYJAZCKBpSBcum+oGhD\/2Un0c0TlEt\/thcPjAZzpaUDcVhWpBWCVkKgQSFLnQ\/+DBcsrUFMD+140pVgLHMyZ9SjqlyJryDXQYG97OhxHyQHBDtRUXSWiUupn5VQi6HXycsWOMWUIstNHGKJXGdHz1DTnhQOAh42MqA2+rEX\/B24vMgaRhWIP3wZKncvN8OnaQB1uLmAogRZC7n6Oq2DPqNrKGHl266GYXia9wtsSy3dBXWQj5ABuS+XuL0dLpYt1yK3fxHMTM\/IAuOD+tETJOkfaID9ExjejoJQhKxG9A+2SEOwuBb0RuAAN64trhUk+RRj7+3dvdvvBaNmCF4ehH9m8kVXSuv99l731dIsTYFWF+01uzy3N0iDA4kBqgoPzkJX11gEEbpzeVX+FAdEn0TRFND5ubmH+ZdrnKSeLG87FfotS2"} 00697{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":167,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516392616,"flow_last_seen":1621516392616,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516392616,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"126.3.93.89","src_port":50224,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} @@ -522,13 +522,13 @@ 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":108,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1621516401935,"flow_last_seen":1621516402235,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2700,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"31.219.210.96","src_port":62719,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1621516405234,"flow_last_seen":1621516405464,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":4050,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"193.68.169.100","src_port":58351,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":111,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516418245,"flow_last_seen":1621516418245,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621516733869,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"53.101.228.200","src_port":60919,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00527{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-data-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-events-serialized":525,"global_ts_msec":1621521142479} +00608{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":179,"packets-processed":178,"total-skipped-flows":0,"total-l4-data-len":240300,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":112,"total-detection-updates":5,"total-updates":0,"current-active-flows":1,"total-active-flows":112,"total-idle-flows":111,"total-compressions":111,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":525,"global_ts_msec":1621521142479} 00633{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02308{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1621521142479,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1621521142479,"pkt":"AAAAAAAAAAEAS1QMCABFAAViSrhAAH4RDvqokEAFTOdoXOdGAbsFTt8wzP8AAB0IF8C5lRFZ4pEAAEU0ArfW5P1VplOmF6lJC6sD9FD5t7ksW3G6pIV+pxy8yJt6ChAKFxnQmbZIV9dRmn9\/GhICwwKjJ2FzV0KvCGLgZ6X+Mdfa6UbhiD5fnkjyzmiIAB9HARV9mwW0qWFR+1JZ0wBSXcVhsdD76Sf9pAJ1VTq0AAsSZXJGpY6+ga64ul50F4bjriucLzjYYNDw+HNSeQ06KntY3GZGimI9HLzbEr2ITrSYMZjOiiz48+8lDJD2UCwemzRbkRRjVcXHUb3Tc7AmoQBva7BoUSsAyx1+D5PZLPsFdXibn+bgqwT1LLMkHG9RRpo1Tt0gtl2pZ3bJxzRqJmP\/hGWMpoj6aUkAKucuXZomz1Q3f30mL0XyV\/0uY4\/XJg7V1OPue2C09RRuIDP1ooFtROu\/pDDI8HImrmKLKKL9dpKh9adfi5YYuPF4Is4HNqqqizalARCmdFSjpPpy98YfUSi2cVRDkchscThNdK38ko4V8Xy7wPkbIt0O9VavKfmHr39w5Ez1eaWFGZRrA0sn6GcPn8Dm2mBcIqBG5MQXN4W5fy1Y\/pT1svPFcC4q5\/EbD0QNn3Z9BNP8nBLiOsibf3MO3CFnOCJM1lkXUrVAGUZnjxGG+8QqLn4EDZelxu\/GTjx1L24MAsKjWwR\/o8CwEfewYTHjpSyuURWOKkKoimK1sbXS\/GUISZay6CW3ipWXDAWnzLjYcodUIMxsb6EXUcIWUdqRY3ypfHKYpkR2gJ8xECJ7AqLMiY6ZE2uxoDH2mplysDswerJmf0vlCYZjDi32D9NrSZoCZTUeWm4xfiTRs2WDrsd1DqSJwRmQac3\/k55LOe6c64B2i8EEyZy11iQXRTuxGAnfwPi7J2P7G5iOmklAoJzzL\/0e8gKlYQz1\/eyL8HHdtP9qbl5P1U5o8IfoTp\/dirgLtL\/sstyNOECz3S+ayZnviqEPhmw1cijJYWOrYO+8pc6zVY+d8ULBF\/1MP6ychzNJOS7uwIVz2UYuxjSek3ViUJolFI52vwDbTLtTK7tzBEeEdAEchicq0jw14m4HZ+e4tF+ukL7pInPzJ8wSVQteMvhcM05Lb5IMk0dp0n21Lhhxk4rfjW5o1Rx9yGagxsLW0M2mEMuP4yB02zIA7SbqYa7jGL8IZqDCmafSvYT3KeNsojBFm3l7E4ABP4OKSMnTDQnziym3spGoBu55cpHlCNnGIXsDXfxDbCuGO6UHeS1fMSqOZnhD\/oZDnP5dYfsIXucQnrcx7lxhddVt4WAUUkUstn0y6l\/ZI+n+V\/0pwNIHkKelqc8pvPNG+JI1PSwYT7AfrchIoFXExUQsiqKPMuonW36NpxM3LkCC\/aUwvKOHDe1CykT5CBTVTcvM6LiDoQeKOvHkAxU7lNkROINSK7LsZzcm53MqryrrO1UQHIMBmC2YTcM98zz7PGYSirT2iXt7W+8GhlTLOcB3tKQE+B8YL\/1\/AkWmWJZpkom5dDgbzqOZa+I8DdrHM7ji5OZONbEY9iRhxqtTq74iTkjQ5ERERvH0t6mntYj+OqsnNsbFzFwalVuNQrhXP+gbh5zien4KTygiyFYCjV+NChiZy8pxs1wT4ESZqkuqAehNcFqGsDoVgPoQOLhzIn\/DzItGeAiDrfHRixyOVU1EWsb7b30saK+ncY8sFqQNqA5lAl9gdLvQcfuDvdrDHmseBNqFM+55fa677QDOLLZ\/8MAydrSpxVKh5KZf++uVTUj630nVHiL+6S9majjl00xS38l2C9stuZ3K6Kgv+3rXBnYm4l74dpkK"} 00699{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {}} 00634{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621521142479,"flow_last_seen":1621521142479,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"76.231.104.92","src_port":59206,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00635{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1621516733869,"flow_last_seen":1621516733869,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1621521142479,"l3_proto":"ip4","src_ip":"168.144.64.5","dst_ip":"144.237.113.58","src_port":50423,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00529{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":179,"packets-processed":179,"total-skipped-flows":0,"total-l4-data-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-events-serialized":531,"global_ts_msec":1621521142479} +00610{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":179,"source":"quic_frags_ch_out_of_order_same_packet_craziness.pcapng","alias":"nDPId-test","packets-captured":179,"packets-processed":179,"total-skipped-flows":0,"total-l4-data-len":241650,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":113,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":113,"total-idle-flows":113,"total-compressions":112,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":531,"global_ts_msec":1621521142479} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 179/179 ~~ skipped flows.............: 0 @@ -537,8 +537,8 @@ ~~ total active/idle flows...: 113/113 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6310247 bytes -~~ total memory freed........: 6310247 bytes +~~ total memory allocated....: 6310271 bytes +~~ total memory freed........: 6310271 bytes ~~ total allocations/frees...: 103800/103800 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 506 chars diff --git a/test/results/quic_interop_V.pcapng.out b/test/results/quic_interop_V.pcapng.out index 7215329ab..92aed2212 100644 --- a/test/results/quic_interop_V.pcapng.out +++ b/test/results/quic_interop_V.pcapng.out @@ -1,5 +1,5 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_interop_V.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1603816434507} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1603816434507} 00637{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02156{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1603816434507,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1294,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1294,"pkt_l4_len":1240,"thread_ts_msec":1603816434507,"pkt":"pJGxgjQ5PKn0qB\/sht1gCq04BNgRQCABCwcKydWupNP+R2kegH0kAIkCAAAAAPA8kf\/+aaRUlL0BuwTYjlPGCgoKCgjBjvWe+MPFRAAARL4AnyCwAgoQjL1g+KDURvDYeEyLw\/xCRk6Dll3vQteHoVQFBQKAtW3\/PUJKxA75UMcNXhZUvkOXlYopsWey\/u66wX35Pj6pU3CXAqQ3fDp5zyCvr8Pm5AyoNAx0veCSUQeDBYfIgnerrrO2MEGoBqYPiiUt8xe5+r79P3P4ZzDRVupqGycbUWtQ6Wo6aZSD05slEqoyPBAaLp3YhydnPgb7vRWFjq0SdM0H\/zxBdY7aJ5VQRGeFUx984uZ\/K6yeMGPT3JYsoR6JIONmbNNldMQuEP+a7GBJ3iEWFJ1Nkel3g0iBwZRA7TTHinpesR5BAPJGKsJg\/VS2BeEVhnsQklM+ccg8cEJ\/WZ8KGZKu2b5eb3vaAvV55IOI0J2iO5UmLyQCl7SbwQC4xeRqoU1X\/r4ksMW+JxOVqFoTOp0p9K8G2C+kXU7PkGNUF6LWJgz0gBnPUfLEiLYep+IB3ydQMSXFv2q4ljMWpImZsfM1M1hyBHVdutiac3ctGpn70sK96\/GuFpnGs5SaPUZPVAd6cowQNyios9VD7LJHBycvPPV\/FVVqGKmtlmE1jhqYU8WM3TP2hIDFKj\/VkbTWINB6wKhdoTjaE++G5UWOW3DyJNvkrdNQDmb57TWpCvvDwZ0zyc9+kjM1P8gJU7fxklAOWt77tLOKjqKz2yyGTywbYI8fpyDxuwcOqHHM1p9Qo2bUMzUDDc5AgR5XXK8f98\/2k\/szEHoOj+xZ0LAk\/ktl3\/tNcCYf5NwDCkoJ2SA+A3liVp\/z86DQ\/o9ZPBbnT\/MRpriiusVj\/+7dyNzTUlosBxg\/ZTGIAFG9kkbqpmlXa9h8whQ+M5AjGTQXahgxhUg+T+XkcD3\/AwAskzg7QFF8QOQvTkgKR27pnPB9TcW0ov3zRKBSq2IRQasfzD4018QjLIoL6M1i7zKWOriPXhrbpQCBMed+qy0CCutCqcHfM5C6tdP5yjdd03xLltagPaoEJdMAzkTI4GTxawZxV\/nJEB2CpfHpXBAiLmSF3pSqQkOlK3gecF6Z5kJRZxdfHFiYQc+ZeBxM3ZsG9j3S6poeVhWhKtKijv579ezhO7g3QE97akiUNAtC\/9u96VNcgwwZo3pYzoh+bmR12ZZk\/flZDnZgzTtqeO5zikP6EaDg3xt4ZqzYpvmcwxx5bFkZ6tYCa\/WSn2OsS\/V89R9JkA+p04smS\/E7zSLxIHIjg7ziPRYLmF24dGHz34FZmheQHZ\/4gm1aFmIaG6\/7f5wmQDqHrB8QpqkJoLkDgUUHwTgyqeLrCOeAdu2eQCQJ4129kNDhXnJ7gWkCKO71EQxgH1wOzb5+V8dr\/jGNAAVFaptYOiLQes+Et0OXv\/4vGauirP+hYZEEAR3InBIIg\/L5KPxSdMCpSCm\/3UnE1zUNlTk7El74hPsNYUcmUS+usyw22jx+xLs4q3Kod9YDt4DrToci+qgaxSPs+xB3bX18DBMDyb8wNM5xFrlJXeWv7YCCDubwS+dnWseGEwnfJTp8dJgKhqy8jDuI7wNl1iTi5TWAuubz7G08V4L8udRmpqYJpILlauSw+hHEcI8MkM2s5oZz8Vly\/UrbvRIh+SQjHV9IgfXMkwlUO3sEi\/jyMwMDaEUvpg=="} 00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1603816434507,"flow_last_seen":1603816434507,"flow_idle_time":180000,"flow_min_l4_payload_len":1232,"flow_max_l4_payload_len":1232,"flow_tot_l4_payload_len":1232,"flow_avg_l4_payload_len":1232,"midstream":0,"thread_ts_msec":1603816434507,"l3_proto":"ip6","src_ip":"2001:b07:ac9:d5ae:a4d3:fe47:691e:807d","dst_ip":"2400:8902::f03c:91ff:fe69:a454","src_port":38077,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"nghttp2.org","version":"TLSv1.3","alpn":"hq-30,h3-30,hq-29,h3-29,hq-28,h3-28,hq-27,h3-27","ja3":"7d9e7f6dec1cb1dd8b79d72b1366b6cf","tls_supported_versions":"TLSv1.3"}} @@ -397,7 +397,7 @@ 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1603816434507,"flow_last_seen":1603816444490,"flow_idle_time":180000,"flow_min_l4_payload_len":1252,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":10016,"flow_avg_l4_payload_len":1252,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"71.202.41.169","src_port":37643,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00831{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":66,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1603816434765,"flow_last_seen":1603816435194,"flow_idle_time":180000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":2542,"flow_avg_l4_payload_len":635,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"140.227.52.92","src_port":57926,"dst_port":4434,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"QUIC","breed":"Acceptable","category":"Web"}} 00702{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1603816434648,"flow_last_seen":1603816434782,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":1252,"flow_tot_l4_payload_len":1287,"flow_avg_l4_payload_len":643,"midstream":0,"thread_ts_msec":1603816444721,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"18.189.84.245","src_port":34903,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"}} -00492{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","packets-captured":246,"packets-processed":246,"total-skipped-flows":0,"total-l4-data-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-events-serialized":400,"global_ts_msec":1603816444721} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":246,"source":"quic_interop_V.pcapng","alias":"nDPId-test","packets-captured":246,"packets-processed":246,"total-skipped-flows":0,"total-l4-data-len":231120,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":77,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":77,"total-idle-flows":77,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":400,"global_ts_msec":1603816444721} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 246/246 ~~ skipped flows.............: 0 @@ -406,8 +406,8 @@ ~~ total active/idle flows...: 77/77 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5096836 bytes -~~ total memory freed........: 5096836 bytes +~~ total memory allocated....: 5096860 bytes +~~ total memory freed........: 5096860 bytes ~~ total allocations/frees...: 102373/102373 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars diff --git a/test/results/quic_q39.pcap.out b/test/results/quic_q39.pcap.out index 94fe34337..9c6819a8f 100644 --- a/test/results/quic_q39.pcap.out +++ b/test/results/quic_q39.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q39.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1509098995610} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1509098995610} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1509098995610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1509098995610,"pkt":"AAAAPJ7rSEb7OSWDCABFAAVipylAAD8RBjiq2BDRFZ2345bcAbsFTtxhDeca1dd1bE1NUTAzOQFpm58AnJnQaHUqfgGgAQQAQ0hMTxsAAABQQUQA1AEAAFNOSQDhAQAAU1RLABcCAABWRVIAGwIAAENDUwArAgAATk9OQ0sCAABNU1BDTwIAAEFFQURTAgAAVUFJRIACAABTQ0lEkAIAAFRDSUSUAgAAUERNRJgCAABTTUhMnAIAAElDU0ygAgAAQ1RJTagCAABOT05QyAIAAFBVQlPoAgAATUlEU+wCAABTQ0xT8AIAAEtFWFP0AgAAWExDVPwCAABDU0NU\/AIAAENPUFT8AgAAQ0NSVBQDAABJUlRUGAMAAENGQ1ccAwAAU0ZDVyADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1zLnlvdXR1YmUuY29tHmY9ku1OY40wxAcfyyHFWACuKRu9GR6V2xdJs\/1DZWDRgILbvi6YPymdOys8LmRShvdEmFTSUTAzOQHogWCSkhrofu2AhqIVgpFZ8wXyMDAwMDAwMDBOGwyq+nKlq\/7gyjM9fK1HfmcRm2QAAABBRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0LzYzLjAuMzIyMy43EbUkNcc61MtqjsJrlOUgFgAAAABYNTA5AQAAAB4AAADyBfNZAAAAAJSFXrmNCzW2XCwCM6DbC32c2YfxELPjjStDUbaq7wmHTyY4LQBCW\/iNJqUlz2Wd46tERlhzvdEC41udof7lNxBkAAAAAQAAAEMyNTVDwyMTjfiB70PDIxON+IHvmpHtbxwAgQ5AC3uQqa5564NqFQAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1509098995610,"flow_last_seen":1509098995610,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1509098995610,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"s.youtube.com","user_agent":"com.google.android.youtube Cronet\/63.0.3223.7"}} 01979{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1509098995619,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1174,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1174,"pkt_l4_len":1140,"thread_ts_msec":1509098995619,"pkt":"AAAAPJ7rSEb7OSWDCABFAASIpypAAD8RBxGq2BDRFZ2345bcAbsEdFQcDeca1dd1bE1NUTAzOQJfXHZ4r4NHY5hNEdjLP+5ayCAfN4aRrJwcGbvr9Ig30\/shURCI87o6EE5x2r0qaxNPy9ijcArYvwm83T\/uUNOwvPrQL1kQ63P7NcdMjvNaDrlFf0DGfuOc7NBPTTXBkaePu98lEtAf3wsOApXg5IhtfmWdfKrgEpCXWFWsxttw6C4\/lCwJqkUGaOjHW5OhnY9r8qCDBdkX4XN\/4WmFW6nWq\/XYAKSy+w3zKPd0+LJKlxsYwrzgGV2rjQwmb93iv1FFvCzNy4lqNoUoMblenytDJV5TJvGYH4s+\/7AX7HDhbJj+lIeaRA3g7dV3H3kgoU\/SpbsdOzy0YVY6Bp9yZermraiyHURn7bAotygD2Vp7YwNcdNEG9BU3funEay5GDjyBK1j66ZDJgNXirLZjzse1+VcJnT0WzMubicwvU30jDw+McSt9Bti6\/gP9FAz9\/lD31IeL8vackSc4lx75mviO5HS6BA\/NqsjQ9B8m4Ji2diYR80xUpIbgdFQiU+oifhm6+LGlaffXf5zfdWBFidIfld\/b7JT3SCK0xn1oi2TKxI8Oroqc4ijms7JGelhl0fef2CpmP0WCIT2YgyU6YwvWa1W7lII+N1ZbTeUAByGqF1QhTf5cSKd79GJRi+dbNY7B3Wj4KJv9v8GAF7TKwPiEZdDEpbOPHL\/FjvVpM04y5hU8HR+06oyFgTK1\/6hdbKNXNH9cJjr2nmUmezntPWc2AFfXM+e\/7E1fv7zcT4Kq1YOLXr9\/RjJvDNQoj81czTWLgfREm6KUrj\/r6fSbFJFnhuScfBlR9k2Pc7b3lIEZb0KXGhxHCyB1J7D8gUoqDhJYFGV+VkGVNhJpozvYPJ8ykH\/Y41HD8nsSDL9iDj9URAxCKHefDlX7Pwz6OhBfkcIZAyY3zG\/w9rr4x0Pl7U6qcsdZ1MBpDJ9qjugA+Tt8C4JpvLxNAR0kx92LyFnt3BYr58WDPwTbktI01oxzKDO5QfY46azjmnqJ+Or2LI93bDxwCMYKsLGAmehhGKZad4Iy8CQig4MBQDG0NMhHKAI6+BaplljmUnDnEalyg57\/03tWWLR4CQIYoKQ9N\/\/fDmFtkFJjraB0A767qxG7Cy8Linc3qzCa86538v6kM371bSCg\/XlL+EWzVEgq8MNOp+Kf2xPBIqWXFiVMGJ1GcpQwm6iQItRpY+85J5+RUK5X+3OW5ex3EYIjJUr+g2x3sFkDiuAsaRHgrjj6WnNpOZnghw1uaYp+E3H8VPrRSwSKqch7lieJx+ojtBtD\/W9etVSxGJeGD7lz+4wIhuht4d\/jcmgefkRDKcrraaR9azCKs\/kbJ\/PpVxbRsVvTZyAXgG+ABf\/0Dt+UshFkLro\/tuKww4FrErwElInQ+88Azyk3w8tcu1AYrDqSPj2BvjSRVwl0PO7TtbVWqgcuYET3exljbs22Rr5eyEoiPXhNZMDC79zLn441b43FrUKvwSHTJR\/j33VYKbaP4oVCvb26Vw=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1509098995647,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1509098995647,"pkt":"AAAAPJ7rSEb7OSWDCABFAAA\/AABAADgRuYQVnbfjqtgQ0QG7ltwAKyQ\/COca1dd1bE1NATKbKH1UbNEn\/TIU5EABJEsBAQAAAAANBgA="} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1509098995610,"flow_last_seen":1509099044559,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":21651,"flow_avg_l4_payload_len":360,"midstream":0,"thread_ts_msec":1509099044559,"l3_proto":"ip4","src_ip":"170.216.16.209","dst_ip":"21.157.183.227","src_port":38620,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1509099044559} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"quic_q39.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":60,"total-skipped-flows":0,"total-l4-data-len":21651,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1509099044559} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 60/60 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681584 bytes -~~ total memory freed........: 4681584 bytes +~~ total memory allocated....: 4681608 bytes +~~ total memory freed........: 4681608 bytes ~~ total allocations/frees...: 101204/101204 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/quic_q43.pcap.out b/test/results/quic_q43.pcap.out index 414afb4d8..7a07a5feb 100644 --- a/test/results/quic_q43.pcap.out +++ b/test/results/quic_q43.pcap.out @@ -1,11 +1,11 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q43.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1592388060203} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388060203} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02242{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388060203,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1592388060203,"pkt":"AAAAAAAAAA0A1ZJ\/CABFAAVitYFAAD8RFzMzeBTKSHfZHcBZAbsFTg3gDeg8d72PiRX5UTA0MwHUpsx5z1djkhIB1MqgAQQAQ0hMTxgAAABQQUQAKAIAAFNOSQA2AgAAU1RLAGwCAABWRVIAcAIAAENDUwCAAgAATk9OQ6ACAABBRUFEpAIAAFNDSUS0AgAAVENJRLgCAABQRE1EvAIAAFNNSEzAAgAASUNTTMQCAABOT05Q5AIAAFBVQlMEAwAATUlEUwgDAABTQ0xTDAMAAEtFWFMQAwAAWExDVBgDAABDU0NUGAMAAENPUFQcAwAAQ0NSVCwDAABJUlRUMAMAAENGQ1c0AwAAU0ZDVzgDAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1kbnMuZ29vZ2xlLmNvbR8ykEILcj\/tFGrck4XfPyIJIy1Wp2EOyj96Sbv5OxbQ7GtzdqXVHstRevTu5j9sOKKoV3MEbVEwNDMB6IFgkpIa6H7tgIaiFYKRXuiYTDAwMDAwMDAwL8w4xnPBiaheNE18yX+i9poR99hBRVNHfnKffIxl9aDtAhVkrBteYAAAAABYNTA5AQAAAB4AAADs\/0Yi1mMvJ+MeFLVM06sFxTPtG7icgHbJd6FPguzZ5DspSAr1qmJOAogGqdfyO9QJ05Fvsk1n4Zg7QCWE0DkiZAAAAAEAAABDMjU1W+x30vZEmVNOU1RQW+x30vZEmVNgMsuSoEFN3\/mAAgAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00706{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388060203,"flow_last_seen":1592388060203,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388060203,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"},"quic": {"client_requested_server_name":"dns.google.com"}} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388060251,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1592388060251,"pkt":"AAAAAAAAAAoAtmi7CABFAAA6AABAADsR1dxId9kdM3gUygG7wFkAJsU\/COg8d72PiRX5AdVtByTcf3A7ZqGOSkABJDYBAAYA"} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1592388060203,"flow_last_seen":1592388060251,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1380,"flow_avg_l4_payload_len":690,"midstream":0,"thread_ts_msec":1592388060251,"l3_proto":"ip4","src_ip":"51.120.20.202","dst_ip":"72.119.217.29","src_port":49241,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.DoH_DoT","breed":"Fun","category":"Network"}} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":1592388060251} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"quic_q43.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":1380,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1592388060251} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,8 +14,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679856 bytes -~~ total memory freed........: 4679856 bytes +~~ total memory allocated....: 4679880 bytes +~~ total memory freed........: 4679880 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/quic_q46.pcap.out b/test/results/quic_q46.pcap.out index bd8346da5..89f535be8 100644 --- a/test/results/quic_q46.pcap.out +++ b/test/results/quic_q46.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1559632338055} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1559632338055} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02247{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559632338055,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1559632338055,"pkt":"AAAAAAAAAAAA4JDHCABFAAVic3hAAD8RmymsHSrsmRS3y5WUAbsFTk\/Qw1EwNDZQ6s\/m5wbfJy0AAAAEYNpYkp9oOdCGDvxYpAEEAAQAQ0hMTxoAAABQQUQAtgEAAFNOSQDFAQAAU1RLAP0BAABTTk8AMQIAAFZFUgA1AgAAQ0NTAEUCAABOT05DZQIAAEFFQURpAgAAVUFJRJQCAABTQ0lEpAIAAFRDSUSoAgAAUERNRKwCAABTTUhMsAIAAElDU0y0AgAATk9OUNQCAABQVUJT9AIAAE1JRFP4AgAAU0NMU\/wCAABLRVhTAAMAAFhMQ1QIAwAAQ1NDVAgDAABDT1BUDAMAAENDUlQcAwAASVJUVCADAABDRkNXJAMAAFNGQ1coAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tcGxheS5nb29nbGUuY29tTF5QaJRKaTNoSpJ2byVw\/n2jR\/SXiDAUaxRXCyDlaH13oYGRvmmLh5UfnwV+qkP8rBLql6P0cVhpCGDXJyou7qdg+dnByWJAkTSY+CUh8yfYOYMRdIFYIeO6ZKEQGzvhOWxsGdkkbQk0joNdUTA0NgHogWCSkhrofu2AhqIVgpFc9hnRMDAwMDAwMDAg1WpdFEihkws6cxoJh1cnEudv5EFFU0dDaHJvbWUvNzQuMC4zNzI5LjE1NyBBbmRyb2lkIDguMC4wOyBCTkQtTDIxqZ2LiTEPPlI5bOtRl2sWwwAAAABYNTA5AQAAAB4AAAA+5+ExAY9KZ43WAi5gboQGad\/XZY9NgsCyvAvlen24imYZuixux5QJ4+eD6hkpSGJfDn9+XBFyJ61rFG0t2MkrZAAAAAEAAABDMjU1M\/in8FpHdkpOU1RQM\/in8FpHdkpn+K3FgBXj\/3u4AAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00770{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559632338055,"flow_last_seen":1559632338055,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1559632338055,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"play.google.com","user_agent":"Chrome\/74.0.3729.157 Android 8.0.0; BND-L21"}} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559632338083,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1559632338083,"pkt":"AAAAAAAAAAAA4JDHCABFAABAAABAADQRHsSZFLfLrB0q7AG7lZQALNrDw1EwNDYF6s\/m5wbfJy0AAAAFbGsm7eq1vsQbMX0cQAQkIAMA"} 02257{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559632338308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1559632338308,"pkt":"AAAAAAAAAAAA4JDHCABFgAViAABAADURGCKZFLfLrB0q7AG7lZQFTiJnQAtQvT4L41LYkTDHbWnvY3Q7xNlk7lPAOJoU7qSEDNxr\/eXA5HdvGouKSa5JA+EfJXVcrF5I8JeTQOik+2bWgM1nMhrT0SQGJgoDC3vmiFQsGJJjkMZScnfQIf1wQxM8bMy1rX9IG5gNouAF2UDgTxNWxp8Z+kpanynzPm9Aewt1Q8YQSGSHVmFR2wS\/qJorTHWD8seoBDxiXr\/Jrzhp+T4G7aWy+PK4peW1lunM5ZwayH+2G6AF72mr+9NShIq31T+R\/i7G00e0d8lC08arFgrP7xbHltzNsevJw7TO7heoxYjLOdwd79cQPJBHGN6cAkZED6B76kDGTUdX1AYSpun6LhwRHlxgVuFQtfE7y\/DnLBUYzAcWntPYNYvGghUNITCLh8lnobrCJOOpgpG31oH5+kuwGIUSXbKA+01pRlfgd5gXolZKhK3pWOerj\/frjDS+2g8vClgYRT1+lV7rb2y\/Iik5yjyOhRlKWs5VLZ7VCWYVKqICcZsTvon\/NMVVMYb6HJJ32Yz2ORvo8ebpxTje4yqrxC+qapfY5RwYmEaDmI1L2w04UoqZ0dJ1NSSxDm6HXMu+ZshF6SujBNEG42mGdRf6IaSoNlxzMkSyrtk+YmufaVAWXNamgtbe+ZtSIpyI7W+63DDWITJezj4w9w00cUFEntoLNlOB+zElDxYScTOE3CpSs44g2fcVw+4rvMHfwuxPeTdHzp4MAsePKq+zngj\/90JBFE\/tDfTVYbaRpu5lmM3pDSvtX0fT5TvOH843VTAPlB2fm8MHtEMU7PIrg8lvLI5kYBqaI59yOALOtxEFcXeKMhTylktz05RjIrZg6ifgDckMo48nJYsJtSpscdyoK9zfGzj4NaovMFvwwWNIopaYds\/P+xBZkC90KYsz06jFDLqNdcZXDkHaPFJXZAxXx9set1Fg3lj6r\/AobA8N7sLKydAgxC\/rtEWCBX5wbSuX8kpFOJgGKfLdk0JYmC7zbnJyfyy+C6ukhZHN0cU81AFqszDmIIshOZAY4iWz5aWIzL1ctZtibQ5iLAcoUfb250TuivT+FGWq8x3DLfXpYTdXUgbMkK8lTQJuOYtFhD4fHRbg8qZIkwDODXwLSUcnqUn+Q2uzh8PtHzNYdam5Obh2M8GgLW8ukG2P6sOp8CokFzXYzFsiExtyxRsQxvskOlQmLevtIDnsShgWKCRO7UN+uhRGaYGLmSq2\/5t1JyMiF0cem8I\/nOK0mRwXY7N+ECcoaRDXyTKJR\/4pe4u8s4tPdTtCzoa7o8ItJAgr6FkTuYLEo2hwMyPm4hV38utdskBYyUhI6Vz27vbgYAi5nzlUMaKyr3bk72PVb2h6cE+5pbWp8t27oXh4ceZgCJ1CqxGsEI5zHMEsBX6U\/74OCgAAVZMzKh0lFrwDdkIuV+i7biu6I3DoZxr1X50m6VKkaA+qvAjpG+BPOMuRH3\/5\/vE6iwiiUVaV8HIEZpVud+gx9Rzu573VwQ87CJfVs7RmgLI88d6qzIEQAYp5JQrr2lJf1+r4xl60u3ZAa+E+ox2R3gSbE67e9uWolVz8QS9Ep2IK7cfXKJOfNxu70MQcIVFRson71WUtcVpILsaqgb9rATvfzoNmtskVITRoIpqD+mi2ZJvPx6FmM5uP7YQiAppyWykt6puGjRFKGSfbt2gGFGLSdxE20Jo0zgDKZvUFlb4u07xu5j8JVjk7HreBYMQixh6ugURELWsT7GFnQi1VQvh64jRAmDcuARkYMw2228CWbF39WsM9a4SaEoLaEPaqo3lcdKo0+Sgn7WsqvH1w"} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1559632338055,"flow_last_seen":1559632338367,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":20401,"flow_avg_l4_payload_len":1020,"midstream":0,"thread_ts_msec":1559632338367,"l3_proto":"ip4","src_ip":"172.29.42.236","dst_ip":"153.20.183.203","src_port":38292,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1559632338367} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":20401,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1559632338367} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680422 bytes -~~ total memory freed........: 4680422 bytes +~~ total memory allocated....: 4680446 bytes +~~ total memory freed........: 4680446 bytes ~~ total allocations/frees...: 101164/101164 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/quic_q46_b.pcap.out b/test/results/quic_q46_b.pcap.out index fb853c807..32629f730 100644 --- a/test/results/quic_q46_b.pcap.out +++ b/test/results/quic_q46_b.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q46_b.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1561708873328} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1561708873328} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02313{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561708873328,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_msec":1561708873328,"pkt":"AAAAAAAAAAIAGNwmCABFAAViWnxAAD0R9xCsG0XYbueGI7HaAbsFTnXjw1EwNDZQ0aOrrPYcbNEAAAABZ49NM0tlJ\/QWOEX0oAEEAENITE8ZAAAAUEFEAOsBAABTTkkA\/QEAAFNUSwAzAgAAVkVSADcCAABDQ1MARwIAAE5PTkNnAgAAQUVBRGsCAABVQUlEmAIAAFNDSUSoAgAAVENJRKwCAABQRE1EsAIAAFNNSEy0AgAASUNTTLgCAABOT05Q2AIAAFBVQlP4AgAATUlEU\/wCAABTQ0xTAAMAAEtFWFMEAwAAWExDVAwDAABDU0NUDAMAAENPUFQUAwAAQ0NSVCQDAABJUlRUKAMAAENGQ1csAwAAU0ZDVzADAAAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXVwbG9hZC55b3V0dWJlLmNvbXgDMRgyNKjZnbeNIexiej4o7qx+V929kxA9dDLsNr49+J4e7Bxt\/tr6btXxr2ajG15fa3Ruq1EwNDYB6IFgkpIa6H7tgIaiFYKRXRXJTjAwMDAwMDAw6FYYVlvjBaujP6e+o70a5ZenNg5BRVNHY29tLmdvb2dsZS5hbmRyb2lkLnlvdXR1YmUgQ3JvbmV0Lzc2LjAuMzgwOS4w1Y68K3sgywV7JQccxBohdQAAAABYNTA5AQAAAB4AAACrpFnJA5r+YO5RcQGpd1l4yFvK+8akrX8Ivr05rqkgauMBpMQ6cwQFDJS6sLs7Du5\/2eIOY7vG9b+CMCy0OZxEZAAAAAEAAABDMjU1jtxYjsj\/DkhJRldhQUtEM47cWI7I\/w5IZ\/itxYAV4\/+8OAwAAADwAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561708873328,"flow_last_seen":1561708873328,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1561708873328,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"com.google.android.youtube Cronet\/76.0.3809.0"}} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1561708873357,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":126,"pkt_l4_len":44,"thread_ts_msec":1561708873357,"pkt":"AAAAAAAAAAIAGNwmCABFAABAAABAADgRW69u54YjrBtF2AG7sdoALCZ3w1EwNDYF0aOrrPYcbNEAAAABKUO4TMFStZdbdRt4QAEkVwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 02338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1561708873447,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1440,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1440,"pkt_l4_len":1358,"thread_ts_msec":1561708873447,"pkt":"AAAAAAAAAAIAGNwmCABFAAViAABAADgRVo1u54YjrBtF2AG7sdoFTr6M01EwNDYF0aOrrPYcbNEAAAAC\/8YjGS48qVhChWSun\/F\/0tw83QKJDLWjBYJA09IzRzwLQnCpg9NyEHpzaflUNehkOBavOBhu3YQm9xnHynBS8TFlxf6b7SbJ212GvxrQorob1FGVAX8oQ4qlKdNcH9KmGH8FQqiWXAUdP4wIv8bxJlPu0eWjvrQVEV4+WIaZItIH+aOUaSN9\/ilrA9RvBf\/Eg0uWYctKOmpFEGA9LEKr3HlpKp21MHHYkSpIqfP4A7ajmPfUk0qEmleXgrgJc3ZuVwkOUh+lp\/0eDnUOVGnw0Bef\/nRJzAy9BZYUOHKfKJigrc1SrncXcXGesF5G8MJfo5lQQeKDSwoFevbeXZPRaK1FV8AI13mn1U7+k+RqYwMfqTzjcryU\/s5BA04mts+Ch050+b0vPi6EOfeOA1CLxv\/tk6KsNDiigEk01rPLNm\/hEnaVJMANIzUHvUP4jg3PU04wvG3u8GEaxXwy79Kn6368OsQ8hdAqoLyQpQyhi1ABBqvxZWZGsUTcum\/BfVuIRpmo5YvcWIiYFY\/Q6OXLR9R2vVMjhnQvgbZY+rzI0fcZRdscepkhRGzz77vGIKYhgUxMxPqTprvkoXFsDJnTqnp4n2GwWBLIb0OyfRf\/7VRBKuLzhYfdO+kGKah6INzDv1vEkf39Q6kBHznQt9lH735l+OscDivp0nZu4MdQyN7vfOJNp9+jgtg8n2ANvCzvvW+7oAPTELH+3+cxxBeh66ejadW2+\/yfNqGNsYWunD\/XCKd4D2V+lhoYnV56+qwSLgUXXWB2mY\/jm0ycFhQ\/Q6nqSn\/I2aBJISRolyEFPYh65rNrttlVuSy4cI8laG8Su6VBG5Uuo4K9zFSe74fhMvn\/3xxSa9X04Mry4juPeEmANXZBAppqqM0xlJabIn2HLD847OZiYuNRgulowJTRYa0BeXeFFYwg5asYjFOcmIPelC6rywwM4C200+37pJCuqYhl7VRwKcsiCZz5pFD6vxpCnxBkjn70ZSRCzczW97N+mAXR4TjhOAdfEQuhrY7Y+WOOlG0I5lw5fpu2\/+2zMe3NZEICyLuE+yMXBwxKksv83s\/2DTmSfmADa1Lt+OXCdJZp8e\/fI5MOWyzXREHAWA0p1Xxf0JQBAFaDVmD71NXRa\/e3YP6nmQf+KzlbGl8euL1ZMv9cv4hs6puTZquoiq4UkwuYeq+A+wUrbkmifgCFGTsiIuVdxZoBfG7mmTcuzlAoj7eSy93FWGxAPnzH+xvdqwSDn+7M9vnHHpWIC+VzveE\/CCes4f3ceohr7y5Dn4lOtoe0vJsPwQpFPf9WtVwM8s2MSRZtgUxdYy5XHczX5uN1c9SlpRqooXhpp0yi4N2DxMNkDHytOhz\/qgou3wcDLhbNb1ToJSHgg+yYI1HFM5GCUBgIcEFdWUnHIoDy\/X\/\/efj02fBjznW3x\/I9rMer6Tvkfo0yrJwxvKS3Vqlk4oY2riLgvgmR0l5D63Voz6cwqCDFk4DSzDUTn584mcKd5zBHU9ozz0R3Cik1cL2iA9pnd7oEAwphcmb3YbMTagxytlPSkDBIcz0Kd4BlZBLPTo1k6ef5SlDhP6oHZInjU+ubb+1fUF0evxg8wgtXW0cZjOTqIqNyOZPsUhY\/78wYZIpgpZZEa60kxvwRBUQ6WZuEEAWO4u8bU4NqJQII0XYAAfp5H0\/BDB\/p+vVgnc1k2DvUWm66+G5dwcauNbi4ru1irvoLehKJx5aMF+fJOZNqPIwy+\/4iFLOkcGGA36sQMRqTOLRYNzYbHYC8YZ\/SOqMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1561708873328,"flow_last_seen":1561708876422,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":5220,"flow_avg_l4_payload_len":261,"midstream":0,"thread_ts_msec":1561708876422,"l3_proto":"ip4","src_ip":"172.27.69.216","dst_ip":"110.231.134.35","src_port":45530,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1561708876422} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q46_b.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":5220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1561708876422} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680424 bytes -~~ total memory freed........: 4680424 bytes +~~ total memory allocated....: 4680448 bytes +~~ total memory freed........: 4680448 bytes ~~ total allocations/frees...: 101164/101164 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/quic_q50.pcap.out b/test/results/quic_q50.pcap.out index 84d682157..a6f86fa6b 100644 --- a/test/results/quic_q50.pcap.out +++ b/test/results/quic_q50.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_q50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1592388088469} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1592388088469} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02261{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1592388088469,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1592388088469,"pkt":"AAAAAAAAAAUAeJuECABFAAVi6fZAAD8RV+v4kIGTuJfB7ZkjAbsFTkJ3y1EwNTAI30oInk7\/XnoAAEU0Sh+G6jJaQ+WVeKqfVhwekyVcdAg3VVt4yXAoIvukSElad3ZdF7cP3aK8QwnOEdppZZL4NlS1J14QMkJkSKLH7KTs\/J1g5Qy7Td2oJivMgU4heBjsrEKX+Kl+zumCGj7r3rx\/PiGGoerDCuUYVs8\/3DPxrp05vPpL4oM6Ym20RL14LkdkclpZEotPzAVfKrp+bORIrEsOakCOFcnmRLxpaPe+skuFxQ7e+No86i++ZXUpHINRIOrrAKO6MnqhHg136TH30JRy5V1vvrx9mRvozkvzR4RrmmOWFYy9MHcYvR9ozsenVMRZ7mYRkPWmCIPXpnhEE4otBm+PYFJSnVZnoQYn2HvDgKZX+IG0tDtVasnvuIWtUyehZMOA3Auz2JN+nSjxfDEV9Q5eGeh8ZL7tXInICXQpmTBohUGs0nyUi\/EfxDhlCRPETyBYxPytgznwCOTRnGV6yUDNYNW6V2twpvbbFw15F57Y24i98N43glYYJUVqHmVwrosseQvdWLtOLEXpAKvwYCJ3nJpSVOyBYXd8okAO08VeVbydpen0iUOESN83ACwm402annjMIqbJEkKbZr1E\/bWLUE9ayryc3t4SI0rfAV3P7Bzoh+ePS0lFG2mEbR3Stl4jejVA5bbBNdQAl2XVCvlfkMcgN6wNzkaUtoY\/V5wJqcqWfzxU\/7CxIyuqjs2t5GkAirbR6GD1vSMG8A49cBdJIe0YUwOEL94vJZZ6kgFxLSzbkqIb\/JGeunCp3ImPtw51lpSKmOzgu+aiRAw0072bcZedmowvyNmMZ6ZwF9G2\/T1BzTiaxUQiuwph0MpDNq0KE8ZLx7252+rHJYkpatjHePpFvOb3XaUfP7KqMGQXysXzDurgMN+iUJmRB27gfV7BceLcaKv4JsOEla7D\/ujhuQ0U6YFyo2O4mZUs06yMlW36Jh9WkejggHA6SE58C6aM0tZVAq4PzUVmlUFs52p22qgRq5vex74TEu58hdkCQjr1pQ94XFmXqgk+AVK0nXtqdM4JYhPeaV0edHucrnphtrDalQIUwHX7zoFqP\/AzYEoeCztqDi\/kawodxc4PmEb6NM25k\/CXUeCX4uUwv5+p46bN3O1M+xvlb2rRRFG9UZ157Oh+jebOu+0rTdiK67yyDJDMe2VTvGsXi+\/G2gN2zIWwGydc\/InHPRNNQKfHhC2jggd6wv4d71pPOaI+XNe1l7JNMzHwfbkZBDlCbcSj+rryXRGPQIhCscDZiFFGrGBnyyH57ea6sGM\/d37gVVa+ukJTnovNq\/9LafSrWBaF2RrNYGE+TcplNYI0Sq5eb9DrfHpoz4HPjO4w6uwZIeHQjlw00+daMYbUpNYvzBru4JYoG4+FnfLnaJ2RX6rVgfBQIqnPe+8ho+oVfDUJnsA6e5JTlC5uDUaaRcrC0+Ji\/wYvhpr9KixWcINr\/Q6IJf8RuaNMWGUoYQRmSfJSGr9d2O1TlO6mLpi0PyY9rao+oramJEZVMS9CvaFzYMM4ekODEtI9lvm8GVMwUuwhbqucZBCNIlAueuvDA9mFax9H3Da0FnXF80HbkF0G0pCqtWSLbDFAFtV9SICp3zwHTJ2IckUyzfK6paD68rLKFhUUBI7WeX4+s0d4Jr10hLHheThooXnr5xOHtBeSEaQFC9zlGwwIuoXzDqApq3BbVKodu6HoOITstmadm3\/MIc7\/KuaqI9NjMgaFSVmEVWOH4WbQci9HsoHbnpJWe8KeP3p1LSqGOSM6yXozbpkk0hMRvAJ\/Gnzq8KxN6H6U"} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1592388088469,"flow_last_seen":1592388088469,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1592388088469,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.googletagmanager.com","user_agent":"Chrome\/83.0.4103.101 Android 8.0.0; LDN-L21"}} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1592388088511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":84,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":84,"pkt_l4_len":50,"thread_ts_msec":1592388088511,"pkt":"AAAAAAAAABAAH2tiCABFAABGAABAADgRTf64l8Ht+JCBkwG7mSMAMgZJwVEwNTAACN9KCJ5O\/156AEAYUqG2lTe2LeIe+Cm8S2sDMjR\/1C7uy5\/p"} 02265{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1592388088591,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1592388088591,"pkt":"AAAAAAAAABAAH2tiCABFAAViAABAADgRSOK4l8Ht+JCBkwG7mSMFTuaIwlEwNTAACN9KCJ5O\/156AEU0EsFIWbfyiDTriLZoVpXe8mBihbaaK+GuQgLUM2k18a9drw\/KbHYn2D+KnhueaQuI4b5RnobWiDslIfKd8Mirh6o2aIs9a9qw7cUa8PBv7bzqEIAEQzk13O3\/Bmcqazsp\/+kXQrRut7wvxnShl1xW4sNpOBXqxvlB\/nqN8wg\/PWpL9O\/FPVIgCehFv30qEPc3PeeKKCKLfVTqnxPixlqgAYeET9TKamxZDJ72\/UQ6NmlBJ28\/YXsjTDsXud+7gYqA\/RkmlBMjxYZbTaJJhQMqHb0o8hdYWan65TAd6PfEjGBDGWn2GDNSSzDYoVEizxOqWERff9oCjTo1xFO9yhHRjaWZgSFmltr5w5\/Hr6eKjmrddpc4Z+wxKpPufinLcs1Intywm6Clf6ukiL4ZIaBU1Zh4teRYOLqycNHKR892rQ3DuuxVXnpFwyl0zeIkME4yZSYiRCwgQLAMZ5FSfPbweT6hIb84RvwHrX1jO2SDi8RMi1Aevd6oV+JrNOluFTTAKRyLOen4BBBYTSn14h5EAGO0Yjv6iLbKRjvUAlFcrcWVM6\/JgP5X8XCg0n0XzSdc4uh5LhvkR\/h7IvFVZq89RpXeIhO2gstbOOib2aW\/JqKDzWo1j1Ph5gagHkB6L9a5Hjd8OSrqenRM\/Y9mJweUVKkHNmEigtNsMArIaCyxyspF5no9KUYo2Kbty26OhRt50wzulToOyP4NcHmZfEkQflkdukX3pqNAt7MXd3wyob825\/JiVxf+3hjyosU4MNO3H0eUpL9ozj7HdUKWylpVr+NEYpL6oqxrmoewXJqd9\/7HqfpRoNonB9ea0mdvP5YegQRlI+fyAKUMnIwTWXpzfIN2RNvsJqvBECokakuvOOGofWVmnplR5MVVywVaMLE82YUsCGwIntd0a+EJxQgL7mKQ6dtgeQsn1wbHWS02ZvPuWP8OYrCE67jL2v1bL6\/2h+1XCxsQAztrS+QayoAW0KvlpCNW9ac0DTJNHWRO2pghx+tJZNveH28v6DEDiBrmIsxaWJtQIYwcHaS\/T1k9TL2LCukku0Taxl6+Feh7bikCsuVDfdGwZ2pRT01H4nEVENqSGeosdtxGfJ5JRhSV8U5ag1spdFlq0h3UcT8UYP6G3yr+GnTpv73QkQAN+x4OlLFujbI1BhryJRxg9c7xx4qXcEgWlOzLD1VUeIdTUw\/9wkqyS1DOLPWvJnyAWGAWLaLCSlJLekJUN7pBX8rjCfjU7xo6oWXvXMJVSzQZFernDGNc1++8ggV6oievhZKX7xQRNWnCNZClyhkVOAkRHz4B3Pu3La7QFMMFFm3BSS2brzbRyt2jJlkAxNS9aG4l00\/e6zrsSU1aVXhBuBimpONptOjBqK0HbHQLakoucHQiK+bYxbUBefBnGFTfqhmwHZxdyKtPzhH3xEm3CA5vgkPLpEOwlHEjoUbCvszlSBn0Wji8fHC4RVgQwIFqC5GXdKL2QfiRV\/OvVRBkGEKL67PAQH2qyWcGdC4moBOq1ncmuB4DIPvYwpdxlKDGChU2pNuD6lgg74F4ueOWbMcxGtj9TFP7rZPwDq2LKcVUPI30oOBmdOZPG\/tCzNe3afxNrp9eBk\/djyjs8g0B3CLoc0Rdn7ZnCf84F4GyVSI33v4zkOEKnbfwYmbCwm+M0HtlcdG9KI8P8CfdRpGL7i2rguXb1EIkg\/EYpYXxNoWqt46R76SStqYAB32M+Hm2ZBhlK23TOEoqV6bZc6sFLkDbytR7T7rgeeKXoBeF+Tvf8o\/ifp\/T"} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1592388088469,"flow_last_seen":1592388088935,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":19594,"flow_avg_l4_payload_len":979,"midstream":0,"thread_ts_msec":1592388088935,"l3_proto":"ip4","src_ip":"248.144.129.147","dst_ip":"184.151.193.237","src_port":39203,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1592388088935} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"quic_q50.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":19594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1592388088935} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685928 bytes -~~ total memory freed........: 4685928 bytes +~~ total memory allocated....: 4685952 bytes +~~ total memory freed........: 4685952 bytes ~~ total allocations/frees...: 101174/101174 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/quic_t50.pcap.out b/test/results/quic_t50.pcap.out index 177f4b7d2..33e192302 100644 --- a/test/results/quic_t50.pcap.out +++ b/test/results/quic_t50.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t50.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1598618820564} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1598618820564} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598618820564,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598618820564,"pkt":"AAAAAAAAAAQAMt+PCABFAAViUWNAAH8RmQMomn\/IpvC80cKsAbsFTtXAxVQwNTAIVV8y018p2GMAAEU0sFS4EDNRQxtqte6TPI+YvWd+9vuUhbcTQ2HBn9gQQ44SheCG4iJpKGLD8uMQU9W2hflEcgLE5fOUXsKA3b4MY34rhhWyrjNYzozZ6RzNmC3+PSlNh1B9BkCmgwrPckh0gBVa\/FiA4QpDKG9FfMxAAMJa6frV7fG1bb\/7HJhI3yISKMBJBm82DF0OyCTOye8nQRPUiVu4WsjVf6TJP0\/YCQn\/ynhi7Ht\/RBa3IPlCUHvLu303v9QUCibeTQUAguISRnIMNJe1C11ibh+BPlrVWXB5I4w7PGgaDw6mvx7JTybAMrs\/zdPmdFbLzWLaLw6FF+1T6Nf5pXJ9+kE9uEXZ6FzdZDD3MbdQ7S7fF3Xsf3z9uQukVNaW\/VEZbNqdIcOzSZA1HMEos1dDC\/4ViVIfMlO84vWzhZLxq5UvTT6qapu5oFarxgYku3nnVTzVM6SRRUR15vAoGmL3hQ542vEoyxzgRnslUtNtYNF9zlTPnOomXF1\/xSoJJI3VGlXy1gOwEOp28n6wdjsWOzKyE8z1XmBGehbXOUESC8A5oRtpkqOzQJ3g5+dnZdSYCvXi2BLHGA+OVhHokC0D92CqxGKl340PEFDaTPqzeKg+DdhCKEuu94iUqJwa\/EQr0++J\/bZoJuya3A6PiiCAsAWEfWiGB4RZfM+JuqUNIdd0StL9dWeEo7kVq9MAq9yKOBhBD0Nw0u3O6ttMqxfEm25kPEexKv+eLXlFhK9pi814az\/wL0\/CoLWlaMBTnRRk8oxhNZZKjX5cREBszdn5VN++4tz2T7E2jOZOFaOODo\/Wvb7BjuenE7CpgjdjsnLE4Tn\/b4Q53nG\/TvK7\/82EKBXRq\/c5PKnM+b1ENV06F0Dt6cGZ80l0g1EXbz82dUS02CP8vLgamNhFvRmwk0Fytrw6YCdOz2pD+8LecT3ig9EfNeixeZRd4tX0VxcyI5WVzzONGrmWIw1RUeauVQKVXpwzPZA8CukmFuSLsJh+\/5N5AhFjT6YZ08Cfg8mb95WTaUR4Gcz21+e\/jxcv3N2Ucmp36VwT1\/tIEgMyHmC7IWqDmGHm0zoua0BH1NJEIxpCFxOkgrdVfA\/bFJKqQIiWn39D6QQCV9IfFHR0w3Ji8IRmUv2cmzofCCCDXIb7a1RfNYDUaRs4NsKQeKcoYbyoDk1GAb6it6FoAhucYrDmI18nx\/aim5gBIWa2dZw8lcSNFxgWB30MqUt4DZOv8SxNPiLUt+4S7VsKdmL3e9VzPcuMiIPdcykCdDjJcCNMkqrWApVw+k3MVLOUeIU51nBJ5vetMjeccL3kies1jAjqR3odF77JuN1k7xA13AyJHglJBfA9SrQAab1XP78SnPFaTVPIBb4lI+7BBbWiXiUIWbr7QDQ2M+jaZ9aeFPMMv4QQg7YuadL5n0vNmHJxgYLgQVYZUg3g+jMQJiu4KLUJuhihq+lqjYmXeKGtNpGoS9t+klWnsjGnRn75HVlDegNERH7rMuzV5M2eSrUWRcByRHbj5kRkoY6s9x4THwi9YKFtPRSzpfXx6U8\/obpT4A56m9Dtlf0uhD38f9WkHLmiBpPtKg3V58sjjLsP3l91gyKwHDq9OPXkHBllrkj\/HjirESjdb1Tretiw6j18gO7a6gj9juTcUBG0eptAXXuJv2ZyrvtGzBo7DRc8B9KbYOIeUQf7UeOsamqbXhc1aNUt5qklsGe6OvEqu\/YEHpLYtQZ9LUddfbvcwZ\/RUIOT2ImtvT6yXQ32en9NmMy+OFHh52IUE4c2meqx38en"} 00901{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598618820564,"flow_last_seen":1598618820564,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598618820564,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"fonts.googleapis.com","user_agent":"Chrome\/85.0.4183.83 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T050","ja3":"a2fc589336b7c13b674c1bab24655ce7","tls_supported_versions":"TLSv1.3"}} 02274{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1598618820569,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598618820569,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTn46zVQwNTAACFVfMtNfKdhjAEU02pBfi6Ak9u575XrmlbdyG1ag5OIwl7285v3Nxnsw8Lwoy4F9DNlx3pltRvpYv7yRLUAj2EQdI1b8uEmcdP9Lk6QJsvFQO42M\/PbvgSv5aSBR7ADIvkagSIwjp53htGhz\/zYlUUs1e4BKFzWrzHxpBrn3tRk9tC4MHf9tUO5P3B2MeVI3O66nSXCHk1RyPj9cinn3ZjxKtRBXyqmW3s3M2KBsk8zV1XjY13hb0PYC7j36RkDDGj0hoPOlaMR3xRkchF5ijLsbftoS8ZgSl8iT+6IMAemfyOo2vM1AInYx5h0uJCKtYT1HD9yjV1obFkm9JNNq\/Q3d32M9ltbArc4UQulBjQL30PaOFeS6\/NH6OpYAFWIaQylZhMpolrLLQtDKkYaJQK7fW\/adRXsSKcvSfS7LMOOa1iFP74PK9pOe2d+Kge3D10pHw5xvRBL5wIChQyBfmTPUKrK4rHXy82eTRRhTBKuJrbMv9T7XFHN5+H3chAvLWlrpV658DsehpWG\/heFld+bt39EMFPxrvugSLVNfbLvCnkIUyoImjdqvVj6Rx4k6hbJcFfYuU3ax\/j1wXJ1Aar7aVQydz+BiB9Fxk+eH\/qMFSF3ir3mKdIaHP3IUZOdgUkuG2UC5wWlc3438o4bvtGZ3nwifkZhkqJ0KdMIpJExGa\/AQl+d8cNAdSXLXM+DYjJis3nf2FGSiavtkGQ5gse3JeXrzKJFFtk6jcssK9h2Puqhq4IBMocJAfXnRMW\/OZ1jK+viEJjEu86fhopk0fDPB9DnWqNLuhKZbRPvi0CVdVKcq0vHFC\/pj2+NAI0Ops+2nN5yMrR4A6l\/8BcNYUJAtdstA\/Mmp+wdC\/G0p788zz8X\/NLPDa5WBeMhDBZktdXbl9oAq8mg52ggTdaTmm2jXqGKfzHqW5MClayMT0zXTwUHpjyayemAociOoR3pCM\/XoR3ULfnBs5UXukbBcD\/hcJKZpQZl3FeAMsaWvdZIbB62LlhdQiQ9E00tTktJnwHVhmpIGEmHx79qHujB4QnvSRf7rGMoi+J2+2yEf+pyZjFhJ7Vn0wek\/6YlXTjpXTJrPxdQiAfgtbMdrh0tGyM1aWelixaAL3fMRVQAbarGMmZNeVHObrG\/XRHUKe9QBmB0f2ucnxL\/Q5nZRz7iz\/WLt+LDVk7cJtCKxbiwTn6eNjrz\/eeO\/RDUWtAmn\/N2MrSP3BX63IBecgggeajGeDQeu0h0gzpQwmmr1W\/rYunSoqFFX5ouz8a\/O56eupxDBH4dlgKCLpB\/uNcGBsZbZn7D0MSdEq9sU+3rGh6ZCpDREqoFoM\/ePe6ZBwYyN5DfQ5S5xtM5Kx9nzgR0ma7na5nF+l+ByRUVDDcg+R6gDDtX7u7VAfvqTRqMCFrcyF0SqjD73Dx+5jJbDcuF3krsh5cUsmC3ty8BDoVGSf11axnldbf8\/lHSYOw4ulZJKq\/sTz5UxTVW5laCNJjqlY7Z8a7ZX\/gPYZni6DK3sKH\/pwfLD+eJvhi5gUZcI6y+TKOWHX3m7F7jI+o6kmuivTUhAHO0tp8eeKahEg274V6OXbr5gKp+A0ojgsX7ZyT\/qEOZyQW+ZVLpcoLdNi4viDD0P3Ti\/0+eMAJFCD83SXHZE7s3ktIEr1gJA+f8pz2foQ3UUo5VMFxosbOpW130fJlD\/iAqO7lnIbBAljSuAijWA4Tsc5zdOymoeY9QwWVkg13iiuc7J90lC+Sy8otpTVHsB262zMGncSESaXB5zznflxo7CBcJpN5BfwnB6hHSOc+uG"} 02270{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1598618820678,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598618820678,"pkt":"AAAAAAAAAAEA4e3RCABFAAViAABAADURNGem8LzRKJp\/yAG7wqwFTgvc71QwNTAACFVfMtNfKdhjRTVAGOq\/R1tSJ490cCgCIJtMuLgnF7hKWcwUWGCG1yeUQra8M2IbabEbv3t9rDs1mKoSxG0o1SwNZg+TYNjx60XPnxlQjdaPemBfWHhyIShS\/FwerrScOvQMg46Oklvwr2FyLIMnAlNL\/mWc7+8747IMQbAPr5vlwnAdmo2qfZtYMtdIW1xhXCBxR7JJFwiBMgxW++zHicn7moaT8\/+bDZ+HzEepJeBYrSVteiS0BK0n6cCyVowGk\/PbfkfkASgXD5BG61Cd+nr8Af7qfQdcKurj0yyrH5h1viElvy4SUonTnuNRTXgRmkWFI5Dx655anVNEDyyIA+LInCwiGE39JR+co6yzHCype7nL72Nq+jikfQUPfI883b5MrQ9rngGiZ8\/Xj8lYP\/QZ3\/ogby7k8+EqRcwwLdrKtF5JCPQHA47uMBlHe04rS8i00HZ6nSli4gEiz6jamp06cf0n39bZgvUQjAKf0ERdv971hRGdG0miD7H3QBKDkYd3jMMaCW0xLn2JbaBK1oc8XsPcVUeGlwQmCRwBHHJ8Zi5U2cVPlHrY4uUezGQwo3VZ3r5q95rt435Cj51jZ28FqxsNIE11PMXbcj4IXggGlyQVSDdlQV8ySpernoTOLJ7ESEF3t54ex\/kmX4c4cMPX9ddsiAY5den0AJP0\/NiKWL3LrUSrEOm8wr\/TSwK8v7YyoUXFr0q9WzgNo3XQrwUtAlQBmFb24DGYwbS+3XNGulanTnYpBrsb5c1rh0p91mAhQ\/rpURoxrNHqQru2XnDOVB85T41pLYZBM1fI2jpefgEQe9S28IEB\/1eLwrRuiU\/FIh6zJnowpUGRMkPEcli\/a9qk4i1KUhncByKhdd\/9ipm3FA0L0wwJh9k7FyhUMixNB17ijKhZ9gdil7oXiNMdx124Nmzbbk5lrjKivTcJ9RPINOAPRUQFR1RdL0N6Kq0CLXSzCDdZdLrY9En+mVKeYQj0xo\/jR18exhwt\/eRGfcgKxU3vj0n7pPV2efcnGnYI\/qnwevG1XcNdzUDvV4mVcXNvYEPxKSNdhD7Gpk6sGnaPSQTI2HNf0HmdlyCkLZSrpVeHOY4fveiP4Adr8M05Zxd0p3+8DcvQwP4QYKb2558+ox1mWrMBcDoH8rfM8Obyh3XuvPIl+jImNEF6BP6N3059LnOdatU9xWrsdLNJEgvG9u60Lk7nUNGZtXy46J65s6wF0c50NT+RmqoC2LZher4uoex39pj1K8V7kaJv3pcV1GjZn7eaJfrytSHHD08EAQGGAMIFMRg6nHfi8XeYIO3oF5hSYGXvUcdNd7WIgnidI\/Dzin6YMvkS0sgovzeBscolAktAP7weC3mq1LIaKYgNt2UsL8d9KL8\/n8B6R\/Yt81QFXYZf8g3+P4tPy\/kkSsNIfvswl3y0LDlhheLGqrpmqC8lIBGwv8YQXlaspfmVjHdirPP2SwJhDXPOI7i0j92jF26bcCvOi\/MymU9+Eb7WBD7jBktqD9MQhYDPOR1XZV0o4Os8ysZy\/WuU9JD6fru3jsr\/kKCqPguqlfF+W\/br9kviTd3\/eB4VY8p+7Zw2IhUhbAAnr8CvfrB2S\/TOapOVIXCtl3VT4kPt7qxNllSaLAB7HZ0kifbilO2MEKf7JHrUnpsA6AJyeHwuLS7wsXBPwyB\/OuLAVAq7ZLX3Aej45laD+jKQmWnX35iCvC2Lk0iNpz0KaPylARDD4R6xtjFuUiuuiD+\/VDor8Z42laVln8rezBVKWbgIJ0+RzyJkUTKFz9D8WmujYRQ1"} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1598618820564,"flow_last_seen":1598618820984,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7916,"flow_avg_l4_payload_len":659,"midstream":0,"thread_ts_msec":1598618820984,"l3_proto":"ip4","src_ip":"40.154.127.200","dst_ip":"166.240.188.209","src_port":49836,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.GoogleServices","breed":"Acceptable","category":"Web"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1598618820984} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"quic_t50.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":7916,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1598618820984} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/12 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685715 bytes -~~ total memory freed........: 4685715 bytes +~~ total memory allocated....: 4685739 bytes +~~ total memory freed........: 4685739 bytes ~~ total allocations/frees...: 101168/101168 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/quic_t51.pcap.out b/test/results/quic_t51.pcap.out index 71d6476d1..283791cc8 100644 --- a/test/results/quic_t51.pcap.out +++ b/test/results/quic_t51.pcap.out @@ -1,12 +1,12 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic_t51.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1598620434413} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1598620434413} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02260{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1598620434413,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598620434413,"pkt":"AAAAAAAAAAgAH83gCABFAAViXjpAAH8R7IK744iY0\/eTWtg8AbsFTvswwVQwNTEI\/5QVtbAFhg0AAEU0lc1seKsogM0xJ2my4Aiqph+R\/2N2Tlopv6L1CTJ74mgIopdeTMsbdYmmZHP80OXizzota6YFHVZ9VeAcEZo8pgEgiYZUg70bNed022uBY2n4AIBJaoTaZc4dlK\/B4TiUFC+WiYMdxcvH3S2VlmhK+Rc2gUQHqAYLkzqvz5M6NYLldilKxcCw\/ToJ+zu5fHTAbQipFFqbD95GLa7oBCU7jPE\/wj2QE1M9Wk52+SrgbNiKCHm0Oi8\/\/aC+8QR8oPQVWsQzjkcyagMWDaycHo+Z2gh2YqGCJoepFNsqgtO8uWWNDiaisHNHQDCPrCt5EDVvLMLkZZQTcE9bxIhJucB4CNr926kRAjaB4Y5CqDAEear5TtCJ3Iu0C2bzBjoi5J9LPiwVBQYhfxtqGdX9O3nANKjdbMVqvYl742MGo2YFm2J507oPMBXLqPJW2a2j\/XlrdIcqLJLXy1ruiet2Yfof5cTaMXQp6wyOq8s2kLEeb0RqG380zHAhUvwTfCiEYvwSN8+LPb7d1HKu3JRvbfM4A2u6D3\/ccc40B8jpt6t8mVTCa92M7s8hgVfDHCvoiaTxRF07ULZWTbuRFjLXA3G\/QLzl0b2QQA3PRqMO1r4YLM9IhL+9TjIm9kskk81nFsbcqeUPPCIl5SvakooZ1Ne4vlHJM7vcPwHkRJHa+PMjtknf1D9FmcaRoK2gywFTRk2j2RKXeNNGP3fOGBMRmVstntMO9HlCQR0pqWkIJ+jw+vDqFHMVZBwco3px5tJKsYik1W4I7vDVokn8tYkCXuWkDqmw9KvnktOeNU+eoLbnbQi\/AJnaCX22\/pOnvMBDUqcAEyxhhPUDxacTTuyCy01g9D7qNJmAhz3k5MC2zTm67IILY1heZ2AuYvQwYQOss3bJtjPNa+uV1pVbQiVw6S2nvxKgtq5Z9DSuXhvsbTOp5GSq1YV0eewMUT6nB6ejScFWGv+XM50Rf10iuSgO6pXznyY29qMMOcdfxFMWk8ZhEALkKLXeqjM+FjHgPqVYhtjd0Mxa3xCi4pEnff1YF4nj78KYHZrV2zxl6ihclVVh4iHXNFGI+s63vsFXEOTBejfPsr6+VmTDJ1+o1kNk93XUE\/bQ82a18NJPdXQ6kf26Qjcc4RqnTvAmrWh\/6fmG4zIriY7A9z8t4eO9Qfr9TLO3k0B5JOVnWVTqlbOvrJgEzV95Hv0ioO0xIj5BnxrbLnlwbNfPjVGTcRNAh71gU32J8rr6rCxxCaTv4RU7KdiQ+zigC0LKK7x4OPs9n2Ka2KUPy25mrLQ\/hk5IjtzsrqqQ2MzNcZhxb0kkNCxELzOQUMbpkFnw3XGvEDCJVplyR1UqjiDFOL8\/JfuephE1oyHWeOYVwVd2Cwv2PGGx05T5JJWiwFxWUNPRdBpTvDS0w\/p4Nd\/c2GPaorYCv1rEFAbYJpF4F6I30H8WeSXKzzhCDJKK0+cDwsUjqsSRJxU4ftS+uYB0XeJmKhKFuSfMEVI0q1YpMQZE\/G2MC4zAighNsEoUwNwWYS2545Iu3+Eegoe47B\/k8tCSheavZoHCQ6GLnzYKEdctMGvZqMVOXsPQnYlobmVfhCoHYAqTL++rI+V2XgKmzpdEDycwwsSLkVWoYU4lGAoPMP3kxasfCnUHU\/V6gkc7C3bskka9cplZd3pC0DtI8Ams8W1VIknYpHJDhbirGSRTc6oJbJQK8NbF0mBg+7QAzF7Cg20VSPH1oCq1EEodwhHlQBTHEkDIUOOWm8A2kePv2bx2BTxVuCDz2D78zh51"} 00890{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1598620434413,"flow_last_seen":1598620434413,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1598620434413,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"},"quic": {"client_requested_server_name":"www.google.com","user_agent":"dev Chrome\/86.0.4240.9 Windows NT 6.1; Win64; x64","version":"TLSv1.3","alpn":"h3-T051","ja3":"92e76078d514999cd950474995dab2b5","tls_supported_versions":"TLSv1.3"}} 02266{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1598620434419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598620434419,"pkt":"AAAAAAAAAAIA\/tPQCABFAAViAABAADcRkr3T95Nau+OImAG72DwFTvx1wFQwNTEACP+UFbWwBYYNAEU0cA7ob5DRu6SNsqDMEz7qri8UnfijZV8Hhw\/oxky0x+Zt0s6erWm7kWn2+1owrYTdI9p89OpW\/6ptpwv9v0J5BjJyyLuuQ7qMgzGXDs2ur++juUsUpOdkAs5K5BYVfQAmPmXEGyVgmyCeUg1T7Vj6FslmnDV909IngQqr2X3bAL3as4fB8O0bAq64I2nnjXRSsXtOF+WecFDOIkhsUozc+8M2nJh6kczAN6BO7Q6B24T4pTF7f\/SWotAh0wmioZGWvmsK3tbjrCGONmSc7G6EA+eCMtEUY\/yq8VyKOSmIHald\/L7JGCPyNYCQuoSWiWNaW\/I+iZ2Tm83YJ0ULZZc8urwFDYH3aj1AkglwflqENARW1+\/0Wgf8CdNT18FiabAis+X7vPL\/K0rfVmIy72rlRNRfOG7y7nzx1KwQOQc8aCVF3CWYU+Lmd10cKRMsTRDen+t7CfJT6D6czKmRS9zHy8defw2VL+sr4ea6knMol1lydS5om9MxXCYpqegXuWZiFTSbzJvhE4RaqOqWqlC3CyDO4ySp0wcYRr6Xiz\/ypHsBLBgujZNocUdxB92srmLhWvU+EKXNqnvn4sN9tP\/B4VI81UNJfpKqafd5TbC3xVerPG2FpOE4rg1k2rQi9r6v1+PQ\/d3R0LlFcbJ1hI9fgnNKZUfeIejFNzw84ZCPAGKEZF9DRij\/q7+ynKTHsKprl5SyrzqmDatgR6jPni4YdUIipVxz2xAMDSfgGHJudxWet0g70XvUgRUnZwnINCVHKug\/Cwaar4s1XCM8uhzoEef40bHIf\/1cPPikcn5BGvUj0yq5vKOgKlUAn1Pgd3RmxD4udRVK4hr3Qq2qz0yzGHjPkF5V31PdO+LbljCDil0atM9nNzYRQDTxXIy4ROBhbRF0GC5xxy\/5G1Z3EVEXnUgV7cKAoSoRYsJk+ehBddHi\/2\/aZLTP9GUgaj03e1ZAUqg\/pLbgzkOggtkBYwlEystem00J3RiW59azSXPWDzpQD37GvUqWpvchJjuAPROhp0eQOeyP6Sm5m8Ha1f9MDT\/mDWqN\/iBuFORPOJebKiYDmtBTotFqfXW1txgynw6EHUJzSE+pl4MdTTWGiKeLLjK6VcgkjK3QCvZi2YAV34jHwjHZGw2P\/U6KrMCfYoKLgcta7eGwEJgt1TEOATVA86YdSNrUK8Cm6qplxo7u2vCTdHfHERZHXlWiV5V+M6yg8jJ+w71hYe+9QRnWDWxxhFwqS3Rom5NgfL3qyZPAg7B0TvVcGC3k1t2hVxdIBJT1YLB9P8xcq205KojLAkrnJ6A03YtC2cE+\/GfTI6rrSdcn22uQHH1uwQgPFlvo5F8SRGnmtqbBCoQkhDA10opFpEUHAKVRysF1xT\/NgfiMQHD+An4IrPRfuv9gDg0rUkwJww22wh5gLlRkZ\/Syy5BClTzH9Eje2q1QlkG4NyNIdxlgTeTWfrV+owYm4Q+FXDFSqiziTTjYt929oBaNekN7DaLZNKBHzE9aRpnZjKaGJOIkilbSRnfMsOP+KhOdyxkYqJB7lgyVuE7zA+Cs6QfiNfeFBdysqGJcMLaCJe1XQZYseYZCHv9I1fYRd7rHJDJ5TLxG9ZoKBvyy9qAFruCnQdJM3kRJUF0ZdxtTsL1YtSrJYqn3hcGRfsN64Wu2ioNCdgwzJ\/IOr225URP0O\/yfvAjNTo393KgekGIplrSAr2vqB7j6oyQmlBJgPRuYDzTKmIMBKNHRY+Gk4U31TV\/ldcN5g5htDYX20DA3i7tEfKzfbUYY"} 02267{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1598620434482,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1598620434482,"pkt":"AAAAAAAAAAgAH83gCABFAAViXl9AAH8R7F2744iY0\/eTWtg8AbsFTtamzVQwNTEI\/5QVtbAFhg0AAEU0KsIg8w2st8fMy25uq6gsPA7KRO4wWARaQxn0e+nvMAG\/ncVOK2\/1iV8zM1GT+gj2yfRnYitTLViCwPF0TV0R7p64xnLqwrHTiNaW89JgMAHQze00LP7FiTbOvqpo5S+7AzCO4J36LH8gasnIPNye5ytyGP9hxarM0Gwv6wB1BKIgh6Hfi9vN\/Jaq\/hKaWtnsFyqFx21T1U0YmQzCOhcYGHZNHNGEmxqlfOiET0cy7A2zooythTNQBScefWz4fyugA0KO5z5EPbOCuLPnOhJ8u0jAA5snZ9Av4lfTCNurCTo\/b96gqEMXFCAN6kklskS6mSW1P2yxo93FRN9w3VFPyMe8m7WnAxPUMrijM3bZFrpYXz6N3LoSvj\/7t1mbaz3Ew6W7CCET2\/vUPuty0yYuKN9hlZRGZDAOI7p7UV84zBa3MKUoIB90BBwtqXlv\/AcyfRFhSrAf1TPDIen8IRojBr5qTqwwDIcvMREVIsmeXYDDAIh87njz+3l6UiC0r72z0Vz8KlwPmvyd1tNbK4UoVu5yliqV7BzHAT0P+flRjAVL+Vtw\/1eTO0KLmizThDqycqyAF1MjS6cC4BRlgBDuBvC7oqizuHTk4JOICP+TLa71t9U0MO4SvptmKRFy9UA159ziHHDRbAhIzzVEm+HGxTjT93PUzlkT4beWAgYYW5swcH8m2E+qX\/jfh4l+RAJ7s1FC99eqQD\/G2qHKz49sTvtw3eknSSHiADw1dFNDiGytHeAJqgKsYZ6xbxYgMT8vQQJWpcCaoPnc1R\/36QBSKDfO0Ei6I0Nk2Twp2jW7ybYg3WV9zcO8mcO+t2rUANioNNaghKiQ6\/\/kCvnfaOZl9\/nMaaP8oRI80YNnM3bBLePCUoIodPlfRsS+qRORwVaYVbmTkVd+7OOE68KIf+CtQJzWPG1I9szX6EUokwcVW4JeKB3DLXSgUJqbrCp8nB5Gt1Xl+DVmAWNn0zlmAkUkIYwVaRlUBt12nmZM5GfCFjeNYwyxKhMtco0zqNoFh6GPimEo\/HJoIaculB01PGh4MlKE33m6lcbQnV2mcjQy9+X6G7gJAvssvNVim+h2CyUIa0AFnvBEp0BZ0LQBw4xxW1+LO+851oEKlpBHf2CaPTJQbQ3lYLcFUbbZ7WxtncvtHzy\/SI9UgKeWcagnCcsYLbPsnPnloEl6cnUj6vnGVoFZ0zI4TVPk88\/biBoFXX37AYSAsISWoXJh5fdyK7Ub3uTshAtqeqBBTUeUFjb5Aj4cdCLyefeqdX7eVX7iolZTDjMHw6WHcQg9j8QT5ZehE6eQ3EWBv\/dyJkxi+P\/\/5RRqzAOol5xZb6h4LuhsvzWHQihAaP9MzFNZJKsrSoe\/spLPEQi09YKZ53xMfFjPTNozP7awNtIb6QltDJNIByFfslEQklWBp3nSDDraHwFBspLwhrXO\/4KJq80I0e6UvL2AGkUJ3WcnYVtrSbxxk4APJ7JesOtrVvfG0zUeYMWMSCdfwkF4KodqZGtJ3QATjzBea+nTD5uHk34dDyJnSJKk0ILq0jIFLho8LlWIyJH4QOXOz4qaWrv1Yq7zohspvZk7qqBfzWtq9nyRWQ1TZln6OTuRj1nSwDkH3Qwyv3P3ftVCIjgLduzJ1KxoPir\/gAp5xz8YWBMXoD3IJzkv\/PGQNpizq54tSdx\/+EwNQ0FXkMrTDVKVITAuSnBIkg9sH6JW+WpNYsbAPv3JnEFyzt8fIeM\/r0Qmf+N6zxgE9jaSg9C2Ue6YSiQO2VAdyYTxTvnFaxwR"} 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":642,"flow_first_seen":1598620434413,"flow_last_seen":1598620524479,"flow_idle_time":180000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":546754,"flow_avg_l4_payload_len":851,"midstream":0,"thread_ts_msec":1598620524479,"l3_proto":"ip4","src_ip":"187.227.136.152","dst_ip":"211.247.147.90","src_port":55356,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":642,"packets-processed":642,"total-skipped-flows":0,"total-l4-data-len":546754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1598620524479} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":642,"source":"quic_t51.pcap","alias":"nDPId-test","packets-captured":642,"packets-processed":642,"total-skipped-flows":0,"total-l4-data-len":546754,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1598620524479} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 642/642 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4703988 bytes -~~ total memory freed........: 4703988 bytes +~~ total memory allocated....: 4704012 bytes +~~ total memory freed........: 4704012 bytes ~~ total allocations/frees...: 101798/101798 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/quickplay.pcap.out b/test/results/quickplay.pcap.out index e2d7f79e5..1d8b5812b 100644 --- a/test/results/quickplay.pcap.out +++ b/test/results/quickplay.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quickplay.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1429000030398} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1429000030398} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00873{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":368,"pkt_l4_len":332,"thread_ts_msec":1429000030398,"pkt":"AAQCEgAAAAAAAAAAAAAIAEUAAWBDAUAAPwaoIQo2qfp4HCMpxewAUEHDiNf6xwiBUBgAc22rAABHRVQgL3NvbHIvUmVzdEFwaVNpbmdUZWxfUEgvcmVzdGFwaS9jYXRlZ29yaWVzL0hVRD9hcGlLZXk9cXdlcnR5JmRldmljZT1hbmRyb2lkbW9iaWxlJmxvY2FsZT1lbmcmbmV0d29yaz1XSUZJJnBhZ2VOdW1iZXI9MSZwYWdlU2l6ZT01MCBIVFRQLzEuMQ0KVXNlci1BZ2VudDogRGFsdmlrLzEuNi4wIChMaW51eDsgVTsgQW5kcm9pZCA0LjQuNDsgTUkgM1cgTUlVSS9WNi40LjIuMC5LWERNSUNCKQ0KSG9zdDogYXBpLXNpbmd0ZWxoYXdrLnF1aWNrcGxheS5jb20NCkNvbm5lY3Rpb246IEtlZXAtQWxpdmUNCkFjY2VwdC1FbmNvZGluZzogZ3ppcA0KDQo="} 00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1429000030398,"flow_last_seen":1429000030398,"flow_idle_time":7440000,"flow_min_l4_payload_len":312,"flow_max_l4_payload_len":312,"flow_tot_l4_payload_len":312,"flow_avg_l4_payload_len":312,"midstream":1,"thread_ts_msec":1429000030398,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.35.41","src_port":50668,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Streaming"},"http": {"hostname":"api-singtelhawk.quickplay.com","url":"api-singtelhawk.quickplay.com\/solr\/RestApiSingTel_PH\/restapi\/categories\/HUD?apiKey=qwerty&device=androidmobile&locale=eng&network=WIFI&pageNumber=1&pageSize=50","code":0,"content_type":"","user_agent":"Dalvik\/1.6.0 (Linux; U; Android 4.4.4; MI 3W MIUI\/V6.4.2.0.KXDMICB)"}} @@ -118,7 +118,7 @@ 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000037314,"flow_last_seen":1429000037771,"flow_idle_time":7440000,"flow_min_l4_payload_len":187,"flow_max_l4_payload_len":283,"flow_tot_l4_payload_len":470,"flow_avg_l4_payload_len":235,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"173.252.74.22","src_port":52288,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Facebook","breed":"Fun","category":"SocialNetwork"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1429000110390,"flow_last_seen":1429000110528,"flow_idle_time":7440000,"flow_min_l4_payload_len":206,"flow_max_l4_payload_len":625,"flow_tot_l4_payload_len":831,"flow_avg_l4_payload_len":415,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"203.205.147.215","src_port":35670,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.QQ","breed":"Fun","category":"Chat"}} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1429000048159,"flow_last_seen":1429000048795,"flow_idle_time":7440000,"flow_min_l4_payload_len":487,"flow_max_l4_payload_len":1169,"flow_tot_l4_payload_len":2143,"flow_avg_l4_payload_len":714,"midstream":1,"thread_ts_msec":1429000385363,"l3_proto":"ip4","src_ip":"10.54.169.250","dst_ip":"120.28.5.41","src_port":44256,"dst_port":80,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-data-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-events-serialized":121,"global_ts_msec":1429000385363} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":155,"source":"quickplay.pcap","alias":"nDPId-test","packets-captured":155,"packets-processed":155,"total-skipped-flows":0,"total-l4-data-len":95867,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":21,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":21,"total-idle-flows":21,"total-compressions":6,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":121,"global_ts_msec":1429000385363} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 155/155 ~~ skipped flows.............: 0 @@ -127,8 +127,8 @@ ~~ total active/idle flows...: 21/21 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4711246 bytes -~~ total memory freed........: 4711246 bytes +~~ total memory allocated....: 4711270 bytes +~~ total memory freed........: 4711270 bytes ~~ total allocations/frees...: 101426/101426 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/radius_false_positive.pcapng.out b/test/results/radius_false_positive.pcapng.out index 08ae758c8..23d193005 100644 --- a/test/results/radius_false_positive.pcapng.out +++ b/test/results/radius_false_positive.pcapng.out @@ -1,12 +1,12 @@ 00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"radius_false_positive.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00481{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"radius_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1638897892722} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"radius_false_positive.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1638897892722} 00639{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1638897892722,"flow_last_seen":1638897892722,"flow_idle_time":180000,"flow_min_l4_payload_len":1230,"flow_max_l4_payload_len":1230,"flow_tot_l4_payload_len":1230,"flow_avg_l4_payload_len":1230,"midstream":0,"thread_ts_msec":1638897892722,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02138{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1638897892722,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_msec":1638897892722,"pkt":"AAAAAAAAAAUAHNVSht1ohf3HBNYRNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQTW\/+II9QTO5\/6moMoBfKc4frxprVfBsxdaQAED2QEABgCgAQJbUkVKAAcAAABTVEsAOAAAAFNOTwBsAAAAUFJPRmwBAABTQ0ZH8wEAAFJSRUr3AQAAU1RUTP8BAABDUlT\/GwIAADVoRFFcZEfiQgn1oXI2ORzyXhwGYKf\/Flu1\/kK\/l4UH4q9DCId2Xb2zn9efGujSc\/F0aNOeHZb6KAjEeRC9dXjLQIA3XVxkxqhCJrs95QV3gGPSLgjsQQ873Rxpmhq\/VDe1SdA9fAVAXfMUX1s0Z5mAWpV6sSbDkPHYULs7X0KVe+fR2Ai5noT8neP+HJa14zskJKzRF7WTWAfIPB94k7XcyneleZDZy\/LsPNPpKzumkgJT693IGvFFGpwQ7o47hVb2V37u8BaJMyzZuDr4CIc8F1YA1joFN7OPyOLc3a+gm+fEb18FG1gS\/ZrcntqavJ3HLz5Vi8zFgzSja7rxlz5ZT0Fgr\/\/hUJDycGNBHRHMai1MLz1CKo55ez2Vq+oMFJFtHL8m7Yk0AZ6oTphvz\/47C32mJ\/BonrdxqQzXuP2SrkxlJp8ughvQJBkM+kPiZ+nnveyN+ypLny4LxyWPno4oScYJJSbW2FdJTZlTQ0ZHBgAAAEFFQUQIAAAAU0NJRBgAAABQVUJTOwAAAEtFWFM\/AAAAT0JJVEcAAABFWFBZTwAAAEFFU0dDQzIwYXTY6XlRVYYUrxtElpX4jCAAAK5TCWYobSWz756zKFc0+OhHde7JrmIR8db7Z6FsadZoQzI1NVZwm2DcDowaV9aKYgAAAAANAAAAcj3bAAAAAAAC1l9bpELMSn4CHk1io2ZOe6cCwpjjNUiKNMcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 02150{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1638897892751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1292,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":1292,"pkt_l4_len":1238,"thread_ts_msec":1638897892751,"pkt":"AAAAAAAAAAUAHNVSht1ohf3HBNYRNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQTWXcUENlLj0f+6+Jgr1PUqO1anUCJ2f97tXf2Z8dBl2WTNukYCx1qDOvW8l6pBbA\/QzGs9GCu+xmb0GpSAkHyfZJ2yzr+NsYf988AiiEM8Mw9vmVCFpA4j3zmgSbUMUqgIFl\/ckMyhcXVUAjUruKWcZMMMomSxBL0vpnp1XovZUE8pJR53GIvlrl+aH1JwTdTEvoURGDfXj7HymZzIuiSpGYcRD4vDvqxyXwPsD4kklWrCDS5cMNSnSoB8eE1CrkyDZbEac8d6Z9X9O9hVutHpXHdc8gBWr725a+RbAoF\/nPg5l47cpx3KLC5AygsRsFUsycadOOJsrJqf+9lTAUvzlDtUj+J25fiK8TqR0Htv0gjY+Jf2ES1obpMcjsWCiXC6C0982Lwh98CIWpY1gYbDsiQa6EEuHVALLYQUT42cGlDbewsfp4Tjx+NbNHC0NZc0UCj102HBZbyY5AOE9r7wfqiQaj2v1GD0l19oUj5P0xtAFB0SNmmD5d08q+OoF+ZBA0E6SCA8jehYueJJlNRt2O31FJ1PeCVRpXT8NS7VE4tXMJ8ZArjTuP5NIrSPPhiEXOHrCn7C8kPSZZB1pxxVhkM4fCfMQWma2EIEU+REEtViwMip2cC0g0V4nnW\/YfK+57akB9Uu+0UaHviwxWuzhAxGMdVzbjXnwSWJNac8i6mybugAVsdsQkGBl70YyNWbeahKe2D3y1P1bYLnJrYbOkYRBF+Acbl4FGuz\/nCgMU7SEMmI0+\/U7iLhf8TNIcHbgmGN3xWUp8MMU9z3FDMAHi7oQ7vcqn2oU94rkkS4y8axIrx2QwCkDJN+5S2PReVaFfu1ihdUnHLmPXcZnAO8wWRnGVr5ewQO2snzrfhV6kqHoNqKp3sFYCKZ0h+VYPxDLQBix8ZW6P\/vNI9cAHY6sTfoSrJh69tT4CbgMvKAE\/sDmImL3P9qv\/1IhHstTBm1LX4GOfYYS3rPAwVQ4pUO6qOTB\/jrOTmqyO8ggnJnicgTHfMyrt\/YUwgZmzOkC+28uYLM3BRiFyBEWOfbvNmWpIppEHAM4TQ0LASWi29RTMAA6yhmP48DyvIzh6MvPkc0C7ttlJFR5dXsueCqSPXJSa6RHS4Ghz3UQkk\/bW1yQQQsHLm1zJ0CZlvZsfILcijdRrY9oJzL3OU10dq2OTOj0EwYIjYZjoMNzWrVQoyWC\/hUYzb6TZHFiQ0v1S83RquW6dw1uqUaQxnSA6gjTt36ObS8o0yGINds3ce3lWwTO8wJp\/1VtDvWP4mJz0R1RdgPl7H3Qc\/OIu\/Uiz172qtXeu\/a6zn7juIxWvjrSwDhsEYK4AndiRVwqXJA+\/U7JrGg\/1Z+sEaWCLNPlGxx1qPQc\/lXR7j8\/6rGoy9j+Sp2Y0lmI790AsfFUJVXzf8\/sNql\/iXQyYk27jdTY1xFLuqEW+0sJDJplhnhSo2HCLraX8NwZK089VGLFoARqXLlZelV4DNWO6zmal7a5naaLGht\/dyC7GGpM9macDSuMEKqgE9PYIHiWZZiwe0n1VqYdrMTEbEA3PMydAo+v0ArxApe\/wf93uRzNVvGy\/z5z3Li6zsJTZIl4sCmgnO9Hg9luCpGiq\/3VXjdOqOdtq2C1KUdQUsQ0qfvDVjcB41LwFOcvnc="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1638897892751,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":85,"pkt_l4_len":31,"thread_ts_msec":1638897892751,"pkt":"AAAAAAAAAAUAHNVSht1gBf3HAB8RNyvGtazLO2drAAAAAAAAABg9ujdiwYbhIomwUXCobOz\/AbvPiQAfGG4AA72ZrkYpyvqLS4TIp3bivr3zq\/PFuA=="} 00654{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1638897892722,"flow_last_seen":1638897893066,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1230,"flow_tot_l4_payload_len":6859,"flow_avg_l4_payload_len":685,"midstream":0,"thread_ts_msec":1638897893066,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00639{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1638897892722,"flow_last_seen":1638897893066,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1230,"flow_tot_l4_payload_len":6859,"flow_avg_l4_payload_len":685,"midstream":0,"thread_ts_msec":1638897893066,"l3_proto":"ip6","src_ip":"2bc6:b5ac:cb3b:676b::18","dst_ip":"3dba:3762:c186:e122:89b0:5170:a86c:ecff","src_port":443,"dst_port":53129,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00489{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":6859,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1638897893066} +00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"radius_false_positive.pcapng","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":6859,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1638897893066} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680088 bytes -~~ total memory freed........: 4680088 bytes +~~ total memory allocated....: 4680112 bytes +~~ total memory freed........: 4680112 bytes ~~ total allocations/frees...: 101153/101153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 479 chars diff --git a/test/results/rdp.pcap.out b/test/results/rdp.pcap.out index 75754f9f0..e2282104a 100644 --- a/test/results/rdp.pcap.out +++ b/test/results/rdp.pcap.out @@ -1,12 +1,12 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rdp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1559207465138} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1559207465138} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1559207465138,"flow_last_seen":1559207465138,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1559207465138,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1559207465138,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1559207465138,"pkt":"AgAAAEUAAEAAAEAAQAbIuKwQArnAqAKOzQ4NPfm84lgAAAAAsML\/\/7iqAAACBAT5AQMDBQEBCAoLUEqcAAAAAAQCAAA="} 00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1559207465180,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"thread_ts_msec":1559207465180,"pkt":"AgAAAEUAADRflEAAfwYqMMCoAo6sEAK5DT3NDkeav7z5vOJZgBL6AEVOAAACBAW0AQMDAAEBBAI="} 00431{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1559207465181,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":44,"pkt_l4_len":20,"thread_ts_msec":1559207465181,"pkt":"AgAAAEUAACgAAEAAQAbI0KwQArnAqAKOzQ4NPfm84llHmr+9UBAgAGAaAAA="} 00771{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1559207465138,"flow_last_seen":1559207465181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1559207465181,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} 00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2010,"flow_first_seen":1559207465138,"flow_last_seen":1559207472692,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1273,"flow_tot_l4_payload_len":534243,"flow_avg_l4_payload_len":265,"midstream":0,"thread_ts_msec":1559207472692,"l3_proto":"ip4","src_ip":"172.16.2.185","dst_ip":"192.168.2.142","src_port":52494,"dst_port":3389,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"RDP","breed":"Acceptable","category":"RemoteAccess"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","packets-captured":2010,"packets-processed":2010,"total-skipped-flows":0,"total-l4-data-len":534243,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1559207472692} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2010,"source":"rdp.pcap","alias":"nDPId-test","packets-captured":2010,"packets-processed":2010,"total-skipped-flows":0,"total-l4-data-len":534243,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1559207472692} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2010/2010 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4738088 bytes -~~ total memory freed........: 4738088 bytes +~~ total memory allocated....: 4738112 bytes +~~ total memory freed........: 4738112 bytes ~~ total allocations/frees...: 103153/103153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 436 chars diff --git a/test/results/reasm_crash_anon.pcapng.out b/test/results/reasm_crash_anon.pcapng.out index 281652e3f..93f2b31ce 100644 --- a/test/results/reasm_crash_anon.pcapng.out +++ b/test/results/reasm_crash_anon.pcapng.out @@ -1,5 +1,5 @@ 00469{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00476{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1410865705717} +00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1410865705717} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1410865705717,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"flow_min_l4_payload_len":13,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":13,"midstream":1,"thread_ts_msec":1410865705717,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} @@ -17,16 +17,16 @@ 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866187327,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"} 00215{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1410866247530} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"thread_ts_msec":1410866247528,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="} -00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":4999,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":20,"global_ts_msec":1410866307727} +00562{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":4999,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1410866307727} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866428129} 00389{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866398032,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866578634} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":170,"packets-processed":161,"total-skipped-flows":0,"total-l4-data-len":6132,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1410866909737} +00565{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":170,"packets-processed":161,"total-skipped-flows":0,"total-l4-data-len":6132,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":25,"global_ts_msec":1410866909737} 00216{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410867060242} 00374{"packet_event_id":1,"packet_event_name":"packet","packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="} 00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":209,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":6327,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":29,"global_ts_msec":1410867180785} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":209,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":6327,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":29,"global_ts_msec":1410867180785} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 209/200 ~~ skipped flows.............: 0 @@ -35,8 +35,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4694657 bytes -~~ total memory freed........: 4694657 bytes +~~ total memory allocated....: 4694681 bytes +~~ total memory freed........: 4694681 bytes ~~ total allocations/frees...: 101347/101347 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 220 chars diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out index 73f90033e..01f85ee54 100644 --- a/test/results/reasm_segv_anon.pcapng.out +++ b/test/results/reasm_segv_anon.pcapng.out @@ -1,5 +1,5 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1550422828553} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1550422828553} 00240{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828553} 00413{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -62,7 +62,7 @@ 00241{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422844222} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842865,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-data-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":65,"global_ts_msec":1550422844224} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-data-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":65,"global_ts_msec":1550422844224} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 82/82 ~~ skipped flows.............: 0 @@ -71,8 +71,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682176 bytes -~~ total memory freed........: 4682176 bytes +~~ total memory allocated....: 4682200 bytes +~~ total memory freed........: 4682200 bytes ~~ total allocations/frees...: 101225/101225 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 244 chars diff --git a/test/results/reddit.pcap.out b/test/results/reddit.pcap.out index a6e5b3bb1..80c887295 100644 --- a/test/results/reddit.pcap.out +++ b/test/results/reddit.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reddit.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1605291684451} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1605291684451} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40028,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reddit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":94,"pkt_l4_len":40,"thread_ts_msec":1605291684451,"pkt":"qtsDr8lk5EKm5WPyht1gBBqZACgGQCoBywEgSYsHmR3shSjf9ikqABRQQAcICgAAAAAAACAKnFwBu4Sgd8UAAAAAoAL9IJAlAAACBAWgBAIICtTdYAcAAAAAAQMDBw=="} 00612{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"reddit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605291684451,"flow_last_seen":1605291684451,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1605291684451,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:80a::200a","src_port":40030,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -444,7 +444,7 @@ 00712{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1605291690926,"flow_last_seen":1605291691044,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":8557,"flow_avg_l4_payload_len":316,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:808::2001","src_port":46814,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00736{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":164,"flow_first_seen":1605291686985,"flow_last_seen":1605291698522,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2333,"flow_tot_l4_payload_len":45370,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"}} 00726{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":31,"flow_first_seen":1605291690373,"flow_last_seen":1605291690520,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1208,"flow_tot_l4_payload_len":5684,"flow_avg_l4_payload_len":183,"midstream":0,"thread_ts_msec":1605291698785,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":51006,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} -00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":11682,"packets-processed":11682,"total-skipped-flows":0,"total-l4-data-len":10573423,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-events-serialized":447,"global_ts_msec":1605291698785} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11682,"source":"reddit.pcap","alias":"nDPId-test","packets-captured":11682,"packets-processed":11682,"total-skipped-flows":0,"total-l4-data-len":10573423,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":59,"total-detection-updates":84,"total-updates":0,"current-active-flows":0,"total-active-flows":60,"total-idle-flows":60,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":447,"global_ts_msec":1605291698785} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11682/11682 ~~ skipped flows.............: 0 @@ -453,8 +453,8 @@ ~~ total active/idle flows...: 60/60 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5299584 bytes -~~ total memory freed........: 5299584 bytes +~~ total memory allocated....: 5299608 bytes +~~ total memory freed........: 5299608 bytes ~~ total allocations/frees...: 113316/113316 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/rtsp.pcap.out b/test/results/rtsp.pcap.out index bddce1d36..df4642def 100644 --- a/test/results/rtsp.pcap.out +++ b/test/results/rtsp.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1627567277506} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1627567277506} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":205,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":205,"pkt_l4_len":169,"thread_ts_msec":1627567277506,"pkt":"AAMAAQAGAAwp8x5yAAAIAEUAAL1W3kAAgAaMTgoBAQoKAgICzPYhajvib4JhB2\/CUBgEAcxeAABHRVRfUEFSQU1FVEVSIHJ0c3A6Ly8xMC4yLjIuMjo4NTU0LyBSVFNQLzEuMA0KQ1NlcTogNw0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpTZXNzaW9uOiA2NjBmYzRjMGM2YWQ0M2ExDQoNCg=="} 00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1627567277506,"flow_last_seen":1627567277506,"flow_idle_time":7440000,"flow_min_l4_payload_len":149,"flow_max_l4_payload_len":149,"flow_tot_l4_payload_len":149,"flow_avg_l4_payload_len":149,"midstream":1,"thread_ts_msec":1627567277506,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52470,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} @@ -42,7 +42,7 @@ 00807{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":104,"flow_first_seen":1627567406342,"flow_last_seen":1627567465366,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11300,"flow_avg_l4_payload_len":108,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52478,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00806{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":92,"flow_first_seen":1627567466882,"flow_last_seen":1627567526623,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":11332,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52480,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1627567528106,"flow_last_seen":1627567528308,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":695,"flow_tot_l4_payload_len":10744,"flow_avg_l4_payload_len":127,"midstream":0,"thread_ts_msec":1627567528308,"l3_proto":"ip4","src_ip":"10.1.1.10","dst_ip":"10.2.2.2","src_port":52482,"dst_port":8554,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-data-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-events-serialized":45,"global_ts_msec":1627567528308} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":568,"source":"rtsp.pcap","alias":"nDPId-test","packets-captured":568,"packets-processed":568,"total-skipped-flows":0,"total-l4-data-len":67396,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":45,"global_ts_msec":1627567528308} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 568/568 ~~ skipped flows.............: 0 @@ -51,8 +51,8 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4715890 bytes -~~ total memory freed........: 4715890 bytes +~~ total memory allocated....: 4715914 bytes +~~ total memory freed........: 4715914 bytes ~~ total allocations/frees...: 101737/101737 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/rtsp_setup_http.pcapng.out b/test/results/rtsp_setup_http.pcapng.out index 3a9e1525b..595f71d3c 100644 --- a/test/results/rtsp_setup_http.pcapng.out +++ b/test/results/rtsp_setup_http.pcapng.out @@ -1,10 +1,10 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1625568705778} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625568705778} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1625568705778,"pkt":"AAwpI6CIeCSvPj0DCABFAADbwOlAAEAGFzesHAWqrBwEGvlgIWqjD4UUiv5WgFAYA\/\/+rgAAU0VUVVAgcnRzcDovLzE3Mi4yOC40LjI2Ojg1NTQvdHJhY2tJRD04OCBSVFNQLzEuMA0KQ1NlcTogNA0KVXNlci1BZ2VudDogTGliVkxDLzMuMC4xNiAoTElWRTU1NSBTdHJlYW1pbmcgTWVkaWEgdjIwMTYuMTEuMjgpDQpUcmFuc3BvcnQ6IFJUUC9BVlA7dW5pY2FzdDtjbGllbnRfcG9ydD01MDIyMC01MDIyMQ0KDQo="} 00782{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} 00821{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1625568705778,"flow_last_seen":1625568705778,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1625568705778,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.4.26","src_port":63840,"dst_port":8554,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"RTSP","breed":"Fun","category":"Media"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":7,"global_ts_msec":1625568705778} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"rtsp_setup_http.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":1,"total-skipped-flows":0,"total-l4-data-len":179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625568705778} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1/1 ~~ skipped flows.............: 0 @@ -13,8 +13,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681927 bytes -~~ total memory freed........: 4681927 bytes +~~ total memory allocated....: 4681951 bytes +~~ total memory freed........: 4681951 bytes ~~ total allocations/frees...: 101146/101146 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 473 chars diff --git a/test/results/rx.pcap.out b/test/results/rx.pcap.out index 2df81b08b..09591ba20 100644 --- a/test/results/rx.pcap.out +++ b/test/results/rx.pcap.out @@ -1,5 +1,5 @@ 00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rx.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00460{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1460647264018} +00539{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1460647264018} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1460647264018,"flow_last_seen":1460647264018,"flow_idle_time":180000,"flow_min_l4_payload_len":292,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":292,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1460647264018,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":41559,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1460647264018,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":334,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":334,"pkt_l4_len":300,"thread_ts_msec":1460647264018,"pkt":"PIqwbTfwAAjK968mCABFAAFA5\/AAAEARo32DctuowKfOfKJXG1oBLBrkVw+1YFw\/yYgAAAABAAAAAQAAAAEBBQAAAAAASQAAAfgAAAABAAAAZwAAAGkAAABvAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rx.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1460647264026,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1460647264026,"pkt":"AAjK968mPIqwbTfwCABFAABAOykAADoRV0XAp858g3LbqBtaolcALPkKVw+1YFw\/yYgAAAABAAAAAQAAAAEBBAAAAAAASQAAAAEAACcR"} @@ -30,7 +30,7 @@ 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1460647299704,"flow_last_seen":1460647320158,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":9058,"flow_avg_l4_payload_len":114,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.241","src_port":7001,"dst_port":7000,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1460647299605,"flow_last_seen":1460647300326,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":8785,"flow_avg_l4_payload_len":325,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":7001,"dst_port":7003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1460647283326,"flow_last_seen":1460647283340,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":292,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1460647320158,"l3_proto":"ip4","src_ip":"131.114.219.168","dst_ip":"192.167.206.124","src_port":38331,"dst_port":7002,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RX","breed":"Acceptable","category":"RPC"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-data-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":33,"global_ts_msec":1460647320158} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":132,"source":"rx.pcap","alias":"nDPId-test","packets-captured":132,"packets-processed":132,"total-skipped-flows":0,"total-l4-data-len":20931,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":33,"global_ts_msec":1460647320158} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 132/132 ~~ skipped flows.............: 0 @@ -39,8 +39,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4687114 bytes -~~ total memory freed........: 4687114 bytes +~~ total memory allocated....: 4687138 bytes +~~ total memory freed........: 4687138 bytes ~~ total allocations/frees...: 101287/101287 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars diff --git a/test/results/s7comm.pcap.out b/test/results/s7comm.pcap.out index 63c385235..38983aaa9 100644 --- a/test/results/s7comm.pcap.out +++ b/test/results/s7comm.pcap.out @@ -1,12 +1,12 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"s7comm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1408528803880} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1408528803880} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803880,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1408528803880,"flow_last_seen":1408528803880,"flow_idle_time":7440000,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"thread_ts_msec":1408528803880,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1408528803884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1408528803884,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="} 00483{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1408528803884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1408528803884,"pkt":"ABsbI+s7kOa6hF5BCABFAABBLUxAAIAGAADAqAEKwKgBKBBZAGaQRN24AAL7JlAY+tqDtgAAAwAAGQLwgDIBAAACAAAIAADwAAABAAEB4A=="} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_idle_time":7440000,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1408528804016,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"s7comm","breed":"Acceptable","category":"Network"}} -00472{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-data-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1408528804016} +00551{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","packets-captured":55,"packets-processed":55,"total-skipped-flows":0,"total-l4-data-len":2290,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1408528804016} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 55/55 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681393 bytes -~~ total memory freed........: 4681393 bytes +~~ total memory allocated....: 4681417 bytes +~~ total memory freed........: 4681417 bytes ~~ total allocations/frees...: 101198/101198 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/safari.pcap.out b/test/results/safari.pcap.out index 131fc8832..d144ee241 100644 --- a/test/results/safari.pcap.out +++ b/test/results/safari.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"safari.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1620898024056} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620898024056} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620898024056,"flow_last_seen":1620898024056,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620898024056,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55262,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620898024056,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1620898024056,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGrBvAqAGykjA6EtfeAbt7aT+8AAAAALAC\/\/8bGAAAAgQFtAEDAwUBAQgKMzDFWAAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"safari.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620898024084,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620898024084,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGuB+SMDoSwKgBsgG7194MY\/Pce2k\/vaAS\/ohIgwAAAgQFrAQCCAo6VqpvMzDFWAEDAwc="} @@ -51,7 +51,7 @@ 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":800,"flow_first_seen":1620898025217,"flow_last_seen":1620898026128,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":676127,"flow_avg_l4_payload_len":845,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55268,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":769,"flow_first_seen":1620898025217,"flow_last_seen":1620898026109,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":648144,"flow_avg_l4_payload_len":842,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55269,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1620898027036,"flow_last_seen":1620898027166,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":5402,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1620898029980,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"146.48.58.18","src_port":55285,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","packets-captured":6019,"packets-processed":6019,"total-skipped-flows":0,"total-l4-data-len":5172339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-events-serialized":54,"global_ts_msec":1620898029980} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6019,"source":"safari.pcap","alias":"nDPId-test","packets-captured":6019,"packets-processed":6019,"total-skipped-flows":0,"total-l4-data-len":5172339,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":54,"global_ts_msec":1620898029980} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6019/6019 ~~ skipped flows.............: 0 @@ -60,8 +60,8 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4886553 bytes -~~ total memory freed........: 4886553 bytes +~~ total memory allocated....: 4886577 bytes +~~ total memory freed........: 4886577 bytes ~~ total allocations/frees...: 107199/107199 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/salesforce.pcap.out b/test/results/salesforce.pcap.out index df0a31963..b4a566646 100644 --- a/test/results/salesforce.pcap.out +++ b/test/results/salesforce.pcap.out @@ -1,5 +1,5 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"salesforce.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1637949675032} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1637949675032} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1637949675032,"flow_last_seen":1637949675032,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1637949675032,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1637949675032,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1637949675032,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGlHnAqAGyVd6OBtR\/AbsUUf9OAAAAALAC\/\/85bQAAAgQFtAEDAwUBAQgKBrZmwAAAAAAEAgAA"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1637949675060,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1637949675060,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGo31V3o4GwKgBsgG71H+paXwVFFH\/T6AScSBLcQAAAgQFjAQCCAok00OjBrZmwAEDAwc="} @@ -8,7 +8,7 @@ 00945{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 01254{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1637949675032,"flow_last_seen":1637949675088,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3982,"flow_avg_l4_payload_len":497,"midstream":0,"thread_ts_msec":1637949675088,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"help.salesforce.com","server_names":"support.salesforce.com,help.salesforce.com","ja3":"7570245c781d7d7a68e31419177e728d","ja3s":"263c859c5391203d774bc0599793d915","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Francisco, O=salesforce.com, inc., CN=support.salesforce.com","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1","fingerprint":"69:0B:02:F6:58:63:79:69:21:33:61:1A:5C:3D:6A:BD:FC:55:0C:6F"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1637949675032,"flow_last_seen":1637949675181,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4195,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1637949675181,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"85.222.142.6","src_port":54399,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Salesforce","breed":"Safe","category":"Cloud"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1637949675181} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":15,"source":"salesforce.pcap","alias":"nDPId-test","packets-captured":15,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4195,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1637949675181} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 15/15 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688664 bytes -~~ total memory freed........: 4688664 bytes +~~ total memory allocated....: 4688688 bytes +~~ total memory freed........: 4688688 bytes ~~ total allocations/frees...: 101166/101166 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/selfsigned.pcap.out b/test/results/selfsigned.pcap.out index 418738f3d..e06742e12 100644 --- a/test/results/selfsigned.pcap.out +++ b/test/results/selfsigned.pcap.out @@ -1,5 +1,5 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"selfsigned.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1588921646472} +00547{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1588921646472} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588921646472,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1588921646472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"thread_ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="} @@ -7,7 +7,7 @@ 00964{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 01418{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"thread_ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}} 01039{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"6": {"risk":"Self-signed Certificate","severity":"High","risk_score": {"total":500,"client":450,"server":50}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1588921646517} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":2634,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1588921646517} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4690710 bytes -~~ total memory freed........: 4690710 bytes +~~ total memory allocated....: 4690734 bytes +~~ total memory freed........: 4690734 bytes ~~ total allocations/frees...: 101169/101169 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out index 2a621e5b7..3ced731c6 100644 --- a/test/results/signal.pcap.out +++ b/test/results/signal.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"signal.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1569051245838} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569051245838} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569051245838,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1569051245838,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKS8AAP8RkXYAAAAA\/\/\/\/\/wBEAEMBNJxAAQEGACG6jqoAAQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"} 00730{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051245838,"flow_last_seen":1569051245838,"flow_idle_time":180000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":300,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051245838,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"lucas-imac","fingerprint":"1,121,3,6,15,119,252,95,44,46","class_ident":""}} @@ -134,7 +134,7 @@ 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":180000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":180000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":273842,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":16,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-events-serialized":137,"global_ts_msec":1569051267601} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":273842,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":16,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_msec":1569051267601} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 637/637 ~~ skipped flows.............: 0 @@ -143,8 +143,8 @@ ~~ total active/idle flows...: 19/19 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4771627 bytes -~~ total memory freed........: 4771627 bytes +~~ total memory allocated....: 4771651 bytes +~~ total memory freed........: 4771651 bytes ~~ total allocations/frees...: 101918/101918 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/simple-dnscrypt.pcap.out b/test/results/simple-dnscrypt.pcap.out index e4a5feae2..a2ff1db3e 100644 --- a/test/results/simple-dnscrypt.pcap.out +++ b/test/results/simple-dnscrypt.pcap.out @@ -1,5 +1,5 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1491813284555} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1491813284555} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1491813284555,"flow_last_seen":1491813284555,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1491813284555,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1491813284555,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284555,"pkt":"uFpz9d6dpDTZFrEGCABFAAA0PRVAAIAGMNDAqCunhncaGMQ5Abvf\/XrjAAAAAIACIAChWwAAAgQFtAEDAwgBAQQC"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1491813284666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1491813284666,"pkt":"pDTZFrEGuFpz9d6dCABFAAA0AABAADMGuuWGdxoYwKgrpwG7xDnBW87r3\/165IASchC\/iQAAAgQFHgEBBAIBAwMH"} @@ -32,7 +32,7 @@ 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286275,"flow_last_seen":1491813286718,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50253,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1491813286392,"flow_last_seen":1491813286753,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":7519,"flow_avg_l4_payload_len":417,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1491813286393,"flow_last_seen":1491813286913,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1310,"flow_tot_l4_payload_len":9310,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1491813286913,"l3_proto":"ip4","src_ip":"192.168.43.167","dst_ip":"134.119.26.24","src_port":50259,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"3":"DPI (cache)"},"proto":"TLS.DNScrypt","breed":"Safe","category":"Network"}} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-data-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":35,"global_ts_msec":1491813286913} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":111,"source":"simple-dnscrypt.pcap","alias":"nDPId-test","packets-captured":111,"packets-processed":111,"total-skipped-flows":0,"total-l4-data-len":38586,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1491813286913} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 111/111 ~~ skipped flows.............: 0 @@ -41,8 +41,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4775081 bytes -~~ total memory freed........: 4775081 bytes +~~ total memory allocated....: 4775105 bytes +~~ total memory freed........: 4775105 bytes ~~ total allocations/frees...: 101305/101305 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/sip.pcap.out b/test/results/sip.pcap.out index 9ae5cfb70..276462a0d 100644 --- a/test/results/sip.pcap.out +++ b/test/results/sip.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"sip.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1120469572844} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1120469572844} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01054{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1120469572844,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":509,"pkt_l4_len":475,"thread_ts_msec":1120469572844,"pkt":"ADBUADRWAODtAW69CABFAAHvaZgAAIARF6bAqAEC1PIhIxPEE8QB2272UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMTUxMjQ4NzM3LTQ2ZWE3MTVlMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTkwM2RmMGENClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9OWM3ZDJkYmQ4ODIyMDEzYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY4IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhcmRzOiA3MA0KVXNlci1BZ2VudDogTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuMC41MS4xNg0KDQo="} 00632{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469572844,"flow_last_seen":1120469572844,"flow_idle_time":180000,"flow_min_l4_payload_len":467,"flow_max_l4_payload_len":467,"flow_tot_l4_payload_len":467,"flow_avg_l4_payload_len":467,"midstream":0,"thread_ts_msec":1120469572844,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} @@ -12,12 +12,12 @@ 00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470049188,"flow_last_seen":1120470049188,"flow_idle_time":180000,"flow_min_l4_payload_len":822,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":822,"flow_avg_l4_payload_len":822,"midstream":0,"thread_ts_msec":1120470049188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 01527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1120470049696,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470049696,"pkt":"ADBUADRWAODtAW69CABFAANSanAAAIARyurAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} 01527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1120470050699,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":864,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":864,"pkt_l4_len":830,"thread_ts_msec":1120470050699,"pkt":"ADBUADRWAODtAW69CABFAANSanIAAIARyujAqAECyER4URPEE8QDPvKbSU5WSVRFIHNpcDo5NzIzOTI4NzA0NEB2b2lwLmJydWp1bGEubmV0IFNJUC8yLjANClZpYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTA0OTg0MDUzLTQ0Y2U0YTQxMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206ICJhcmlrIiA8c2lwOjgxNjY2NkB2b2lwLmJydXJqdWxhLm5ldD47dGFnPTY0MzNlZjkNClRvOiA8c2lwOjk3MjM5Mjg3MDQ0QHZvaXAuYnJ1anVsYS5uZXQ+DQpDYWxsLUlEOiAxMDUwOTAyNTktNDQ2ZmFmN2FAMTkyLjE2OC4xLjINCkNTZXE6IDEgSU5WSVRFDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb24gMi4wLjUxLjE2DQpFeHBpcmVzOiAxMjANCkFjY2VwdDogYXBwbGljYXRpb24vc2RwDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3NkcA0KQ29udGVudC1MZW5ndGg6IDI3Mg0KQ29udGFjdDogPHNpcDo4MTY2NjZAMTkyLjE2OC4xLjI+DQpNYXgtRm9yd2FyZHM6IDcwDQpBbGxvdzogSU5WSVRFLCBBQ0ssIENBTkNFTCwgQllFLCBSRUZFUiwgT1BUSU9OUywgTk9USUZZLCBJTkZPDQoNCnY9MA0Kbz1TSVBQUyAxMDUwMTUxNjUgMTA1MDE1MTYyIElOIElQNCAxOTIuMTY4LjEuMg0Kcz1TSVAgY2FsbA0KYz1JTiBJUDQgMTkyLjE2OC4xLjINCnQ9MCAwDQptPWF1ZGlvIDMwMDAwIFJUUC9BVlAgMCA4IDk3IDIgMw0KYT1ydHBtYXA6MCBwY211LzgwMDANCmE9cnRwbWFwOjggcGNtYS84MDAwDQphPXJ0cG1hcDo5NyBpTEJDLzgwMDANCmE9cnRwbWFwOjIgRzcyNi0zMi84MDAwDQphPXJ0cG1hcDozIEdTTS84MDAwDQphPWZtdHA6OTcgbW9kZT0yMA0KYT1zZW5kcmVjdg0K"} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"sip.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-data-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-events-serialized":15,"global_ts_msec":1120470187658} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":44,"source":"sip.pcap","alias":"nDPId-test","packets-captured":44,"packets-processed":43,"total-skipped-flows":0,"total-l4-data-len":17733,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":2,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1120470187658} 00674{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":46,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1120469572844,"flow_last_seen":1120470216689,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":8987,"flow_avg_l4_payload_len":332,"midstream":0,"thread_ts_msec":1120470216689,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120470235521,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":57,"source":"sip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1120470049188,"flow_last_seen":1120470116279,"flow_idle_time":180000,"flow_min_l4_payload_len":347,"flow_max_l4_payload_len":822,"flow_tot_l4_payload_len":8756,"flow_avg_l4_payload_len":486,"midstream":0,"thread_ts_msec":1120470315341,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":60,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":41,"flow_first_seen":1120469572844,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":14281,"flow_avg_l4_payload_len":348,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-data-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":20,"global_ts_msec":1120470796804} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":69,"source":"sip.pcap","alias":"nDPId-test","packets-captured":69,"packets-processed":68,"total-skipped-flows":0,"total-l4-data-len":27248,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":5,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":20,"global_ts_msec":1120470796804} 00676{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":71,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1120469572844,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":19440,"flow_avg_l4_payload_len":373,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985348,"flow_last_seen":1120470985348,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985348,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00664{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1120470985348,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985348,"pkt":"ADBUADRWAODtAW69CABFAADIa\/wAAIARFmjAqAEC1PIhJHUwncgAtBjegAhvrgAABNg3lstx1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1dXV1REEHBgYEhIeEBQXahMcGAQEBQYBAQAHBQUZEwUbGRATGQUEBAcDAgMDAAACDQ0NAAEDDQwNAAABAgMBBgYBDw4ODAMABwYAAwMGBwEEBgYbHxwRaWBiFREQFGoTFWBpYX10UltZ10dcVlJVREtCdVlzeFp8bmgUag=="} @@ -31,7 +31,7 @@ 00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":84,"flow_first_seen":1120469572844,"flow_last_seen":1120471094413,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":34047,"flow_avg_l4_payload_len":405,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1120470985348,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":1548,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470986363,"flow_last_seen":1120470986363,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.242.33.36","src_port":30001,"dst_port":40393,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"RTCP","breed":"Acceptable","category":"VoIP"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","packets-captured":112,"packets-processed":112,"total-skipped-flows":0,"total-l4-data-len":44455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":34,"global_ts_msec":1120471094413} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":112,"source":"sip.pcap","alias":"nDPId-test","packets-captured":112,"packets-processed":112,"total-skipped-flows":0,"total-l4-data-len":44455,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":7,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":34,"global_ts_msec":1120471094413} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 112/112 ~~ skipped flows.............: 0 @@ -40,8 +40,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685662 bytes -~~ total memory freed........: 4685662 bytes +~~ total memory allocated....: 4685686 bytes +~~ total memory freed........: 4685686 bytes ~~ total allocations/frees...: 101264/101264 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/skype-conference-call.pcap.out b/test/results/skype-conference-call.pcap.out index 0f4abb1e3..c5a054c2c 100644 --- a/test/results/skype-conference-call.pcap.out +++ b/test/results/skype-conference-call.pcap.out @@ -1,12 +1,12 @@ 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype-conference-call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1501061916646} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1501061916646} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1501061916646,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1501061916646,"pkt":"XEl5dU5qxCwDBkn+CABFAACEzEwAAEARWwHAqAIUaC4oMcCC7OIAcIaYAAEAVCESpELFWk\/f3gwyXjBMYMcABgAJZ3BwZTp6V3lrAAAAACQABG7\/\/v+AKgAIAAAAAAC\/QxeAVAABMQAAAIBwAAQAAAADAAgAFMOSZmY4XAmhNOQKDGwu8wYai2KrgCgABB+1m2s="} 00803{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1501061916646,"flow_last_seen":1501061916646,"flow_idle_time":180000,"flow_min_l4_payload_len":104,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":104,"flow_avg_l4_payload_len":104,"midstream":0,"thread_ts_msec":1501061916646,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1501061916653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1501061916653,"pkt":"xCwDBkn+XEl5dU5qCABFAACERTYAAG4RtBdoLigxwKgCFOziwIIAcHm6AAEAVCESpEI8yF2moGJ4zvU2wuEABgAJeld5azpncHBlAAAAACQABG7\/\/v+AKQAIAAAAAAACl5OAVAABMQAAAIBwAAQAAAADAAgAFHnv8xovieyQrsQ6j2MMyqg8GNj1gCgABORvfhY="} 00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1501061916690,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_msec":1501061916690,"pkt":"XEl5dU5qxCwDBkn+CABFAABkjWYAAEARmgfAqAIUaC4oMcCC7OIAUFnEAQEANCESpEI8yF2moGJ4zvU2wuEAIAAIAAHN8Ek8jHOAcAAEAAAAAwAIABSgsacIkgIOfzKEQbuerkeFTLj204AoAASK\/70B"} 00847{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1501061916646,"flow_last_seen":1501061918151,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":915,"flow_tot_l4_payload_len":31287,"flow_avg_l4_payload_len":156,"midstream":0,"thread_ts_msec":1501061918151,"l3_proto":"ip4","src_ip":"192.168.2.20","dst_ip":"104.46.40.49","src_port":49282,"dst_port":60642,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1501061918151} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":200,"source":"skype-conference-call.pcap","alias":"nDPId-test","packets-captured":200,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":31287,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1501061918151} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 200/200 ~~ skipped flows.............: 0 @@ -15,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4693806 bytes -~~ total memory freed........: 4693806 bytes +~~ total memory allocated....: 4693830 bytes +~~ total memory freed........: 4693830 bytes ~~ total allocations/frees...: 101345/101345 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 477 chars ~~ json string max len.......: 852 chars -~~ json string avg len.......: 653 chars +~~ json string avg len.......: 654 chars diff --git a/test/results/skype.pcap.out b/test/results/skype.pcap.out index 739bb2e84..58cfbcf9e 100644 --- a/test/results/skype.pcap.out +++ b/test/results/skype.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1431969639825} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431969639825} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431969641947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431969641947,"pkt":"0NQSxnP1PBXCt3IOCABFAABAt5UAAEARP6TAqAEiwKgBAcALADUALIa2zTYBAAABAAAAAAAAAWIGY29uZmlnBXNreXBlA2NvbQAAAQAB"} 00774{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"skype.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431969641947,"flow_last_seen":1431969641947,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1431969641947,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":49163,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Skype_Teams","breed":"Acceptable","category":"VoIP"},"dns": {"query":"b.config.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -1464,7 +1464,7 @@ 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":125,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431969669408,"flow_last_seen":1431969669408,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.154","src_port":13021,"dst_port":40034,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00600{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431969679451,"flow_last_seen":1431969698502,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":90,"flow_tot_l4_payload_len":271,"flow_avg_l4_payload_len":15,"midstream":0,"thread_ts_msec":1431969808951,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"65.55.223.12","src_port":50065,"dst_port":40031,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","packets-captured":3284,"packets-processed":3069,"total-skipped-flows":0,"total-l4-data-len":444195,"total-not-detected-flows":61,"total-guessed-flows":32,"total-detected-flows":200,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":293,"total-idle-flows":293,"total-events-serialized":1467,"global_ts_msec":1431969808951} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3284,"source":"skype.pcap","alias":"nDPId-test","packets-captured":3284,"packets-processed":3069,"total-skipped-flows":0,"total-l4-data-len":444195,"total-not-detected-flows":61,"total-guessed-flows":32,"total-detected-flows":200,"total-detection-updates":7,"total-updates":0,"current-active-flows":0,"total-active-flows":293,"total-idle-flows":293,"total-compressions":109,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1467,"global_ts_msec":1431969808951} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3284/3069 ~~ skipped flows.............: 0 @@ -1473,8 +1473,8 @@ ~~ total active/idle flows...: 293/293 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5436609 bytes -~~ total memory freed........: 5436609 bytes +~~ total memory allocated....: 5436633 bytes +~~ total memory freed........: 5436633 bytes ~~ total allocations/frees...: 105456/105456 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out index 6b8d40415..3b59b6180 100644 --- a/test/results/skype_no_unknown.pcap.out +++ b/test/results/skype_no_unknown.pcap.out @@ -1,5 +1,5 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_no_unknown.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype_no_unknown.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1431970631778} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype_no_unknown.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431970631778} 00549{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431970632290,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":16,"thread_ts_msec":1431970632290,"pkt":"AQBeAAAWJKQ8\/kzXCABGwAAoAABAAAECQXbAqAHb4AAAFpQEAAAiADajAAAAAQIAAADpWbwBAAAAAAAA"} 00608{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970632290,"flow_last_seen":1431970632290,"flow_idle_time":600000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":16,"flow_tot_l4_payload_len":16,"flow_avg_l4_payload_len":16,"midstream":0,"thread_ts_msec":1431970632290,"l3_proto":"ip4","src_ip":"192.168.1.219","dst_ip":"224.0.0.22","l4_proto":2,"ndpi": {"confidence": {"4":"DPI"},"proto":"IGMP","breed":"Acceptable","category":"Network"}} @@ -1290,7 +1290,7 @@ 00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970669927,"flow_last_seen":1431970669927,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":26,"flow_tot_l4_payload_len":26,"flow_avg_l4_payload_len":26,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.146","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970651850,"flow_last_seen":1431970651850,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.160","src_port":13021,"dst_port":40030,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00708{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1431970656861,"flow_last_seen":1431970656861,"flow_idle_time":180000,"flow_min_l4_payload_len":37,"flow_max_l4_payload_len":37,"flow_tot_l4_payload_len":37,"flow_avg_l4_payload_len":37,"midstream":0,"thread_ts_msec":1431970708726,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"213.199.179.156","src_port":13021,"dst_port":40031,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} -00501{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","packets-captured":2146,"packets-processed":2079,"total-skipped-flows":0,"total-l4-data-len":359672,"total-not-detected-flows":45,"total-guessed-flows":28,"total-detected-flows":195,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":267,"total-idle-flows":267,"total-events-serialized":1293,"global_ts_msec":1431970708726} +00581{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","packets-captured":2146,"packets-processed":2079,"total-skipped-flows":0,"total-l4-data-len":359672,"total-not-detected-flows":45,"total-guessed-flows":28,"total-detected-flows":195,"total-detection-updates":5,"total-updates":0,"current-active-flows":0,"total-active-flows":267,"total-idle-flows":267,"total-compressions":10,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":1293,"global_ts_msec":1431970708726} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2146/2079 ~~ skipped flows.............: 0 @@ -1299,8 +1299,8 @@ ~~ total active/idle flows...: 267/267 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5208323 bytes -~~ total memory freed........: 5208323 bytes +~~ total memory allocated....: 5208347 bytes +~~ total memory freed........: 5208347 bytes ~~ total allocations/frees...: 104146/104146 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 197 chars diff --git a/test/results/skype_udp.pcap.out b/test/results/skype_udp.pcap.out index e5661a155..99be91b86 100644 --- a/test/results/skype_udp.pcap.out +++ b/test/results/skype_udp.pcap.out @@ -1,12 +1,12 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"skype_udp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1156534494734} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1156534494734} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1156534494734,"flow_last_seen":1156534494734,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1156534494734,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1156534494734,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1156534494734,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCrtEAh3kuASsbNLlPtKfPLsSj70vZ59IfZD23vQ=="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1156534496782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1156534496782,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCqvCj5HkuAStybQoRs8uOXAH\/9ayvdzDWsfxVrg=="} 00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1156534494734,"flow_last_seen":1156534496782,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":62,"flow_avg_l4_payload_len":31,"midstream":0,"thread_ts_msec":1156534496782,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams","breed":"Acceptable"}} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1156534500825,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1156534500825,"pkt":"ABbjGScVAAR2lnvaCABFAAA7AABAAEARoZLAqAECGOC+lYyWmV4AJ5lYFpcCvuoUBXkuASuSYOIkRaPfGbxEfOnC\/51D4o9Ncw=="} 00667{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1156534494734,"flow_last_seen":1156534567244,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":129,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1156534567244,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"24.224.190.149","src_port":35990,"dst_port":39262,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams","breed":"Acceptable"}} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":129,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1156534567244} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"skype_udp.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":129,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1156534567244} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679943 bytes -~~ total memory freed........: 4679943 bytes +~~ total memory allocated....: 4679967 bytes +~~ total memory freed........: 4679967 bytes ~~ total allocations/frees...: 101148/101148 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/smb_deletefile.pcap.out b/test/results/smb_deletefile.pcap.out index 97860814c..4f3fc96f7 100644 --- a/test/results/smb_deletefile.pcap.out +++ b/test/results/smb_deletefile.pcap.out @@ -1,12 +1,12 @@ 00465{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smb_deletefile.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1584368315417} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1584368315417} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01014{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":434,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":434,"pkt_l4_len":400,"thread_ts_msec":1584368315417,"pkt":"2MuK4S0uKDc3AG3ICABFAAGkAABAAEAGtNLAqAF2wKgBu94QAb3ooAVq8kMyI1AYqgDfmAAAAAABeP5TTUJAAAEAAAAAAAUAAAEAAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAA5AAAAAgAAAAAAAAAAAAAAAAAAAAAAAACBABAAEAAAAAcAAAABAAAAAQAAAHgAHAAAAAAAAAAAAEwAdQBjAGEAXABEAG8AdwBuAGwAbwBhAGQAcwAAAAAA\/lNNQkAAAQAAAAAADgAAAQQAAACIAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAACEAJQMAAAAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/2AAJgAAAAEAaQBuAG4AbwBzAGUAdAB1AHAALQA1AC4ANgAuADEALgBlAHgAZQAAAP5TTUJAAAEAAAAAAAYAAAEEAAAAAAAAAJ4PAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAAAYAAAAAAAAAP\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/8="} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1584368315417,"flow_last_seen":1584368315417,"flow_idle_time":7440000,"flow_min_l4_payload_len":380,"flow_max_l4_payload_len":380,"flow_tot_l4_payload_len":380,"flow_avg_l4_payload_len":380,"midstream":1,"thread_ts_msec":1584368315417,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} 01134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1584368315418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":554,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":554,"pkt_l4_len":520,"thread_ts_msec":1584368315418,"pkt":"KDc3AG3I2MuK4S0uCABFAAIcOK5AAIAGO6zAqAG7wKgBdgG93hDyQzIj6KAG5lAYEAjw+QAAAAAB8P5TTUJAAAEAAAAAAAUAAAABAAAAmAAAAJwPAAAAAAAA\/\/4AABEAAAAdAAAAACgAAAAAAAAAAAAAAAAAAAAAAABZAAAAAQAAAPJad+s0itQBeC8Pcpz71QGM0O1xnPvVAYzQ7XGc+9UBACAAAAAAAAAAIAAAAAAAABEAAAAAAAAAEgQAAAoAAABlAAAACgAAAAAAAAAAAAAA\/lNNQkAAAQAAAAAADgAAAAUAAADYAAAAnQ8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAAAkASACOAAAAAAAAAAAAAAAzwlM5LZjUATN2tkyb+9UBqrZQPC2Y1AHHrtHNIlnVAYD0HQAAAAAAAAAeAAAAAAAgAAAAJgAAAAAAAAAYAEkATgBOAE8AUwBFAH4AMQAuAEUAWABFAAAAq04CAAAAAQBpAG4AbgBvAHMAZQB0AHUAcAAtADUALgA2AC4AMQAuAGUAeABlAAAA\/lNNQkAAAQAAAAAABgADAAUAAAAAAAAAng8AAAAAAAD\/\/gAAEQAAAB0AAAAAKAAAAAAAAAAAAAAAAAAAAAAAADwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1584368315418,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1584368315418,"pkt":"2MuK4S0uKDc3AG3ICABFAAAoAABAAEAGtk7AqAF2wKgBu94QAb3ooAbm8kM0F1AQqfyLpgAA"} 00703{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":101,"flow_first_seen":1584368315417,"flow_last_seen":1584368317802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":25252,"flow_avg_l4_payload_len":250,"midstream":1,"thread_ts_msec":1584368317802,"l3_proto":"ip4","src_ip":"192.168.1.118","dst_ip":"192.168.1.187","src_port":56848,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv23","breed":"Acceptable","category":"System"}} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-data-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1584368317802} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":101,"source":"smb_deletefile.pcap","alias":"nDPId-test","packets-captured":101,"packets-processed":101,"total-skipped-flows":0,"total-l4-data-len":25252,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1584368317802} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 101/101 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682727 bytes -~~ total memory freed........: 4682727 bytes +~~ total memory allocated....: 4682751 bytes +~~ total memory freed........: 4682751 bytes ~~ total allocations/frees...: 101244/101244 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/smbv1.pcap.out b/test/results/smbv1.pcap.out index fa7d9e6be..8658f4873 100644 --- a/test/results/smbv1.pcap.out +++ b/test/results/smbv1.pcap.out @@ -1,12 +1,12 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smbv1.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1492191036092} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1492191036092} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492191036092,"flow_last_seen":1492191036092,"flow_idle_time":7440000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":1,"thread_ts_msec":1492191036092,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00635{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492191036092,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":191,"pkt_l4_len":157,"thread_ts_msec":1492191036092,"pkt":"AFBW6AqxAAwpAu9qCABFAACxF9IAAIAGzm+sEJyCCoAA88bvAb3S22hjm3waG1AY+vCemgAAAAAAhf9TTUJyAAAAABhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAAGIAAlBDIE5FVFdPUksgUFJPR1JBTSAxLjAAAkxBTk1BTjEuMAACV2luZG93cyBmb3IgV29ya2dyb3VwcyAzLjFhAAJMTTEuMlgwMDIAAkxBTk1BTjIuMQACTlQgTE0gMC4xMgA="} 00608{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":171,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":171,"pkt_l4_len":137,"thread_ts_msec":1492191036120,"pkt":"AAwpAu9qAFBW6AqxCABFAACdcSEAAIAGdTQKgADzrBCcggG9xu+bfBob0tto7FAY+vCpnwAAAAAAcf9TTUJyAAAAAJhTwAAAAAAAAAAAAAAAAAAA\/\/4AAEAAEQUAAzIAAQAEEQAAAAABAAAAAAD84wEAQPSc00S10gHwAAgsAAirHC\/h7OapVwBPAFIASwBHAFIATwBVAFAAAABKAE8ASABOAC0AUABDAAAA"} 00640{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":194,"pkt_l4_len":160,"thread_ts_msec":1492191036120,"pkt":"AFBW6AqxAAwpAu9qCABFAAC0F9MAAIAGzmusEJyCCoAA88bvAb3S22jsm3wakFAY+ns\/iQAAAAAAiP9TTUJzAAAAABgHwAAAAAAAAAAAAAAAAAAA\/\/4AAEAADf8AiAAEEQoAAAAAAAAAAQAAAAAAAADUAAAASwAAAAAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAAMgAxADkANQAAAFcAaQBuAGQAbwB3AHMAIAAyADAAMAAwACAANQAuADAAAAA="} 01002{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1492191036092,"flow_last_seen":1492191036120,"flow_idle_time":7440000,"flow_min_l4_payload_len":117,"flow_max_l4_payload_len":140,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":131,"midstream":1,"thread_ts_msec":1492191036120,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 01040{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1492191036092,"flow_last_seen":1492191036191,"flow_idle_time":7440000,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":189,"flow_tot_l4_payload_len":819,"flow_avg_l4_payload_len":117,"midstream":1,"thread_ts_msec":1492191036191,"l3_proto":"ip4","src_ip":"172.16.156.130","dst_ip":"10.128.0.243","src_port":50927,"dst_port":445,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"20": {"risk":"SMB Insecure Version","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} -00467{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1492191036191} +00546{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"smbv1.pcap","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":819,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1492191036191} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682049 bytes -~~ total memory freed........: 4682049 bytes +~~ total memory allocated....: 4682073 bytes +~~ total memory freed........: 4682073 bytes ~~ total allocations/frees...: 101151/101151 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/smpp_in_general.pcap.out b/test/results/smpp_in_general.pcap.out index a08b8f45c..4dad8cfa4 100644 --- a/test/results/smpp_in_general.pcap.out +++ b/test/results/smpp_in_general.pcap.out @@ -1,12 +1,12 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smpp_in_general.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1217149853878} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1217149853878} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1217149853878,"flow_last_seen":1217149853878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1217149853878,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1217149853878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1217149853878,"pkt":"AAKlxo7UABbU5r3hCABFAAAwUN5AAIAG\/3kK4sp2CuLKNQbqIyjmvft6AAAAAHACf\/9NLQAAAgQE7AEBBAI="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1217149853879,"pkt":"ABbU5r3hAAKlxo7UCABFAAAsMy0AADwGoS8K4so1CuLKdiMoBuqoDP5A5r37e2AS8ABLDAAAAgQFtAAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1217149853879,"pkt":"AAKlxo7UABbU5r3hCABFAAAoUN9AAIAG\/4AK4sp2CuLKNQbqIyjmvft7qAz+QVAQhOTN5QAA"} 00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1217149853878,"flow_last_seen":1217149853879,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":10,"midstream":0,"thread_ts_msec":1217149853879,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} 00689{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1217149853878,"flow_last_seen":1217149884833,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":11,"midstream":0,"thread_ts_msec":1217149884833,"l3_proto":"ip4","src_ip":"10.226.202.118","dst_ip":"10.226.202.53","src_port":1770,"dst_port":9000,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMPP","breed":"Acceptable","category":"Download"}} -00480{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-data-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1217149884833} +00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":17,"source":"smpp_in_general.pcap","alias":"nDPId-test","packets-captured":17,"packets-processed":17,"total-skipped-flows":0,"total-l4-data-len":200,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1217149884833} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 17/17 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682339 bytes -~~ total memory freed........: 4682339 bytes +~~ total memory allocated....: 4682363 bytes +~~ total memory freed........: 4682363 bytes ~~ total allocations/frees...: 101161/101161 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/smtp-starttls.pcap.out b/test/results/smtp-starttls.pcap.out index 21941163a..d217248f0 100644 --- a/test/results/smtp-starttls.pcap.out +++ b/test/results/smtp-starttls.pcap.out @@ -1,12 +1,12 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smtp-starttls.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1388017124762} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1388017124762} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1388017124762,"flow_last_seen":1388017124762,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1388017124762,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1388017124762,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124762,"pkt":"AAAMB6wBABNyxPHhCABFAAA8JqtAAEAGeocKAAABrcJEGuA+ABlXuT72AAAAAKACOQgLsAAAAgQFtAQCCAraWRhdAAAAAAEDAwc="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1388017124774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1388017124774,"pkt":"ABNyxPHhANAr0XYACABFAAA8X3cAAC4Gk7utwkQaCgAAAQAZ4D6dvxfqV7k+96ASpiw5gwAAAgQFlgQCCAoS8Zx72lkYXQEDAwY="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1388017124774,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1388017124774,"pkt":"AAAMB6wBABNyxPHhCABFAAA0JqxAAEAGeo4KAAABrcJEGuA+ABlXuT73nb8X64AQAHMN3wAAAQEICtpZGGgS8Zx7"} 00675{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1388017124762,"flow_last_seen":1388017124785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":12,"midstream":0,"thread_ts_msec":1388017124785,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"},"smtp": {"user":"","password":""}} 00686{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":36,"flow_first_seen":1388017124762,"flow_last_seen":1388017125239,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":6011,"flow_avg_l4_payload_len":166,"midstream":0,"thread_ts_msec":1388017125239,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"173.194.68.26","src_port":57406,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP.Google","breed":"Acceptable","category":"Web"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-data-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1388017125239} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":36,"source":"smtp-starttls.pcap","alias":"nDPId-test","packets-captured":36,"packets-processed":36,"total-skipped-flows":0,"total-l4-data-len":6011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1388017125239} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 36/36 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680842 bytes -~~ total memory freed........: 4680842 bytes +~~ total memory allocated....: 4680866 bytes +~~ total memory freed........: 4680866 bytes ~~ total allocations/frees...: 101179/101179 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/smtp.pcap.out b/test/results/smtp.pcap.out index bc0d6fb60..95fc30c37 100644 --- a/test/results/smtp.pcap.out +++ b/test/results/smtp.pcap.out @@ -1,12 +1,12 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"smtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":934028408568} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":934028408568} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":934028408568,"flow_last_seen":934028408568,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":934028408568,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":934028408568,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408568,"pkt":"AMBPo1fbABB7OEYzCABFAAAsEDMAAD8GkhjCB\/iZrBByzwhPABnlqEITAAAAAGACAgCMgQAAAgQFtAAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":934028408569,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":934028408569,"pkt":"ABB7OEYzAMBPo1fbCABFAAAsFcQAAEAGi4esEHLPwgf4mQAZCE+jURBm5ahCFGASf+Ba2AAAAgQFtAW0"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":934028408570,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":934028408570,"pkt":"AMBPo1fbABB7OEYzCABFAAAoEDRAAD8GUhvCB\/iZrBByzwhPABnlqEIUo1EQZ1AQfXh0\/QAAAAAAAAAA"} 00666{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":934028408568,"flow_last_seen":934028408647,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":84,"flow_tot_l4_payload_len":198,"flow_avg_l4_payload_len":19,"midstream":0,"thread_ts_msec":934028408647,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"},"smtp": {"user":"","password":""}} 00675{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":95,"flow_first_seen":934028408568,"flow_last_seen":934028408801,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":17955,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":934028408801,"l3_proto":"ip4","src_ip":"194.7.248.153","dst_ip":"172.16.114.207","src_port":2127,"dst_port":25,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SMTP","breed":"Acceptable","category":"Email"}} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-data-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":934028408801} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":95,"source":"smtp.pcap","alias":"nDPId-test","packets-captured":95,"packets-processed":95,"total-skipped-flows":0,"total-l4-data-len":17955,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":934028408801} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 95/95 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4684601 bytes -~~ total memory freed........: 4684601 bytes +~~ total memory allocated....: 4684625 bytes +~~ total memory freed........: 4684625 bytes ~~ total allocations/frees...: 101239/101239 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars diff --git a/test/results/snapchat.pcap.out b/test/results/snapchat.pcap.out index 83c871a1e..d76f74e84 100644 --- a/test/results/snapchat.pcap.out +++ b/test/results/snapchat.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1431417993318} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1431417993318} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431417993318,"flow_last_seen":1431417993318,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431417993318,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1431417993318,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1431417993318,"pkt":"ABoRAAACABoRAAABCABFAAA8f1tAAEAG3k0KCAABSn2IjYHRAbtgYhiTAAAAAKAC\/\/8GegAAAgQFtAQCCAoAKmfIAAAAAAEDAwY="} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1431417993319,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1431417993319,"pkt":"ABoRAAACABoRAAABCABFAAAoAalAABAGjBRKfYiNCggAAQG7gdGfnedsYGIYlFAS\/\/9PMgAA"} @@ -21,7 +21,7 @@ 00581{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":22,"flow_first_seen":1431417993318,"flow_last_seen":1431417995589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":1671,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":33233,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008133,"flow_last_seen":1431418008853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1069,"flow_tot_l4_payload_len":3005,"flow_avg_l4_payload_len":176,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":56193,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":17,"flow_first_seen":1431418008131,"flow_last_seen":1431418008701,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":536,"flow_tot_l4_payload_len":2439,"flow_avg_l4_payload_len":143,"midstream":0,"thread_ts_msec":1431418008853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"74.125.136.141","src_port":44536,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-data-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":24,"global_ts_msec":1431418008853} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":56,"source":"snapchat.pcap","alias":"nDPId-test","packets-captured":56,"packets-processed":56,"total-skipped-flows":0,"total-l4-data-len":7115,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1431418008853} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 56/56 ~~ skipped flows.............: 0 @@ -30,8 +30,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4689328 bytes -~~ total memory freed........: 4689328 bytes +~~ total memory allocated....: 4689352 bytes +~~ total memory freed........: 4689352 bytes ~~ total allocations/frees...: 101210/101210 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars diff --git a/test/results/snapchat_call.pcapng.out b/test/results/snapchat_call.pcapng.out index 0e19ad922..4bd46d7c7 100644 --- a/test/results/snapchat_call.pcapng.out +++ b/test/results/snapchat_call.pcapng.out @@ -1,12 +1,12 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"snapchat_call.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1595865799020} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1595865799020} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02245{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595865799020,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1595865799020,"pkt":"CL6sCxdumt9Y+uvcCABFAAViAIdAAEARymzAqAypEriKjqRjAbsFTpy2w1EwNDZQw4BG53qjBuoAAAABZPU1L7U5tyJMVD1ioAEEAENITE8MAAAAUEFEAEgDAABWRVIATAMAAENDUwBcAwAAUERNRGADAABTTUhMZAMAAElDU0xoAwAATk9OUIgDAABNSURTjAMAAFNDTFOQAwAAQ1NDVJADAABDRkNXlAMAAFNGQ1eYAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tUTA0NgHogWCSkhrofu2AhqIVgpFYNTA5AQAAACgAAAAzbE4qRvvkp4rlFQIkD4jjmdOAAP5SZ2hG5WgHAg7x+2QAAAABAAAAAEAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00807{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595865799020,"flow_last_seen":1595865799020,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1595865799020,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.AmazonAWS","breed":"Acceptable","category":"Cloud"},"quic": {}} 02281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595865799037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1595865799037,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60BAACUR+rISuIqOwKgMqQG7pGMFThqhw1EwNDYFw4BG53qjBuoAAAABHHnqt4ztMz51vP6XgAFSRUoABwAAAFNUSwA5AAAAU05PAG0AAABQUk9GtAAAAFNDRkc7AQAAUlJFSj8BAABTVFRMRwEAAENSVP9OBwAAbUU2ixV5Jj1qHEQQZYOHtdotUTPKCy0omzKN6SE7STZ4\/rKMxZ9\/rrj8l9tx+PhU9mRQzeJZ+1Dabp0JaMw4Ax2lLo8wBUBdtg1GpS3urBIhqVx\/8nRPLB1cTLrUpB570Ce5EPUwnKR9lOYP4jBFAiB3SpfbIfQpyAe+ZsA1KXWbSYFVXmlAhM9hKVIcNwAFzwIhAKINNKjm9Y0DRmywB4GeockL0Y3PJJ2PTHmxvqAl6rucU0NGRwYAAABBRUFECAAAAFNDSUQYAAAAUFVCUzsAAABLRVhTPwAAAE9CSVRHAAAARVhQWU8AAABBRVNHQ0MyMAO\/Pud+GiRqUM930xoSwNMgAAAzgoMwBXTcjfX\/uLgWESbe\/GDn3+Z5Wy5eude5hIrxK0MyNTUy3iwBeDJ0hdzKD01zAQAADAAAAHLO80MAAAAAAQEA6ggAAHi7IlF+sTNiZQCWXKx6Bk0smxcAyyAmJgFO2z2LJtgwHuFZfF6JuflcqgEXGwewWDpny8LMbOCDWiSJGghD0i2PS2Z6Jqg4ACVbQzWg\/8FJRBYu7OrsjFmUAwsFIwNgXkJkLSMjUNYyNAJzDVJQbYOmUQ5hLmdg+knLL8rLTIQ5gV2YJzgxryRRwTc\/Dxh4hkIGAhCXcQbnJRZAMhNUKTMPj5YeMFhzMstS9TLzDSKBwuxgHzIxQr3KzMjO7MTA0igTPiXBhk\/onni666rTEwW2GV7P0HIt5RAIXKgqHG0lyz+LaQ37Sb9X68wmMzzfpJMbI+6\/war2EINr2z3pHSav6hc3MccaNDFHokTO4rnP5H\/esvQ\/kPdi4umpS28ZPuKaj1RHBL7\/ujNAPVOn37WS752O83bRN1k7DJRB0oIsMgZSTShub+JC8gdKYcjeQKjszISUlUkGCQZ6C3QWaLVpIMpKY72UTKR8UVycnKibmpysm24IrtEw1JvgV+8DKQhdDZyBxSOkYfA3h5ERX\/GLYp5zQLABBxtbeiMPMIEaVCPltXyDXNx5DdkMA1ekvGYJc3kiSLoY1TJYkgWmWEiCRSp3StBqrCbGWjYucEl5rZKJhYmliTEXiDMZ0xnKGNyWhr4u\/TVRwWDros7ML59rBXUcS\/b99dzRuvrTn4J\/ue4MDIyF97xNnBgYWJgZ3A1cmRQZZl+WnuB1dsnif3fPXLu66NVPttQQNgnXFyeSpjbviVMPvsSkkKnJ8SbX7sSrj30mcX6\/VAWXm72+rLYpIjtI\/4Pe2rlv1IH2Krm6skeGqoRNs1+o\/\/F7btsDZbXktQe862OPNcfkPeJngtqrDrdXwUB1507jl12PbQL\/ybLt+9VWcsd2\/4OdQYxPekSfzHnGdBnksoD\/k8V3L9Lbv0bDO\/WlV93k58q8IeJ7Shd\/k5gaMNlDhaGUIXDxhq9\/GSvnhOXuMK\/o51lSdUZa\/fT3eR1Os3j\/XelmfQq11x5sr5uBC5NC2tpbFwyfLJZe8nnhYvF5pYurJx\/i93xZwbWvt+mx29md\/5kUgrJ0vgl\/6lq870XJzFvZL9lvZZeX8D\/9s4v3bXp609M\/CshlE3Mmg0EakyHDDbOtMsq6skVXu5mVPu76eNXwNe+pKj\/OfovXBece+Cifdpz8TnOjJcPFhjtTSzUqxSSAWrZv6p0iOl+y6nXK3m9XXNa84pm1qPWQefDM"} 02255{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1595865799037,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1595865799037,"pkt":"mt9Y+uvcCL6sCxduCABFAAVi60FAACUR+rESuIqOwKgMqQG7pGMFTlWjw1EwNDYFw4BG53qjBuoAAAACYTy54mZ50XnS5MjxpAEFJgJoF8maXr+sg1zn\/py4s01uT+X8o3fm32Z\/27aBGVRqMq8xaGKaAi01uU5r7HKLe2rJUVZS8PnsMSHkxhwPsDGXSFTBCa1buYUF0POAoYKBHKRMFYfrgNSNCkH5+SWw9rKxgbGBBbT4BJamyFwql91lwAIWXmqyajeyMCgxJzGwPOJwelV+Q+XeAp2UJcLnHOYoF61k4uIzt1c029EbLPLt6sSp3p+nMfUWyh25cXr5\/Lj3C57VR00SnBac\/\/rAaft1f6Pt3VWez2LXm7Zvhf7ucIn1hUv2VljJvYi2yU4R1D5jot2zuIlREZjtZA2E4BmRw4ANSDEBW4soJSBjm4EJUkmhYaBGZEnhBCkYrUGNuQWmC4zbDHEWjLAggsQEKCIgzRMDW0iJZwas2ozYWIBMBpIKO0R1gLW2QK5OmO8FmIZd9Nmd9mHxI2npw9M32V4MRUt84P7L8a4Fzt5vSk4eXX1V3sDULG9GWLXHGtbkddWzwlXCz+T\/urc6d87xbbvenHt+qjjl9n0Wcy4Gz83289XWTuxReCHfwaf1O838hMGLS4dUlrt66L5iDPAynCJ8vzf+ltZuT5vEz5Un5qRNkpqm9aXaLGKxjqNAidTltx7bLu3uYnMtNBYwqKqaoXhXZeebOVsnsa9tPnYk60f5M9N9wvzqKZuc9ze\/LA+7zdE+xV3ka7zG+sUZPs39Cd+nNVS2ZpWpzZ3Ko8Dca\/euSiM1JW3JzeZXM0vO5vnWyrzu3XR0vZi034nPoa86LARNZAXX27Ov8M+6VCKor\/WneHv8IVFn1pxrtbeY9irN9r\/8sxwAcED2UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00838{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":50,"flow_first_seen":1595865799020,"flow_last_seen":1595865807311,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":10672,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1595865807311,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"18.184.138.142","src_port":42083,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"QUIC.SnapchatCall","breed":"Acceptable","category":"Cloud"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-data-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1595865807311} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":50,"source":"snapchat_call.pcapng","alias":"nDPId-test","packets-captured":50,"packets-processed":50,"total-skipped-flows":0,"total-l4-data-len":10672,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1595865807311} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 50/50 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681248 bytes -~~ total memory freed........: 4681248 bytes +~~ total memory allocated....: 4681272 bytes +~~ total memory freed........: 4681272 bytes ~~ total allocations/frees...: 101193/101193 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/ssdp-m-search.pcap.out b/test/results/ssdp-m-search.pcap.out index bffc8812c..fe9bd152a 100644 --- a/test/results/ssdp-m-search.pcap.out +++ b/test/results/ssdp-m-search.pcap.out @@ -1,12 +1,12 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssdp-m-search.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1532054645808} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1532054645808} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1532054645808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_msec":1532054645808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxO0tAAEARmRfAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1532054645808,"flow_last_seen":1532054645808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":21,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054645808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1532054650808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_msec":1532054650808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxSyxAAEARiTbAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1532054655808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":63,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":63,"pkt_l4_len":29,"thread_ts_msec":1532054655808,"pkt":"\/\/\/\/\/\/\/\/AAibydCMCABFAAAxW1JAAEAReRDAqPIIwKjy\/6UNfpwAHf9xTS1TRUFSQ0ggKiBIVFRQLzEuMQ0K"} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":19,"flow_first_seen":1532054645808,"flow_last_seen":1532054735808,"flow_idle_time":180000,"flow_min_l4_payload_len":21,"flow_max_l4_payload_len":21,"flow_tot_l4_payload_len":399,"flow_avg_l4_payload_len":21,"midstream":0,"thread_ts_msec":1532054735808,"l3_proto":"ip4","src_ip":"192.168.242.8","dst_ip":"192.168.242.255","src_port":42253,"dst_port":32412,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1532054735808} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":19,"source":"ssdp-m-search.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":19,"total-skipped-flows":0,"total-l4-data-len":399,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1532054735808} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 19/19 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680349 bytes -~~ total memory freed........: 4680349 bytes +~~ total memory allocated....: 4680373 bytes +~~ total memory freed........: 4680373 bytes ~~ total allocations/frees...: 101162/101162 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/ssh.pcap.out b/test/results/ssh.pcap.out index bdd32f087..7d21e323a 100644 --- a/test/results/ssh.pcap.out +++ b/test/results/ssh.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssh.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1320435464760} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1320435464760} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1320435464760,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1320435464760,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1320435464760,"pkt":"AAwppUXgAFBWwAAICABFAABAek9AAEAGi52sEO4BrBDuqOQbABY3Xn+qAAAAALAC\/\/+abgAAAgQFtAEDAwMBAQgKHJWv9QAAAAAEAgAA"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1320435464760,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1320435464760,"pkt":"AFBWwAAIAAwppUXgCABFAAA8AABAAEAGBfGsEO6orBDuAQAW5BtConY2N15\/q6ASFqC42wAAAgQFtAQCCAoAEyL4HJWv9QEDAwY="} @@ -10,7 +10,7 @@ 01074{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1320435464760,"flow_last_seen":1320435464769,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":946,"flow_avg_l4_payload_len":118,"midstream":0,"thread_ts_msec":1320435464769,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":""}} 01109{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1320435464760,"flow_last_seen":1320435464770,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":904,"flow_tot_l4_payload_len":1730,"flow_avg_l4_payload_len":173,"midstream":0,"thread_ts_msec":1320435464770,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"},"ssh": {"client_signature":"SSH-2.0-OpenSSH_5.3","server_signature":"SSH-2.0-OpenSSH_5.6","hassh_client":"21B457A327CE7A2D4FCE5EF2C42400BD","hassh_server":"B1C6C0D56317555B85C7005A3DE29325"}} 00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1320435464760,"flow_last_seen":1320435713237,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1280,"flow_tot_l4_payload_len":18498,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1320435713237,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.168","src_port":58395,"dst_port":22,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"18": {"risk":"SSH Obsolete Client Version\/Cipher","severity":"High","risk_score": {"total":500,"client":350,"server":150}},"19": {"risk":"SSH Obsolete Server Version\/Cipher","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"SSH","breed":"Acceptable","category":"RemoteAccess"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-data-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":13,"global_ts_msec":1320435713237} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":258,"source":"ssh.pcap","alias":"nDPId-test","packets-captured":258,"packets-processed":258,"total-skipped-flows":0,"total-l4-data-len":18498,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_msec":1320435713237} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 258/258 ~~ skipped flows.............: 0 @@ -19,8 +19,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4689284 bytes -~~ total memory freed........: 4689284 bytes +~~ total memory allocated....: 4689308 bytes +~~ total memory freed........: 4689308 bytes ~~ total allocations/frees...: 101405/101405 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 459 chars diff --git a/test/results/ssl-cert-name-mismatch.pcap.out b/test/results/ssl-cert-name-mismatch.pcap.out index 2a6c6efbc..7f614a245 100644 --- a/test/results/ssl-cert-name-mismatch.pcap.out +++ b/test/results/ssl-cert-name-mismatch.pcap.out @@ -1,5 +1,5 @@ 00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00480{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1620643422034} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1620643422034} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1620643422034,"flow_last_seen":1620643422034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1620643422034,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1620643422034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422034,"pkt":"BBjWBrNaACWQ1Mz5CABFAAA8gCNAAEAGNQ\/AqALeaJpZadX0AbtP8LY3AAAAAKACchCFuAAAAgQFtAQCCAoBlw8kAAAAAAEDAwc="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1620643422162,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1620643422162,"pkt":"ACWQ1Mz5BBjWBrNaCABFAAA8AABAADAGxTJomllpwKgC3gG71fRoLFRgT\/C2OKASbgBjmAAAAgQFjAQCCAqtfZhXAZcPJAEDAwc="} @@ -8,7 +8,7 @@ 00929{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":1653,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} 01207{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1620643422034,"flow_last_seen":1620643422325,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":3579,"flow_avg_l4_payload_len":357,"midstream":0,"thread_ts_msec":1620643422325,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"wrong.host.badssl.com","server_names":"*.badssl.com,badssl.com","ja3":"4e69e4e5627c5e4c2846ba3e64d23fb9","ja3s":"b898351eb5e266aefd3723d466935494","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA","subjectDN":"C=US, ST=California, L=Walnut Creek, O=Lucas Garron Torres, CN=*.badssl.com","alpn":"http\/1.1","fingerprint":"18:45:B2:16:EF:D0:83:9A:18:51:A9:57:32:5D:A3:36:21:70:49:CB"}} 00708{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1620643422034,"flow_last_seen":1620643422754,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1408,"flow_tot_l4_payload_len":4010,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1620643422754,"l3_proto":"ip4","src_ip":"192.168.2.222","dst_ip":"104.154.89.105","src_port":54772,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.GoogleCloud","breed":"Acceptable","category":"Cloud"}} -00489{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-data-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1620643422754} +00568{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":21,"source":"ssl-cert-name-mismatch.pcap","alias":"nDPId-test","packets-captured":21,"packets-processed":21,"total-skipped-flows":0,"total-l4-data-len":4010,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1620643422754} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 21/21 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4688615 bytes -~~ total memory freed........: 4688615 bytes +~~ total memory allocated....: 4688639 bytes +~~ total memory freed........: 4688639 bytes ~~ total allocations/frees...: 101172/101172 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 478 chars diff --git a/test/results/starcraft_battle.pcap.out b/test/results/starcraft_battle.pcap.out index 6c4dce1dd..0d6ca0269 100644 --- a/test/results/starcraft_battle.pcap.out +++ b/test/results/starcraft_battle.pcap.out @@ -1,5 +1,5 @@ 00467{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"starcraft_battle.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00474{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1437389953643} +00553{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1437389953643} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389953643,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":31,"flow_tot_l4_payload_len":31,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1437389953643,"l3_proto":"ip4","src_ip":"192.30.252.91","dst_ip":"192.168.1.100","src_port":443,"dst_port":3213,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1437389953643,"pkt":"IImEa8W6hCYVPnXECABFAABHZtpAAPMGok\/AHvxbwKgBZAG7DI12Mx9qhBzaXVAYAB\/+XQAAFwMDABrSe+rfqh1HHm09zJFdvf5O5AwaBTHDWE16Zg=="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1437389953643,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1437389953643,"pkt":"hCYVPnXEIImEa8W6CABFAABLZZBAAIAGFpbAqAFkwB78WwyNAbuEHNpddjMfiVAYAP4NnAAAFwMDAB4AAAAAAAAAE\/\/36Dj9UZVbiDpZWB\/\/4P+7KR1Y0OI="} @@ -312,7 +312,7 @@ 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1437389955747,"flow_last_seen":1437389955800,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":126,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58844,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1437389956550,"flow_last_seen":1437389956605,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":287,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"192.168.1.254","src_port":58851,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00694{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":9,"flow_first_seen":1437389967432,"flow_last_seen":1437389968027,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":273,"flow_tot_l4_payload_len":358,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1437389985996,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"12.129.222.54","src_port":3512,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.WorldOfWarcraft","breed":"Fun","category":"Game"}} -00494{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-data-len":316668,"total-not-detected-flows":0,"total-guessed-flows":22,"total-detected-flows":30,"total-detection-updates":12,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-events-serialized":315,"global_ts_msec":1437389985996} +00573{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":800,"source":"starcraft_battle.pcap","alias":"nDPId-test","packets-captured":800,"packets-processed":797,"total-skipped-flows":0,"total-l4-data-len":316668,"total-not-detected-flows":0,"total-guessed-flows":22,"total-detected-flows":30,"total-detection-updates":12,"total-updates":0,"current-active-flows":0,"total-active-flows":52,"total-idle-flows":52,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":315,"global_ts_msec":1437389985996} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 800/797 ~~ skipped flows.............: 0 @@ -321,8 +321,8 @@ ~~ total active/idle flows...: 52/52 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4773923 bytes -~~ total memory freed........: 4773923 bytes +~~ total memory allocated....: 4773947 bytes +~~ total memory freed........: 4773947 bytes ~~ total allocations/frees...: 102163/102163 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 199 chars diff --git a/test/results/steam.pcap.out b/test/results/steam.pcap.out index f0d746328..91079451b 100644 --- a/test/results/steam.pcap.out +++ b/test/results/steam.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1357332164693} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1357332164693} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1357332164693,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1357332164693,"pkt":"AFBW4RiuAAwp3FvtCABFAABAAABAAEARkx\/AqLyVkkKYDbJhaYoALLORVlMwMQAAAQAABgAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAA"} 00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1357332164693,"flow_last_seen":1357332164693,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1357332164693,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} @@ -261,7 +261,7 @@ 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332165237,"flow_last_seen":1357332165424,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.13","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00673{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164836,"flow_last_seen":1357332165015,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.14","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1357332164693,"flow_last_seen":1357332164892,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1357332165983,"l3_proto":"ip4","src_ip":"192.168.188.149","dst_ip":"146.66.152.12","src_port":45665,"dst_port":27019,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","packets-captured":104,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":4652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":55,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":55,"total-idle-flows":55,"total-events-serialized":264,"global_ts_msec":1357332165983} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"steam.pcap","alias":"nDPId-test","packets-captured":104,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":4652,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":55,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":55,"total-idle-flows":55,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":264,"global_ts_msec":1357332165983} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 104/104 ~~ skipped flows.............: 0 @@ -270,8 +270,8 @@ ~~ total active/idle flows...: 55/55 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4729902 bytes -~~ total memory freed........: 4729902 bytes +~~ total memory allocated....: 4729926 bytes +~~ total memory freed........: 4729926 bytes ~~ total allocations/frees...: 101409/101409 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/steam_datagram_relay_ping.pcapng.out b/test/results/steam_datagram_relay_ping.pcapng.out index bb2903b15..6d0fba828 100644 --- a/test/results/steam_datagram_relay_ping.pcapng.out +++ b/test/results/steam_datagram_relay_ping.pcapng.out @@ -1,11 +1,11 @@ 00478{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00485{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1625599888890} +00564{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1625599888890} 00609{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1625599888890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"thread_ts_msec":1625599888890,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsUAAH8RmLPAqAJkiy3BCsu9aYoFHNuQAQFzZHBpbmeh3CnjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625599888890,"flow_last_seen":1625599888890,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":1300,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599888890,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} 02194{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1625599891412,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1342,"pkt_l4_len":1308,"thread_ts_msec":1625599891412,"pkt":"eJS0JASgYDjgxTWgCABFAAUwjsYAAH8RmLLAqAJkiy3BCsu9aYoFHPISAQFzZHBpbmdkWlDjmWUAAAAAAAA\/AQAAk6QtixMMCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1625599888890,"flow_last_seen":1625599891412,"flow_idle_time":180000,"flow_min_l4_payload_len":1300,"flow_max_l4_payload_len":1300,"flow_tot_l4_payload_len":2600,"flow_avg_l4_payload_len":1300,"midstream":0,"thread_ts_msec":1625599891412,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"139.45.193.10","src_port":52157,"dst_port":27018,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Steam","breed":"Fun","category":"Game"}} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":2600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":8,"global_ts_msec":1625599891412} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"steam_datagram_relay_ping.pcapng","alias":"nDPId-test","packets-captured":2,"packets-processed":2,"total-skipped-flows":0,"total-l4-data-len":2600,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1625599891412} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2/2 ~~ skipped flows.............: 0 @@ -14,8 +14,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4679856 bytes -~~ total memory freed........: 4679856 bytes +~~ total memory allocated....: 4679880 bytes +~~ total memory freed........: 4679880 bytes ~~ total allocations/frees...: 101145/101145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 483 chars diff --git a/test/results/stun_facebook.pcapng.out b/test/results/stun_facebook.pcapng.out index ecd505803..6f51a8805 100644 --- a/test/results/stun_facebook.pcapng.out +++ b/test/results/stun_facebook.pcapng.out @@ -1,12 +1,12 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"stun_facebook.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1629291451242} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1629291451242} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1629291451242,"flow_last_seen":1629291451242,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1629291451242,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1629291451242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1629291451242,"pkt":"CL6sCxdumt9Y+uvcCABFAAA4VYJAAEARop7AqAypHw1WNpTrnEMAJO1IAAMACCESpEJBSzdRUHlQSzlldVYAGQAEEQAAAA=="} 00582{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1629291451254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":146,"pkt_l4_len":112,"thread_ts_msec":1629291451254,"pkt":"mt9Y+uvcCL6sCxduCABFAACER+pAAFURmuofDVY2wKgMqZxDlOsAcMgPARMAVCESpEJBSzdRUHlQSzlldVYACQAQAAAEAXVuYXV0aG9yaXplZAAVAChiYjAzMWQ2MWNjYzFiZTgyZTI0MDE0NDM1ZWQ1MmYyNmZiYTYyNDgzABQAD3R1cm5lci5mYWNlYm9vawA="} 00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1629291451242,"flow_last_seen":1629291451254,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":66,"midstream":0,"thread_ts_msec":1629291451254,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}} 00626{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1629291451258,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_msec":1629291451258,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="} 00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":75,"flow_first_seen":1629291451242,"flow_last_seen":1629291461336,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":7404,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1629291461336,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.FacebookVoip","breed":"Acceptable","category":"VoIP"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-data-len":7404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1629291461336} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":75,"source":"stun_facebook.pcapng","alias":"nDPId-test","packets-captured":75,"packets-processed":75,"total-skipped-flows":0,"total-l4-data-len":7404,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1629291461336} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 75/75 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4690181 bytes -~~ total memory freed........: 4690181 bytes +~~ total memory allocated....: 4690205 bytes +~~ total memory freed........: 4690205 bytes ~~ total allocations/frees...: 101220/101220 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/stun_signal.pcapng.out b/test/results/stun_signal.pcapng.out index acef33c22..df6d580cb 100644 --- a/test/results/stun_signal.pcapng.out +++ b/test/results/stun_signal.pcapng.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"stun_signal.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1636901936040} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1636901936040} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936040,"flow_last_seen":1636901936040,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901936040,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":39518,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1636901936040,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1636901936040,"pkt":"CL6sCxdumt9Y+uvcCABFAAAwdVpAAEAR0ZTAqAyprP15f5peS2YAHHHgAAEAACESpEJTQ2RLNjF0alZXNms="} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1636901936040,"flow_last_seen":1636901936040,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1636901936040,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"172.253.121.127","src_port":47204,"dst_port":19302,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -138,7 +138,7 @@ 00660{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1636901936083,"flow_last_seen":1636901987911,"flow_idle_time":120000,"flow_min_l4_payload_len":56,"flow_max_l4_payload_len":104,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"35.158.183.167","dst_ip":"192.168.12.169","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1636901936070,"flow_last_seen":1636901940923,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":616,"flow_avg_l4_payload_len":77,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.183.167","src_port":39518,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1636901998644,"flow_last_seen":1636902021381,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":148,"flow_tot_l4_payload_len":1768,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1636902021384,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"35.158.122.211","src_port":47767,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.SignalVoip","breed":"Acceptable","category":"VoIP"}} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-data-len":29600,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-events-serialized":141,"global_ts_msec":1636902021384} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":460,"source":"stun_signal.pcapng","alias":"nDPId-test","packets-captured":460,"packets-processed":460,"total-skipped-flows":0,"total-l4-data-len":29600,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":22,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":23,"total-idle-flows":23,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":141,"global_ts_msec":1636902021384} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 460/460 ~~ skipped flows.............: 0 @@ -147,8 +147,8 @@ ~~ total active/idle flows...: 23/23 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4721234 bytes -~~ total memory freed........: 4721234 bytes +~~ total memory allocated....: 4721258 bytes +~~ total memory freed........: 4721258 bytes ~~ total allocations/frees...: 101673/101673 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/synscan.pcap.out b/test/results/synscan.pcap.out index acea64d95..1fbf74bf3 100644 --- a/test/results/synscan.pcap.out +++ b/test/results/synscan.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"synscan.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1278275056274} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1278275056274} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056274,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056274,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1278275056274,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1278275056274,"pkt":"ACYLMQczACWzv5HuCABFAAAs5wgAADYGK2qsEAAIQA2GNIzSAbvdUoMYAAAAAGACDAAq1AAAAgQFtA=="} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"synscan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275056276,"flow_last_seen":1278275056276,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275056276,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36050,"dst_port":143,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -7987,7 +7987,7 @@ 00579{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":281,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275058595,"flow_last_seen":1278275058595,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5431,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00654{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"PostgreSQL","breed":"Acceptable","category":"Database"}} 00580{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","flow_id":1201,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1278275060335,"flow_last_seen":1278275060335,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1278275079360,"l3_proto":"ip4","src_ip":"172.16.0.8","dst_ip":"64.13.134.52","src_port":36051,"dst_port":5432,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":1876,"total-guessed-flows":116,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-events-serialized":7990,"global_ts_msec":1278275079360} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2011,"source":"synscan.pcap","alias":"nDPId-test","packets-captured":2011,"packets-processed":2011,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":1876,"total-guessed-flows":116,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1994,"total-idle-flows":1994,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7990,"global_ts_msec":1278275079360} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2011/2011 ~~ skipped flows.............: 0 @@ -7996,8 +7996,8 @@ ~~ total active/idle flows...: 1994/1994 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6476013 bytes -~~ total memory freed........: 6476013 bytes +~~ total memory allocated....: 6476037 bytes +~~ total memory freed........: 6476037 bytes ~~ total allocations/frees...: 109133/109133 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/syslog.pcapng.out b/test/results/syslog.pcapng.out index b6a82fedc..9ab9386cf 100644 --- a/test/results/syslog.pcapng.out +++ b/test/results/syslog.pcapng.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"syslog.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1600781689297} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1600781689297} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1600781689297,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":124,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":124,"pkt_l4_len":90,"thread_ts_msec":1600781689297,"pkt":"qrvMbk9eqrvMlgwFCABFAABuAAAAAP8RpCWsFfskrBPEC\/TXAgIAWrkePDE4OT4zMDogKlNlcCAyMiAxMzozNDo0OS4xOTU6ICVTWVMtNS1DT05GSUdfSTogQ29uZmlndXJlZCBmcm9tIGNvbnNvbGUgYnkgY29uc29sZQ=="} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600781689297,"flow_last_seen":1600781689297,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":82,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":82,"midstream":0,"thread_ts_msec":1600781689297,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} @@ -14,7 +14,7 @@ 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1600781952293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":157,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":157,"pkt_l4_len":123,"thread_ts_msec":1600781952293,"pkt":"qrvMySBnqrvMPDqhCABFAACPAAkAAP8RdvTAqEPxCsE1BvTXAgIAe0jbPDE4OT4zOTogUjE6ICpTZXAgMjIgMTM6Mzk6MTIuMjUyOiAlTElORVBST1RPLTUtVVBET1dOOiBMaW5lIHByb3RvY29sIG9uIEludGVyZmFjZSBFdGhlcm5ldDAvMiwgY2hhbmdlZCBzdGF0ZSB0byB1cA=="} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781689297,"flow_last_seen":1600781690282,"flow_idle_time":180000,"flow_min_l4_payload_len":82,"flow_max_l4_payload_len":118,"flow_tot_l4_payload_len":200,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"172.21.251.36","dst_ip":"172.19.196.11","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600781776117,"flow_last_seen":1600781777157,"flow_idle_time":180000,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":116,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":98,"midstream":0,"thread_ts_msec":1600781952293,"l3_proto":"ip4","src_ip":"192.168.72.140","dst_ip":"192.168.178.148","src_port":62679,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-events-serialized":17,"global_ts_msec":1600782411853} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1600782411853} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00843{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1600782411853,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":346,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":346,"pkt_l4_len":312,"thread_ts_msec":1600782411853,"pkt":"qrvMCetCqrvMS9ZJCABFAAFMAAAAAP8RHZjAqH5mrBOx5t9OAgIBOHsYPDE5MD44MjogUjE6IFtzeXNsb2dAOSBzX3NuPSIxIl06IDxpb3MtbG9nLW1zZz48ZmFjaWxpdHk+U1lTPC9mYWNpbGl0eT48c2V2ZXJpdHk+Njwvc2V2ZXJpdHk+PG1zZy1pZD5MT0dHSU5HSE9TVF9TVEFSVFNUT1A8L21zZy1pZD48dGltZT4qU2VwIDIyIDEzOjQ2OjUwLjgxMjwvdGltZT48YXJncz48YXJnIGlkPSIwIj4xMC4xLjIuMjwvYXJnPjxhcmcgaWQ9IjEiPiBwb3J0IDUxNDwvYXJnPjxhcmcgaWQ9IjIiPjwvYXJnPjxhcmcgaWQ9IjMiPiBzdGFydGVkIC0gQ0xJIGluaXRpYXRlZDwvYXJnPjwvYXJncz48L2lvcy1sb2ctbXNnPg=="} 00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1600782411853,"flow_last_seen":1600782411853,"flow_idle_time":180000,"flow_min_l4_payload_len":304,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":304,"flow_avg_l4_payload_len":304,"midstream":0,"thread_ts_msec":1600782411853,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} @@ -39,7 +39,7 @@ 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1600782466695,"flow_last_seen":1600782501747,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":642,"flow_avg_l4_payload_len":128,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"10.22.179.215","dst_ip":"172.26.54.76","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00685{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1600782514222,"flow_last_seen":1600782515213,"flow_idle_time":180000,"flow_min_l4_payload_len":207,"flow_max_l4_payload_len":208,"flow_tot_l4_payload_len":415,"flow_avg_l4_payload_len":207,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.45.162","dst_ip":"10.208.120.95","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1600782411853,"flow_last_seen":1600782438439,"flow_idle_time":180000,"flow_min_l4_payload_len":226,"flow_max_l4_payload_len":304,"flow_tot_l4_payload_len":989,"flow_avg_l4_payload_len":247,"midstream":0,"thread_ts_msec":1600782653380,"l3_proto":"ip4","src_ip":"192.168.126.102","dst_ip":"172.19.177.230","src_port":57166,"dst_port":514,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Syslog","breed":"Acceptable","category":"System"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":3261,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-events-serialized":42,"global_ts_msec":1600782653380} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"syslog.pcapng","alias":"nDPId-test","packets-captured":20,"packets-processed":20,"total-skipped-flows":0,"total-l4-data-len":3261,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":7,"total-idle-flows":7,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_msec":1600782653380} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 20/20 ~~ skipped flows.............: 0 @@ -48,8 +48,8 @@ ~~ total active/idle flows...: 7/7 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685610 bytes -~~ total memory freed........: 4685610 bytes +~~ total memory allocated....: 4685634 bytes +~~ total memory freed........: 4685634 bytes ~~ total allocations/frees...: 101181/101181 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/teams.pcap.out b/test/results/teams.pcap.out index 7e7c02d08..482e68bbc 100644 --- a/test/results/teams.pcap.out +++ b/test/results/teams.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teams.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1587041672419} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1587041672419} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587041672419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041672419,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} @@ -594,7 +594,7 @@ 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041694221,"flow_last_seen":1587041694234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":134,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":96,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60837,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1587041685093,"flow_last_seen":1587041685127,"flow_idle_time":180000,"flow_min_l4_payload_len":53,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":227,"flow_avg_l4_payload_len":113,"midstream":0,"thread_ts_msec":1587041698021,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":50653,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"}} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-data-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":4,"total-detected-flows":78,"total-detection-updates":50,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-events-serialized":597,"global_ts_msec":1587041698021} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2817,"source":"teams.pcap","alias":"nDPId-test","packets-captured":2817,"packets-processed":2775,"total-skipped-flows":0,"total-l4-data-len":1327851,"total-not-detected-flows":1,"total-guessed-flows":4,"total-detected-flows":78,"total-detection-updates":50,"total-updates":0,"current-active-flows":0,"total-active-flows":83,"total-idle-flows":83,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":597,"global_ts_msec":1587041698021} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2817/2775 ~~ skipped flows.............: 0 @@ -603,8 +603,8 @@ ~~ total active/idle flows...: 83/83 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 6079029 bytes -~~ total memory freed........: 6079029 bytes +~~ total memory allocated....: 6079053 bytes +~~ total memory freed........: 6079053 bytes ~~ total allocations/frees...: 104609/104609 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 184 chars diff --git a/test/results/teamspeak3.pcap.out b/test/results/teamspeak3.pcap.out index 01fd86080..846cc8a7b 100644 --- a/test/results/teamspeak3.pcap.out +++ b/test/results/teamspeak3.pcap.out @@ -1,12 +1,12 @@ 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teamspeak3.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946745680740} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946745680740} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946745680740,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946745680740,"pkt":"REREREREZmZmZmZmCABFAAA+yVhAAHgRnjQKAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2EAAAAAAAAAAA=="} 00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946745680740,"flow_last_seen":946745680740,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":946745680740,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}} 00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":946745680740,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":230,"pkt_l4_len":196,"thread_ts_msec":946745680740,"pkt":"REREREREZmZmZmZmCABFAADYyVlAAHgRnZkKAAABCgAAAs\/DJwMAxJv3eXRj6JO6fmAAAAAAIp10i0Wqe++5nv6tCBm6z0HgFqIVc9rwk+JLXtHwnSIOS9qVPnECnykaLcJG8hX08WvnftBqcJmqRqZMetkjLRcZ56Qb0yr7w3DD9zi02VU5x7l+AWx+kCtuxsALbdDKU+g3u9+7M\/R0k3h6Cj2dgqVHMwYrJL8wicW8AZK\/KfPOtEoKiRpNuYkxO9WWvZSdqdAZVZGl4X6vDNBIwrDu7kll5TuFIGNHjpSa9tdfD6M="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946745681306,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":946745681306,"pkt":"REREREREZmZmZmZmCABFAAA+yX1AAHgRng8KAAABCgAAAs\/DJwMAKptdVFMzSU5JVDEAZQAAiA3QV2YAX1kW4K3na2IAAAAAAAAAAA=="} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":946745680740,"flow_last_seen":946745717746,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":188,"flow_tot_l4_payload_len":1365,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":946745717746,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"10.0.0.2","src_port":53187,"dst_port":9987,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TeamSpeak","breed":"Acceptable","category":"VoIP"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":946745717746} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"teamspeak3.pcap","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":1365,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":946745717746} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -15,10 +15,10 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680175 bytes -~~ total memory freed........: 4680175 bytes +~~ total memory allocated....: 4680199 bytes +~~ total memory freed........: 4680199 bytes ~~ total allocations/frees...: 101156/101156 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars ~~ json string max len.......: 695 chars -~~ json string avg len.......: 575 chars +~~ json string avg len.......: 576 chars diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out index 06205b5ba..8cf8ea92c 100644 --- a/test/results/telegram.pcap.out +++ b/test/results/telegram.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"telegram.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1588779596451} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1588779596451} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00821{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588779596451,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1588779596451,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzGJVAAEARYHzAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGANsCwWgAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00718{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779596451,"flow_last_seen":1588779596451,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779596451,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} @@ -276,7 +276,7 @@ 00642{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"finished","flow_packets_processed":301,"flow_first_seen":1588779617174,"flow_last_seen":1588779629315,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":272,"flow_tot_l4_payload_len":59552,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779634762,"flow_last_seen":1588779634795,"flow_idle_time":180000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":2728,"flow_avg_l4_payload_len":909,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"216.58.205.68","src_port":61974,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Web"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_packets_processed":120,"flow_first_seen":1588779596708,"flow_last_seen":1588779655298,"flow_idle_time":180000,"flow_min_l4_payload_len":100,"flow_max_l4_payload_len":427,"flow_tot_l4_payload_len":19803,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4ba:91a:7817:e318","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"MDNS","breed":"Acceptable","category":"Network"}} -00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","packets-captured":1566,"packets-processed":1566,"total-skipped-flows":0,"total-l4-data-len":268533,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-events-serialized":279,"global_ts_msec":1588779655298} +00567{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","packets-captured":1566,"packets-processed":1566,"total-skipped-flows":0,"total-l4-data-len":268533,"total-not-detected-flows":2,"total-guessed-flows":0,"total-detected-flows":46,"total-detection-updates":13,"total-updates":0,"current-active-flows":0,"total-active-flows":48,"total-idle-flows":48,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":279,"global_ts_msec":1588779655298} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1566/1566 ~~ skipped flows.............: 0 @@ -285,8 +285,8 @@ ~~ total active/idle flows...: 48/48 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4766292 bytes -~~ total memory freed........: 4766292 bytes +~~ total memory allocated....: 4766316 bytes +~~ total memory freed........: 4766316 bytes ~~ total allocations/frees...: 102852/102852 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/teredo.pcap.out b/test/results/teredo.pcap.out index ac8a2034c..715581775 100644 --- a/test/results/teredo.pcap.out +++ b/test/results/teredo.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"teredo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1438853615305} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1438853615305} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1438853615305,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":103,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":103,"pkt_l4_len":69,"thread_ts_msec":1438853615305,"pkt":"bEFqjICJABsXAAEVCABFAABZWboAAH4R6SsKcBBqwogcTM0hDdgARX2HAAEAALEbP+pGqa\/pAGAAAAAACDr\/\/oAAAAAAAAAAAP\/\/\/\/\/\/\/v8CAAAAAAAAAAAAAAAAAAKFAH04AAAAAA=="} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1438853615305,"flow_last_seen":1438853615305,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":61,"flow_tot_l4_payload_len":61,"flow_avg_l4_payload_len":61,"midstream":0,"thread_ts_msec":1438853615305,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} @@ -27,7 +27,7 @@ 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853619792,"flow_last_seen":1438853619844,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.89","dst_ip":"194.136.28.76","src_port":60381,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1438853615305,"flow_last_seen":1438853653403,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":340,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.106","dst_ip":"194.136.28.76","src_port":52513,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} 00681{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1438853629357,"flow_last_seen":1438853629411,"flow_idle_time":180000,"flow_min_l4_payload_len":61,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":85,"midstream":0,"thread_ts_msec":1438853653403,"l3_proto":"ip4","src_ip":"10.112.16.92","dst_ip":"194.136.28.76","src_port":63448,"dst_port":3544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Teredo","breed":"Acceptable","category":"Network"}} -00473{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":30,"global_ts_msec":1438853653403} +00552{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24,"source":"teredo.pcap","alias":"nDPId-test","packets-captured":24,"packets-processed":24,"total-skipped-flows":0,"total-l4-data-len":1566,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_msec":1438853653403} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24/24 ~~ skipped flows.............: 0 @@ -36,8 +36,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4683982 bytes -~~ total memory freed........: 4683982 bytes +~~ total memory allocated....: 4684006 bytes +~~ total memory freed........: 4684006 bytes ~~ total allocations/frees...: 101179/101179 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out index a6de19a0e..9d0fb1517 100644 --- a/test/results/tftp.pcap.out +++ b/test/results/tftp.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1367411051972} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1367411051972} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1367411051972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1367411051972,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="} 00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} @@ -8,7 +8,7 @@ 00452{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1367411052081,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"thread_ts_msec":1367411052081,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"} 01120{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1367411052086,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"thread_ts_msec":1367411052086,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"thread_ts_msec":1367411052088,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":99,"total-skipped-flows":0,"total-l4-data-len":25011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-events-serialized":11,"global_ts_msec":1626968644630} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":100,"packets-processed":99,"total-skipped-flows":0,"total-l4-data-len":25011,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1626968644630} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626968644630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1626968644630,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"} 00638{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} @@ -21,7 +21,7 @@ 00826{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} 00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} 00677{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}} -00475{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":104,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":26069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":24,"global_ts_msec":1626968644632} +00554{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","packets-captured":104,"packets-processed":104,"total-skipped-flows":0,"total-l4-data-len":26069,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1626968644632} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 104/104 ~~ skipped flows.............: 0 @@ -30,8 +30,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685430 bytes -~~ total memory freed........: 4685430 bytes +~~ total memory allocated....: 4685454 bytes +~~ total memory freed........: 4685454 bytes ~~ total allocations/frees...: 101256/101256 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 444 chars diff --git a/test/results/tinc.pcap.out b/test/results/tinc.pcap.out index 978590fb3..1ebd9a609 100644 --- a/test/results/tinc.pcap.out +++ b/test/results/tinc.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tinc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1495983427717} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1495983427717} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983427717,"flow_last_seen":1495983427717,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1495983427717,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1495983427717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1495983427717,"pkt":"ABcILL3nACbGCvpSCABFEAA8vEtAAEAGvw6DcqgbuVPacOds2We5l\/9AAAAAAKACchD0JwAAAgQFtAQCCAp3tTETAAAAAAEDAwc="} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tinc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1495983427744,"flow_last_seen":1495983427744,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1495983427744,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":49290,"dst_port":55656,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -24,7 +24,7 @@ 00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":130,"flow_first_seen":1495983428000,"flow_last_seen":1495983470973,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164056,"flow_avg_l4_payload_len":1261,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":55655,"dst_port":55655,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00834{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":134,"flow_first_seen":1495983428043,"flow_last_seen":1495983463866,"flow_idle_time":180000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":1468,"flow_tot_l4_payload_len":164136,"flow_avg_l4_payload_len":1224,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"185.83.218.112","dst_ip":"131.114.168.27","src_port":55656,"dst_port":55656,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"3":"DPI (cache)"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} 00821{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1495983427717,"flow_last_seen":1495983475073,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1039,"flow_tot_l4_payload_len":4647,"flow_avg_l4_payload_len":178,"midstream":0,"thread_ts_msec":1495983475109,"l3_proto":"ip4","src_ip":"131.114.168.27","dst_ip":"185.83.218.112","src_port":59244,"dst_port":55655,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TINC","breed":"Acceptable","category":"VPN"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-data-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-events-serialized":27,"global_ts_msec":1495983475109} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":317,"source":"tinc.pcap","alias":"nDPId-test","packets-captured":317,"packets-processed":317,"total-skipped-flows":0,"total-l4-data-len":338229,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":27,"global_ts_msec":1495983475109} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 317/317 ~~ skipped flows.............: 0 @@ -33,8 +33,8 @@ ~~ total active/idle flows...: 4/4 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4700120 bytes -~~ total memory freed........: 4700120 bytes +~~ total memory allocated....: 4700144 bytes +~~ total memory freed........: 4700144 bytes ~~ total allocations/frees...: 101481/101481 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 451 chars diff --git a/test/results/tk.pcap.out b/test/results/tk.pcap.out index 26393131b..0b33e69ba 100644 --- a/test/results/tk.pcap.out +++ b/test/results/tk.pcap.out @@ -1,5 +1,5 @@ 00453{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tk.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00460{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1613939315029} +00539{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1613939315029} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1613939315029,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1613939315029,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6W4cAAEARmyjAqAGywKgBAcryADUAJu9GCIYBAAABAAAAAAAABXdob2lzA2RvdAJ0awAAAQAB"} 00757{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1613939315029,"flow_last_seen":1613939315029,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1613939315029,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"whois.dot.tk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -18,7 +18,7 @@ 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315127,"flow_last_seen":1613939315183,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":55591,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00669{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315184,"flow_last_seen":1613939315239,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":119,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":53820,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00668{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1613939315029,"flow_last_seen":1613939315127,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1613939315239,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"192.168.1.1","src_port":51954,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} -00465{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":21,"global_ts_msec":1613939315239} +00544{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tk.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":314,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1613939315239} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -27,8 +27,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681716 bytes -~~ total memory freed........: 4681716 bytes +~~ total memory allocated....: 4681740 bytes +~~ total memory freed........: 4681740 bytes ~~ total allocations/frees...: 101155/101155 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 458 chars diff --git a/test/results/tls-esni-fuzzed.pcap.out b/test/results/tls-esni-fuzzed.pcap.out index 64b961ace..081e0d959 100644 --- a/test/results/tls-esni-fuzzed.pcap.out +++ b/test/results/tls-esni-fuzzed.pcap.out @@ -1,5 +1,5 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1590680386576} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1590680386576} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01424{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":770,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":770,"pkt_l4_len":736,"thread_ts_msec":1590680386576,"pkt":"EBMx8Tl2KDc3AG3ICABFAAL0AABAAEAGjOfAqAEMaBuBTcLeAbt3Q5LX\/48DFVAYIACwHgAAFgMBAscBAALDAwOTwM86TEdZaYZx77QiKeLaOUyI6FPS+J3L+0S3MA31OCDtrXy2AkmiC5EC8aXH8NKs5TG5ofTGvlsmIWUcTFlOhgAkEwETAxMCwCvAL8ypzKjALMAwwArACcATwBQAMwA5AC8ANQAKAQACVgAXAAD\/AQABAAAKAA4ADAAdABcAGAAZAQABAQALAAIBAAAjAAAAEAAOAAwCaDIIaHR0cC8xLjEABQAFAQAAAAAAMwBrAGkAHQAg9C+VXLX0pUAYcvwRMlm2BfjMFL+A2Ha+teHeYm8XszAAFwBBBKhP+5j\/iIqKULsVEv1xkLdgIoxwczB5EVKfTq\/0aLaIOqqUx255GoGIKzaHGdYeWvgG2FTscntynOjMKiH+1xMAKwAJCAMEAwMDAgMBAA0AGAAWBAMFAwYDCAQIBQgGBAEFAQYBAgMCAQAtAAIBAf\/OAW4TAQAdACAoJey8d6KdccaSJO2lCYt20kw0EEYFyldVNE\/b+wVlLQAgHyQSymUyoBaYNvGbjOJlOzPcW4r7yiRdTxErCb+vUsgBJJYkyzxOIwgn94z1v2QNIt6jP8xZjqajLZOZBVhvvpl7nmhmH4lW1IkwcuGd4kzR+4ip9x\/EzAG6tckU\/flqZH1nG16JhZuu6rEiIYaISW303wwyjD1flAsQnOsqJ0PVy+NZQoiiKbjH4viDA+P+GiaonlAB8r2TaJD+948G4F7MBjpovbjBjfrBFM8f7NuL4fwv7ssjFdJ5mNaCsSn9Hj6115hdy9xFKhCCzMA44L9pVw\/vrGvG+5UfibZ5LK2nZAPALOtdzhzm7d0W1ff7a4XSuSSFRI3gCI5CHoPx4osmf747Wa4ElvuEUhPCcdTFrF6efl9qMHJEUwf8zrcwZxBFmZHEDMTcH8MlFUx5dN14A3E5eAVFahmuI+6IR1wd8HaXtmYAHAACQAE="} 00902{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680386576,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"957015a0b1e2500d8777219893a09495","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} @@ -12,7 +12,7 @@ 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680386576,"flow_last_seen":1590680386576,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.27.129.77","src_port":49886,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680391590,"flow_last_seen":1590680391590,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.22.71.197","src_port":49897,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1590680387847,"flow_last_seen":1590680387847,"flow_idle_time":7440000,"flow_min_l4_payload_len":716,"flow_max_l4_payload_len":716,"flow_tot_l4_payload_len":716,"flow_avg_l4_payload_len":716,"midstream":1,"thread_ts_msec":1590680391590,"l3_proto":"ip4","src_ip":"192.168.1.12","dst_ip":"104.16.125.175","src_port":49887,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00479{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":15,"global_ts_msec":1590680391590} +00558{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3,"source":"tls-esni-fuzzed.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":3,"total-skipped-flows":0,"total-l4-data-len":2148,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1590680391590} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3/3 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4689069 bytes -~~ total memory freed........: 4689069 bytes +~~ total memory allocated....: 4689093 bytes +~~ total memory freed........: 4689093 bytes ~~ total allocations/frees...: 101163/101163 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/tls-rdn-extract.pcap.out b/test/results/tls-rdn-extract.pcap.out index c61061874..97a55d806 100644 --- a/test/results/tls-rdn-extract.pcap.out +++ b/test/results/tls-rdn-extract.pcap.out @@ -1,5 +1,5 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":946681200000} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":946681200000} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00631{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":181,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":181,"pkt_l4_len":147,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAACnLudAAIAGnZoKAAAB1ceV+3ppAbtkZ4Ye79i2a1AYQCmgXgAAFgMBAHoBAAB2AwEAAAAAM7RDB2u\/HXE+9PsbFMYgy+4A2s6CH4THeQytZwAAGAAvADUABQAKwBPAFMAJwAoAMgA4ABMABAEAADX\/AQABAAAAABMAEQAADmFkczEubXNhZHMubmV0AAUABQEAAAAAAAoABgAEABcAGAALAAIBAA=="} 00951{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":127,"flow_avg_l4_payload_len":127,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} @@ -8,7 +8,7 @@ 02411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":946681200000,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":946681200000,"pkt":"ERERERERIiIiIiIiCABFAAXc5PNAADUGLVnVx5X7CgAAAQG7emnv2LwfZGeGnVAQGJjDXgAAbTEUMBIGA1UEAwwLKi5zLW1zbi5jb20xFzAVBgNVBAMMDioubGl2ZS1pbnQubmV0MR8wHQYDVQQDDBYqLndpbmRvd3NwaG9uZS1pbnQuY29tMRswGQYDVQQDDBIqLndpbmRvd3NwaG9uZS5jb20xKjAoBgNVBAMMISoucGFydG5lci1wYy53aW5kb3dzcGhvbmUtaW50LmNvbTEfMB0GA1UEAwwWKi5tYW5hZ2UubWljcm9zb2Z0LmNvbTEYMBYGA1UEAwwPKi52by5tc2VjbmQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuX3PkoiInBfw68+6JNH406C4alrEnikcq1FZEZJZj8A0h7uDLWO01R+9CYljtZsYv4E+pfWvi8Z31QoN\/mqJYHgutax6\/UWMDIxFsXaIn1iXAoBA481Pyqa8XbzdmibAvotkEOm0ksJYJlu7VrGuQP+fyz69HW2nTnewmEyTsEy9pTZjqsxFdtBcWm2sS5KQA3Hoj6NzWl54VkXacUcpgQraZZFiSKVJpxhZpAqND3x7NCgSdQvwN2uTFwRCsRagxmCSSaZkQSbYCDh7lvCo6r5wBODibkMqCxrJ4nyg5Uw+J74SsSHhtBMkb6YMlWe5gPOyYSZfIVCby4onZWx45wIDAQABo4IGXzCCBlswDAYDVR0TAQH\/BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMIIDowYDVR0RBIIDmjCCA5aCDyoudm8ubXNlY25kLm5ldIIVKi5vZmZpY2VhcHBzLmxpdmUuY29tggsqLm1zYWRzLm5ldIIQKi5hZHMyLm1zYWRzLm5ldIIPKi5zdGMucy1tc24uY29tgiRjZG4uZGMyZmlsZXMuKi5saXZlZmlsZXN0b3JlLWludC5jb22CF2Nkbi4qLmxpdmVmaWxlc3RvcmUuY29tgh8qLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUuY29tgiMqLm1hcmtldHBsYWNlLndpbmRvd3Ntb2JpbGUtaW50LmNvbYIkKi5tYXJrZXRwbGFjZS53aW5kb3dzbW9iaWxlLXBlcmYuY29tgg8qLnN0ai5zLW1zbi5jb22CEmFqYXgubWljcm9zb2Z0LmNvbYIbKi5taWNyb3NvZnQtc2JzLWRvbWFpbnMuY29tggoqLmxpdmUubmV0ggkqLm1zbi5jb22CDSoubXNuLWludC5jb22CGiouZjFkcy5zaGFyZWQubGl2ZS1pbnQuY29tghQqLmYxZHMud2x4cnMtaW50LmNvbYIVKi5zaGFyZWQubGl2ZS1pbnQuY29tghEqLnNoYXJlZC5saXZlLmNvbYIPKi5taWNyb3NvZnQuY29tggoqLmxpdmUuY29tgg4qLmxpdmUtaW50LmNvbYILKi53bHhycy5jb22CDyoud2x4cnMtaW50LmNvbYIOKi5zdC5zLW1zbi5jb22CDyouc3RiLnMtbXNuLmNvbYIgaW1hZ2VzLm1veHkud2luZG93c3Bob25lLWludC5jb22CECoud2x4cnN1LWludC5jb22CI2ltYWdlcy5wYXJ0bmVyLndpbmRvd3NwaG9uZS1pbnQuY29tgh9pbWFnZXMucGFydG5lci53aW5kb3dzcGhvbmUuY29tggwqLmpwLm1zbi5jb22CEiouYzNzY3MuanAubXNuLmNvbYIPKi5hc3BuZXRjZG4uY29tgg0qLmhvdG1haWwuY29tgiEqLnBhcnRuZXItZGYud2luZG93c3Bob25lLWludC5jb22CCyoucy1tc24uY29tgg4qLmxpdmUtaW50Lm5ldIIWKi53aW5kb3dzcGhvbmUtaW50LmNvbYISKi53aW5kb3dzcGhvbmUuY29tgiEqLnBhcnRuZXI="} 03337{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"ads1.msads.net","server_names":"*.vo.msecnd.net,*.officeapps.live.com,*.msads.net,*.ads2.msads.net,*.stc.s-msn.com,cdn.dc2files.*.livefilestore-int.com,cdn.*.livefilestore.com,*.marketplace.windowsmobile.com,*.marketplace.windowsmobile-int.com,*.marketplace.windowsmobile-perf.com,*.stj.s-msn.com,ajax.microsoft.com,*.microsoft-sbs-domains.com,*.live.net,*.msn.com,*.msn-int.com,*.f1ds.shared.live-int.com,*.f1ds.wlxrs-int.com,*.shared.live-int.com,*.shared.live.com,*.microsoft.com,*.live.com,*.live-int.com,*.wlxrs.com,*.wlxrs-int.com,*.st.s-msn.com,*.stb.s-msn.com,images.moxy.windowsphone-int.com,*.wlxrsu-int.com,images.partner.windowsphone-int.com,images.partner.windowsphone.com,*.jp.msn.com,*.c3scs.jp.msn.com,*.aspnetcdn.com,*.hotmail.com,*.partner-df.windowsphone-int.com,*.s-msn.com,*.live-int.net,*.windowsphone-int.com,*.windowsphone.com,*.partner-pc.windowsphone-int.com,*.manage.microsoft.com","ja3":"2201d8e006f8f005a6b415f61e677532","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=Microsoft Secure Server Authority","subjectDN":"C=US, L=Redmond, O=Microsoft, OU=GFS, CN=*.officeapps.live.com, CN=*.msads.net, CN=*.ads2.msads.net, CN=*.stc.s-msn.com, CN=cdn.dc2files.*.livefilestore-int.com, CN=cdn.*.livefilestore.com, CN=*.marketplace.windowsmobile.com, CN=*.marketplace.windowsmobile-int.com, CN=*.marketplace.windowsmobile-perf.com, CN=*.stj.s-msn.com, CN=ajax.microsoft.com, CN=*.microsoft-sbs-domains.com, CN=*.live.net, CN=*.msn.com, CN=*.msn-int.com, CN=*.f1ds.shared.live-int.com, CN=*.f1ds.wlxrs-int.com, CN=*.shared.live-int.com, CN=*.shared.live.com, CN=*.microsoft.com, CN=*.live.com, CN=*.live-int.com, CN=*.wlxrs.com, CN=*.wlxrs-int.com, CN=*.st.s-msn.com, CN=*.stb.s-msn.com, CN=images.moxy.windowsphone-int.com, CN=*.wlxrsu-int.com, CN=images.partner.windowsphone-int.com, CN=images.partner.windowsphone.com, CN=*.jp.msn.com, CN=*.c3scs.jp.msn.com, CN=*.aspnetcdn.com, CN=*.hotmail.com, CN=*.partner-df.windowsphone-int.com, CN=*.s-msn.com, CN=*.live-int.net, CN=*.windowsphone-int.com, CN=*.windowsphone.com, CN=*.partner-pc.windowsphone-int.com, CN=*.manage.microsoft.com, CN=*.vo.msecnd.net","fingerprint":"FF:BF:9A:69:8F:C8:44:FF:89:F2:61:49:A7:D1:9A:98:DE:32:84:3B"}} 01038{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":946681200000,"flow_last_seen":946681200000,"flow_idle_time":7440000,"flow_min_l4_payload_len":127,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6881,"flow_avg_l4_payload_len":1146,"midstream":1,"thread_ts_msec":946681200000,"l3_proto":"ip4","src_ip":"10.0.0.1","dst_ip":"213.199.149.251","src_port":31337,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"9": {"risk":"TLS Expired Certificate","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Web"}} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":946681200000} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"tls-rdn-extract.pcap","alias":"nDPId-test","packets-captured":6,"packets-processed":6,"total-skipped-flows":0,"total-l4-data-len":6881,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":946681200000} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 6/6 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4721639 bytes -~~ total memory freed........: 4721639 bytes +~~ total memory allocated....: 4721663 bytes +~~ total memory freed........: 4721663 bytes ~~ total allocations/frees...: 101198/101198 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/tls_alert.pcap.out b/test/results/tls_alert.pcap.out index 5bcb8bda4..14ce755ad 100644 --- a/test/results/tls_alert.pcap.out +++ b/test/results/tls_alert.pcap.out @@ -1,12 +1,12 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_alert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1628259176203} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1628259176203} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1628259176203,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1628259176203,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAABAAABAAEAGtpPAqAHAwKgBFPa2AbvtIEkOAAAAALAC\/\/9MagAAAgQFtAEDAwUBAQgKE9Ij+wAAAAAEAgAA"} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1628259176203,"pkt":"oM7IELEuAICPmq69CABFAAA8AABAAEAGtpfAqAEUwKgBwAG79rbEoc1F7SBJD6AScSBz9QAAAgQFtAQCCAoAseWtE9Ij+wEDAwc="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1628259176203,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1628259176203,"pkt":"AICPmq69oM7IELEuCABFAAA0AABAAEAGtp\/AqAHAwKgBFPa2AbvtIEkPxKHNRoAQEBUDzQAAAQEIChPSI\/sAseWt"} 01038{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1628259176203,"flow_last_seen":1628259176204,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1628259176204,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Advertisement"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google-analytics.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00584{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1628259176203,"flow_last_seen":1628259176206,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1628259176206,"l3_proto":"ip4","src_ip":"192.168.1.192","dst_ip":"192.168.1.20","src_port":63158,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-data-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1628259176206} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"tls_alert.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":11,"total-skipped-flows":0,"total-l4-data-len":206,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1628259176206} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11/11 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682211 bytes -~~ total memory freed........: 4682211 bytes +~~ total memory allocated....: 4682235 bytes +~~ total memory freed........: 4682235 bytes ~~ total allocations/frees...: 101156/101156 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/tls_certificate_too_long.pcap.out b/test/results/tls_certificate_too_long.pcap.out index ef4eae238..9d07bf44a 100644 --- a/test/results/tls_certificate_too_long.pcap.out +++ b/test/results/tls_certificate_too_long.pcap.out @@ -1,5 +1,5 @@ 00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1626168074745} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1626168074745} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074745,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1626168074745,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"52.149.21.60","src_port":52746,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1626168074745,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1626168074745,"pkt":"WNVuaKQA8BiYFWV8CABFAAAoYkwAAEAGDJLAqAF5NJUVPM4KAbsrlJN\/t5VLK1AQEAACSAAA"} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626168074926,"flow_last_seen":1626168074926,"flow_idle_time":7440000,"flow_min_l4_payload_len":394,"flow_max_l4_payload_len":394,"flow_tot_l4_payload_len":394,"flow_avg_l4_payload_len":394,"midstream":1,"thread_ts_msec":1626168074926,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -215,7 +215,7 @@ 00622{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00607{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1626168074926,"flow_last_seen":1626168076790,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4712,"flow_avg_l4_payload_len":362,"midstream":1,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"192.168.1.139","src_port":52721,"dst_port":55367,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1626168077735,"flow_last_seen":1626168077749,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":189,"flow_avg_l4_payload_len":94,"midstream":0,"thread_ts_msec":1626168081946,"l3_proto":"ip4","src_ip":"192.168.1.121","dst_ip":"8.8.8.8","src_port":65213,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Apple","breed":"Safe","category":"Web"}} -00500{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-data-len":95708,"total-not-detected-flows":1,"total-guessed-flows":5,"total-detected-flows":31,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-events-serialized":218,"global_ts_msec":1626168081946} +00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":315,"source":"tls_certificate_too_long.pcap","alias":"nDPId-test","packets-captured":315,"packets-processed":315,"total-skipped-flows":0,"total-l4-data-len":95708,"total-not-detected-flows":1,"total-guessed-flows":5,"total-detected-flows":31,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":35,"total-idle-flows":35,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":218,"global_ts_msec":1626168081946} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 315/315 ~~ skipped flows.............: 0 @@ -224,8 +224,8 @@ ~~ total active/idle flows...: 35/35 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4830465 bytes -~~ total memory freed........: 4830465 bytes +~~ total memory allocated....: 4830489 bytes +~~ total memory freed........: 4830489 bytes ~~ total allocations/frees...: 101675/101675 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/tls_cipher_lens.pcap.out b/test/results/tls_cipher_lens.pcap.out index 589f60653..38bb1f0b3 100644 --- a/test/results/tls_cipher_lens.pcap.out +++ b/test/results/tls_cipher_lens.pcap.out @@ -1,5 +1,5 @@ 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00473{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1391444859282} +00552{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1391444859282} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00703{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":233,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":233,"pkt_l4_len":199,"thread_ts_msec":1391444859282,"pkt":"AAxBruSU1L7ZA8KHCABFAADbL\/VAAIAGLPPAqAsLrcIjv8mDAbt4uQ2cyozKYVAYQTfWXgAAFgMBAK4BAACqAwFS78N7ztpSIkL8KKK08T09+y4UedH3BkkDySiPn3PRIwAASAD\/wArAFACIAIcAOQA4wA\/ABQCEADXACcAHwBPAEQBFAEQAMwAywA7ADMAEwAIAlgBBAC8ABQAEwAjAEgAWABPADcAD\/v8ACgEAADkAAAASABAAAA13d3cuZ29vZ2xlLml0AAoACAAGABcAGAAZAAsAAgEAACMAADN0AAAABQAFAQAAAAA="} 00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51587,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.google.it","ja3":"755cdaa3496eb8728247a639dee17aad","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} @@ -20,7 +20,7 @@ 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51589,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51590,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1391444859282,"flow_last_seen":1391444859282,"flow_idle_time":7440000,"flow_min_l4_payload_len":179,"flow_max_l4_payload_len":179,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":179,"midstream":1,"thread_ts_msec":1391444859282,"l3_proto":"ip4","src_ip":"192.168.11.11","dst_ip":"173.194.35.191","src_port":51591,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00478{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":23,"global_ts_msec":1391444859282} +00557{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"tls_cipher_lens.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":895,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1391444859282} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -29,8 +29,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4693671 bytes -~~ total memory freed........: 4693671 bytes +~~ total memory allocated....: 4693695 bytes +~~ total memory freed........: 4693695 bytes ~~ total allocations/frees...: 101165/101165 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 471 chars diff --git a/test/results/tls_esni_sni_both.pcap.out b/test/results/tls_esni_sni_both.pcap.out index 25f50cc26..4ddf2a910 100644 --- a/test/results/tls_esni_sni_both.pcap.out +++ b/test/results/tls_esni_sni_both.pcap.out @@ -1,5 +1,5 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1595697574192} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1595697574192} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1595697574192,"flow_last_seen":1595697574192,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1595697574192,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1595697574192,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1595697574192,"pkt":"LLBdqyO5+P\/CRWqLCABFAABAAABAAEAGYZTAqAEVaBGvVdjMAbsVnUj1AAAAALAC\/\/+ITAAAAgQFtAEDAwYBAQgKRX5W8wAAAAAEAgAA"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1595697574222,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1595697574222,"pkt":"+P\/CRWqLLLBdqyO5CABFAAA0AABAADkGaKBoEa9VwKgBFQG72MxjNlEZFZ1I9oAS\/\/+oqwAAAgQFeAEBBAIBAwMK"} @@ -14,7 +14,7 @@ 01210{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1595697597731,"flow_last_seen":1595697597802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":2099,"flow_avg_l4_payload_len":349,"midstream":0,"thread_ts_msec":1595697597802,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.3","client_requested_server_name":"you-think-thats-normal-tls-traffic-youre-seeing.com","ja3":"077d20c3f8c5a1f091dc937c515b69c1","ja3s":"d75f9129bb5d05492a65ff78e081bcb2","unsafe_cipher":0,"cipher":"TLS_CHACHA20_POLY1305_SHA256","tls_supported_versions":"TLSv1.3"}} 00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1595697574192,"flow_last_seen":1595697574326,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":7615,"flow_avg_l4_payload_len":380,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55500,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} 00951{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1595697597731,"flow_last_seen":1595697597855,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":6160,"flow_avg_l4_payload_len":342,"midstream":0,"thread_ts_msec":1595697597855,"l3_proto":"ip4","src_ip":"192.168.1.21","dst_ip":"104.17.175.85","src_port":55514,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"21": {"risk":"TLS Suspicious ESNI Usage","severity":"Medium","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"TLS.Cloudflare","breed":"Acceptable","category":"Web"}} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":17,"global_ts_msec":1595697597855} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"tls_esni_sni_both.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":38,"total-skipped-flows":0,"total-l4-data-len":13775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":17,"global_ts_msec":1595697597855} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 38/38 ~~ skipped flows.............: 0 @@ -23,8 +23,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4687054 bytes -~~ total memory freed........: 4687054 bytes +~~ total memory allocated....: 4687078 bytes +~~ total memory freed........: 4687078 bytes ~~ total allocations/frees...: 101190/101190 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/tls_invalid_reads.pcap.out b/test/results/tls_invalid_reads.pcap.out index 8aa4d1bc3..d66d5b8e1 100644 --- a/test/results/tls_invalid_reads.pcap.out +++ b/test/results/tls_invalid_reads.pcap.out @@ -1,5 +1,5 @@ 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1252380859868} +00554{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1252380859868} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1252380859868,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1252380859868,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00211{"error_event_id":9,"error_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1252380859884} @@ -8,12 +8,12 @@ 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1252380859885,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"} 00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00952{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1252380859868,"flow_last_seen":1252380859904,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":953,"flow_avg_l4_payload_len":190,"midstream":0,"thread_ts_msec":1252380859904,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"53611273a714cb4789c8222932efd5a7","unsafe_cipher":2,"cipher":"TLS_RSA_WITH_RC4_128_MD5"}} -00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":11,"global_ts_msec":1421985541772} +00558{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1431,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1421985541772} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":64,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":64,"pkt_l4_len":30,"thread_ts_msec":1421985541772,"pkt":"AAOf2SAhEFbKCIWJCABFAAAyM2VAAH8GFrhKUKBjQ9lNHAy6AbvQcb+g7Sa+J1AY\/QKZOwAlAAMBAAUBAAABAQ=="} 00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":16,"global_ts_msec":1544035479538} +00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1544035479538} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479538} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="} 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479721} @@ -21,7 +21,7 @@ 00195{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479768} 00723{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":24,"global_ts_msec":1544035479768} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1544035479768} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 12/8 ~~ skipped flows.............: 0 @@ -30,8 +30,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4685702 bytes -~~ total memory freed........: 4685702 bytes +~~ total memory allocated....: 4685726 bytes +~~ total memory freed........: 4685726 bytes ~~ total allocations/frees...: 101158/101158 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 200 chars diff --git a/test/results/tls_long_cert.pcap.out b/test/results/tls_long_cert.pcap.out index 9f33aec71..3aa8e4b7f 100644 --- a/test/results/tls_long_cert.pcap.out +++ b/test/results/tls_long_cert.pcap.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_long_cert.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1553619078033} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1553619078033} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1553619078033,"flow_last_seen":1553619078033,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1553619078033,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00490{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1553619078033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1553619078033,"pkt":"BBjWMe9aeDHBvV4kCABFAABAAABAAEAGN8XAqAJ+aG\/XXesOAbssL+yBAAAAALAC\/\/8wZwAAAgQFtAEDAwYBAQgKJK\/ZdwAAAAAEAgAA"} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1553619078058,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1553619078058,"pkt":"eDHBvV4kBBjWMe9aCABFAAA8AABAADYGQclob9ddwKgCfgG76w4xmkZeLC\/sgqAScSAcqQAAAgQFtAQCCArQt2rgJK\/ZdwEDAwc="} @@ -8,7 +8,7 @@ 00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1553619078033,"flow_last_seen":1553619078091,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":1965,"flow_avg_l4_payload_len":327,"midstream":0,"thread_ts_msec":1553619078091,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 02429{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1553619078033,"flow_last_seen":1553619078093,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":4613,"flow_avg_l4_payload_len":512,"midstream":0,"thread_ts_msec":1553619078093,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"www.repubblica.it","server_names":"www.repstatic.it,repstatic.it,amp-video.lastampa.it,www.repubblica.it,amp-video.deejay.it,amp-video.d.repubblica.it,www.gelestatic.it,oasjs.kataweb.it,video.d.repubblica.it,www.test.capital.it,napoli.repubblica.it,video.ilsecoloxix.it,genova.repubblica.it,cdn.gelestatic.it,video.gelocal.it,media.deejay.it,media.m2o.it,amp-video.espresso.repubblica.it,download.gelocal.it,amp-video.m2o.it,bologna.repubblica.it,torino.repubblica.it,scripts.kataweb.it,palermo.repubblica.it,roma.repubblica.it,video.xl.repubblica.it,amp-video.gelocal.it,video.espresso.repubblica.it,www.capital.it,video.limesonline.com,media.capital.it,syndication-vod-pro.akamai.media.kataweb.it,test.capital.it,video.deejay.it,video.repubblica.it,milano.repubblica.it,video.lanuovasardegna.it,video.m2o.it,parma.repubblica.it,video.3nz.it,syndication-vod-hds.akamai.media.kataweb.it,amp-video.repubblica.it,video.lastampa.it,webfragments.repubblica.it,amp-video.xl.repubblica.it,amp-video.limesonline.com,media.kataweb.it,bari.repubblica.it,syndication-vod-hls.akamai.media.kataweb.it,amp-video.3nz.it,syndication3rd-vod-pro.akamai.media.kataweb.it,firenze.repubblica.it,amp-video.ilsecoloxix.it,amp-video.lanuovasardegna.it,cdn.flv.kataweb.it","ja3":"66918128f1b9b03303d77c6f2eefd128","ja3s":"35af4c8cd9495354f7d701ce8ad7fd2d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018","subjectDN":"C=IT, ST=Roma, L=Roma, O=GEDI Digital S.r.l., CN=www.repstatic.it","alpn":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"0C:9F:21:DB:65:A1:BE:EB:D8:89:38:D3:FF:7A:D9:02:8B:F1:60:A1"}} 00683{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":182,"flow_first_seen":1553619078033,"flow_last_seen":1553619149372,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":105569,"flow_avg_l4_payload_len":580,"midstream":0,"thread_ts_msec":1553619149372,"l3_proto":"ip4","src_ip":"192.168.2.126","dst_ip":"104.111.215.93","src_port":60174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-data-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1553619149372} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":182,"source":"tls_long_cert.pcap","alias":"nDPId-test","packets-captured":182,"packets-processed":182,"total-skipped-flows":0,"total-l4-data-len":105569,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1553619149372} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 182/182 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4725914 bytes -~~ total memory freed........: 4725914 bytes +~~ total memory allocated....: 4725938 bytes +~~ total memory freed........: 4725938 bytes ~~ total allocations/frees...: 101387/101387 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/tls_port_80.pcapng.out b/test/results/tls_port_80.pcapng.out index 17c8902e2..f52fbcf6d 100644 --- a/test/results/tls_port_80.pcapng.out +++ b/test/results/tls_port_80.pcapng.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_port_80.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1618744619257} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1618744619257} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1618744619257,"flow_last_seen":1618744619257,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1618744619257,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1618744619257,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619257,"pkt":"AAAAAAAAAAQAaFgECABFAAA062pAAH8G+tE5W8rChDGNOMVtAFCEMAfKAAAAAIAC+vANRAAAAgQFUAEDAwgBAQQC"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1618744619383,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1618744619383,"pkt":"AAAAAAAAAAMAlyocCABFAAA0AABAADUGMD2EMY04OVvKwgBQxW2J+2kQhDAHy4AS+vAZxAAAAgQFtAEBBAIBAwMH"} @@ -7,7 +7,7 @@ 01181{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":12,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1618744619257,"flow_last_seen":1618744633780,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":245,"flow_tot_l4_payload_len":245,"flow_avg_l4_payload_len":20,"midstream":0,"thread_ts_msec":1618744633780,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01240{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"3f2fba0262b1a22b739126dfb2fe7a7d","ja3s":"107030a763c7224285717ff1569a17f3","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"}} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1618744619257,"flow_last_seen":1618744633908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1360,"flow_tot_l4_payload_len":1605,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1618744633908,"l3_proto":"ip4","src_ip":"57.91.202.194","dst_ip":"132.49.141.56","src_port":50541,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00480{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1618744633908} +00559{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":13,"source":"tls_port_80.pcapng","alias":"nDPId-test","packets-captured":13,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":1605,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1618744633908} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 13/13 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682223 bytes -~~ total memory freed........: 4682223 bytes +~~ total memory allocated....: 4682247 bytes +~~ total memory freed........: 4682247 bytes ~~ total allocations/frees...: 101157/101157 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/tls_torrent.pcapng.out b/test/results/tls_torrent.pcapng.out index 0e416d2f0..712aa9013 100644 --- a/test/results/tls_torrent.pcapng.out +++ b/test/results/tls_torrent.pcapng.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_torrent.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1639054407415} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639054407415} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639054407415,"flow_last_seen":1639054407415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639054407415,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639054407415,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407415,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug0AAOIGSgIKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639054407427,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1639054407427,"pkt":"AAAAAAAAAAcAAh9nCABFAAA0ug8AAOIGSgAKCgoBwKgAAQG75dqEHE30Ee7ob4ASBaDg4gAAAgQFeAEBBAIBAwMJ"} @@ -8,7 +8,7 @@ 01006{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639054407415,"flow_last_seen":1639054407574,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":1732,"flow_avg_l4_payload_len":433,"midstream":0,"thread_ts_msec":1639054407574,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}} 01338{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.utorrent.com","server_names":"*.utorrent.com,utorrent.com","ja3":"fd80fa9c6120cdeea8520510f3c644ac","ja3s":"6f84bbe9810ec4ea9061cc1a02eaf83c","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http:\/\/certs.godaddy.com\/repository\/, CN=Go Daddy Secure Certificate Authority - G2","subjectDN":"CN=*.utorrent.com","fingerprint":"E4:8F:E4:15:C7:D0:B7:EA:E6:F6:B1:B4:40:F0:13:D1:5E:7F:64:E8"}} 00830{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1639054407415,"flow_last_seen":1639054407576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1400,"flow_tot_l4_payload_len":5906,"flow_avg_l4_payload_len":843,"midstream":0,"thread_ts_msec":1639054407576,"l3_proto":"ip4","src_ip":"10.10.10.1","dst_ip":"192.168.0.1","src_port":443,"dst_port":58842,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.BitTorrent","breed":"Acceptable","category":"Download"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1639054407576} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"tls_torrent.pcapng","alias":"nDPId-test","packets-captured":7,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":5906,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1639054407576} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 7/7 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4694527 bytes -~~ total memory freed........: 4694527 bytes +~~ total memory allocated....: 4694551 bytes +~~ total memory freed........: 4694551 bytes ~~ total allocations/frees...: 101158/101158 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/tls_verylong_certificate.pcap.out b/test/results/tls_verylong_certificate.pcap.out index b0ca0f331..606e24aeb 100644 --- a/test/results/tls_verylong_certificate.pcap.out +++ b/test/results/tls_verylong_certificate.pcap.out @@ -1,5 +1,5 @@ 00475{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00482{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1578254908457} +00561{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1578254908457} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1578254908457,"flow_last_seen":1578254908457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1578254908457,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1578254908457,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1578254908457,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGntnAqAGgl2VCMdYUAbur4+BEAAAAALAC\/\/9+XwAAAgQFtAEDAwUBAQgKAb+3BwAAAAAEAgAA"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1578254908469,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1578254908469,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADYGqN2XZUIxwKgBoAG71hTYdp3Gq+PgRaASauCAYQAAAgQFZAQCCApynbuCAb+3BwEDAwk="} @@ -8,7 +8,7 @@ 00910{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":1885,"flow_avg_l4_payload_len":314,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"http\/1.1"}} 03599{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1578254908457,"flow_last_seen":1578254908490,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":5989,"flow_avg_l4_payload_len":544,"midstream":0,"thread_ts_msec":1578254908490,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"},"tls": {"version":"TLSv1.2","client_requested_server_name":"feodotracker.abuse.ch","server_names":"p2.shared.global.fastly.net,*.12wbt.com,*.2bleacherreport.com,*.3bleacherreport.com,*.4bleacherreport.com,*.8bleacherreport.com,*.abuse.ch,*.acdn-it.ps-pantheon.com,*.cdn.livingmap.com,*.content.plastiq.com,*.dimensions.ai,*.dollarshaveclub.co.uk,*.dollarshaveclub.com,*.dontpayfull.com,*.ebisubook.com,*.foreignaffairs.com,*.fs.jibjab.com,*.fs.unitprints.com,*.ggleap.com,*.goodeggs.com,*.huevosbuenos.com,*.indy.myomnigon.com,*.jwatch.org,*.kingsfordcharcoal.com.au,*.lancenters.com,*.madebywe.com,*.minirodini.com,*.modcloth.net,*.orionlabs.io,*.ps-pantheon.com,*.scodle.com,*.steelseries.com,*.theforeman.org,*.uploads.eversign.com,*.uploads.schoox.com,*.vts.com,*.x.stg1.ebisubook.com,*.yang2020.com,12wbt.com,2bleacherreport.com,3bleacherreport.com,4bleacherreport.com,8bleacherreport.com,abuse.ch,brita.com,cdn.fwupd.org,cdn.livingmap.com,cdn.seated.com,cdn.skillacademy.com,clinicaloptions.com,clorox.com,content-preprod.beaverbrooksweb2.co.uk,content.beaverbrooks.co.uk,content.plastiq.com,coolmathgames.com,copterroyale.coolmathgames.com,d8-dev.coolmathgames.com,deflyio.coolmathgames.com,delivery-api.evadacms.com,dimensions.ai,dollarshaveclub.co.uk,dollarshaveclub.com,dontpayfull.com,eluniverso.com,email.amg-group.co,email.tekoforlife.co.uk,feedmarket.fr,freshstep.com,ggleap.com,goodeggs.com,heap.io,huevosbuenos.com,identity.linuxfoundation.org,joebiden.com,jwatch.org,kingsford.co.nz,kingsfordcharcoal.com.au,lancenters.com,lists.linuxfoundation.org,m-stage.coolmathgames.com,m.coolmathgames.com,madebywe.com,minirodini.com,modcloth.net,orionlabs.io,puritanmedproducts.com,reviews.org,rg-video-staging.ruangguru.com,rg-video.ruangguru.com,ruangguru.com,scodle.com,stage.coolmathgames.com,staging.appblade.com,steelseries.com,stg.platform.eluniverso.com,test.brita.com,test.heap.io,test.joebiden.com,test.ruangguru.com,theforeman.org,video-cdn.quipper.com,videos.calcworkshop.com,vts.com,www.101network.com,www.autos101.com,www.brita.com,www.clorox.com,www.collider.com,www.coolmathgames.com,www.eluniverso.com,www.flinto.com,www.freshstep.com,www.heap.io,www.holagente.com,www.icsydney.com.au,www.joebiden.com,www.kingsford.co.nz,www.mrnatty.com,www.myjewellerystory.com.au,www.myjs.com,www.netacea.com,www.parenting101.com,www.puritanmedproducts.com,www.reviews.org,www.sba.sa,www.shashatcom.sa,www.uat.ontariocolleges.ca,www.vacation101.com,www.walterspeople.co.uk,www.westwayelectricsupply.com","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"ae53107a2e47ea20c72ac44821a728bf","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3","subjectDN":"C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=p2.shared.global.fastly.net","alpn":"http\/1.1","fingerprint":"E9:34:DF:E0:C5:31:3C:59:7E:E2:57:44:F2:82:E9:80:F5:5D:05:4B"}} 00692{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":48,"flow_first_seen":1578254908457,"flow_last_seen":1578254908551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1368,"flow_tot_l4_payload_len":19077,"flow_avg_l4_payload_len":397,"midstream":0,"thread_ts_msec":1578254908551,"l3_proto":"ip4","src_ip":"192.168.1.160","dst_ip":"151.101.66.49","src_port":54804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Media"}} -00492{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-data-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1578254908551} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":48,"source":"tls_verylong_certificate.pcap","alias":"nDPId-test","packets-captured":48,"packets-processed":48,"total-skipped-flows":0,"total-l4-data-len":19077,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1578254908551} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 48/48 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4853469 bytes -~~ total memory freed........: 4853469 bytes +~~ total memory allocated....: 4853493 bytes +~~ total memory freed........: 4853493 bytes ~~ total allocations/frees...: 101328/101328 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 480 chars diff --git a/test/results/tor.pcap.out b/test/results/tor.pcap.out index f2a1530fb..edd89f7bd 100644 --- a/test/results/tor.pcap.out +++ b/test/results/tor.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1383821660212} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1383821660212} 00177{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821660212} 00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00177{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821662212} @@ -328,7 +328,7 @@ 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822255869,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822258212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822257040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} -00480{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3821,"packets-processed":3664,"total-skipped-flows":0,"total-l4-data-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-events-serialized":331,"global_ts_msec":1383822260212} +00559{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3821,"packets-processed":3664,"total-skipped-flows":0,"total-l4-data-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":331,"global_ts_msec":1383822260212} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822260212} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822259716,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00180{"error_event_id":5,"error_event_name":"Unknown packet type","datalink":1,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822262211} @@ -353,7 +353,7 @@ 00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":29,"flow_first_seen":1383822190886,"flow_last_seen":1383822265123,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8029,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00809{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1383822129889,"flow_last_seen":1383822265160,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":8625,"flow_avg_l4_payload_len":269,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00812{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":1826,"flow_first_seen":1383822130889,"flow_last_seen":1383822265215,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1411596,"flow_avg_l4_payload_len":773,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3859,"packets-processed":3694,"total-skipped-flows":0,"total-l4-data-len":2811958,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-events-serialized":356,"global_ts_msec":1383822276211} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3859,"packets-processed":3694,"total-skipped-flows":0,"total-l4-data-len":2811958,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":0,"total-active-flows":11,"total-idle-flows":11,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":356,"global_ts_msec":1383822276211} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 3859/3694 ~~ skipped flows.............: 0 @@ -362,8 +362,8 @@ ~~ total active/idle flows...: 11/11 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4811059 bytes -~~ total memory freed........: 4811059 bytes +~~ total memory allocated....: 4811083 bytes +~~ total memory freed........: 4811083 bytes ~~ total allocations/frees...: 104890/104890 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 182 chars diff --git a/test/results/trickbot.pcap.out b/test/results/trickbot.pcap.out index b16517970..8259db19b 100644 --- a/test/results/trickbot.pcap.out +++ b/test/results/trickbot.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"trickbot.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1609266107551} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1609266107551} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1609266107551,"flow_last_seen":1609266107551,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1609266107551,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1609266107551,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1609266107551,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0c9FAAIAGK0cKDB1lUnbhxO+GG6gSdtdWAAAAAIAC\/\/8eaQAAAgQFtAEDAwgBAQQC"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1609266107797,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsYEQAAIAGftxSduHECgwdZRuo74Zi7VJcEnbXV2AS+vCXMwAAAgQFtA=="} @@ -7,7 +7,7 @@ 01112{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1609266107551,"flow_last_seen":1609266107797,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":349,"flow_tot_l4_payload_len":349,"flow_avg_l4_payload_len":87,"midstream":0,"thread_ts_msec":1609266107797,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":0,"content_type":"","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} 01248{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1609266107551,"flow_last_seen":1609266108728,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1358,"flow_tot_l4_payload_len":2635,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1609266108728,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"82.118.225.196","url":"82.118.225.196:7080\/OK21pqJAtyyGBEo00sk","code":200,"content_type":"text\/html","user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident\/7.0; .NET4.0C; .NET4.0E)"}} 01046{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":74,"flow_first_seen":1609266107551,"flow_last_seen":1609266115947,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":57990,"flow_avg_l4_payload_len":783,"midstream":0,"thread_ts_msec":1609266115947,"l3_proto":"ip4","src_ip":"10.12.29.101","dst_ip":"82.118.225.196","src_port":61318,"dst_port":7080,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}},"25": {"risk":"HTTP Suspicious Content","severity":"High","risk_score": {"total":510,"client":355,"server":155}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-data-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1609266115947} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":74,"source":"trickbot.pcap","alias":"nDPId-test","packets-captured":74,"packets-processed":74,"total-skipped-flows":0,"total-l4-data-len":57990,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1609266115947} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 74/74 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4682131 bytes -~~ total memory freed........: 4682131 bytes +~~ total memory allocated....: 4682155 bytes +~~ total memory freed........: 4682155 bytes ~~ total allocations/frees...: 101222/101222 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 456 chars diff --git a/test/results/tumblr.pcap.out b/test/results/tumblr.pcap.out index c7ea45fdb..13cc88fec 100644 --- a/test/results/tumblr.pcap.out +++ b/test/results/tumblr.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tumblr.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1605292102219} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1605292102219} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102219,"flow_last_seen":1605292102219,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102219,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:798c","src_port":56592,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1605292102219,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":86,"pkt_l4_len":32,"thread_ts_msec":1605292102219,"pkt":"qtsDr8lk5EKm5WPyht1gCcfOACAGQCoBywEgSYsHmR3shSjf9ikAZP+bAAAAAAAAAACXZXmM3RABu9uJhiq5D+6LgBAB9a70AAABAQgKqXs\/nsLc288="} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1605292102602,"flow_last_seen":1605292102602,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292102602,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"64:ff9b::9765:789d","src_port":48240,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -269,7 +269,7 @@ 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292120654,"flow_last_seen":1605292120853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:806::200e","src_port":55014,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00674{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}} 00618{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1605292116554,"flow_last_seen":1605292116783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1605292122899,"l3_proto":"ip6","src_ip":"2a01:cb01:2049:8b07:991d:ec85:28df:f629","dst_ip":"2a00:1450:4007:805::2002","src_port":50960,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00492{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":24745,"packets-processed":24745,"total-skipped-flows":0,"total-l4-data-len":22196494,"total-not-detected-flows":0,"total-guessed-flows":38,"total-detected-flows":14,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-events-serialized":272,"global_ts_msec":1605292122899} +00571{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":24745,"source":"tumblr.pcap","alias":"nDPId-test","packets-captured":24745,"packets-processed":24745,"total-skipped-flows":0,"total-l4-data-len":22196494,"total-not-detected-flows":0,"total-guessed-flows":38,"total-detected-flows":14,"total-detection-updates":10,"total-updates":0,"current-active-flows":0,"total-active-flows":47,"total-idle-flows":47,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":272,"global_ts_msec":1605292122899} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 24745/24745 ~~ skipped flows.............: 0 @@ -278,8 +278,8 @@ ~~ total active/idle flows...: 47/47 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5856481 bytes -~~ total memory freed........: 5856481 bytes +~~ total memory allocated....: 5856505 bytes +~~ total memory freed........: 5856505 bytes ~~ total allocations/frees...: 126116/126116 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/ubntac2.pcap.out b/test/results/ubntac2.pcap.out index 346411e45..c78e9a330 100644 --- a/test/results/ubntac2.pcap.out +++ b/test/results/ubntac2.pcap.out @@ -1,5 +1,5 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ubntac2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1486943433175} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1486943433175} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00683{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1486943433175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":217,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":217,"pkt_l4_len":183,"thread_ts_msec":1486943433175,"pkt":"\/\/\/\/\/\/\/\/gCqojWksCABFAADLv4FAAEARuPfAqAEB\/\/\/\/\/4UlJxEAtx2vAgYAqwIACoAqqI1pK8CoAhUCAAqAKqiNaSzAqAEBAQAGgCqojWkrCgAEAADeYAsABHVibnQMAARVR1czAwA4VW5pRmlTZWN1cml0eUdhdGV3YXkuRVItZTEyMC52NC4zLjMzLjQ5MzYwODYuMTYxMjAzLjIwMzEWAA40LjMuMzMuNDkzNjA4NhUABFVHVzMXAAEAGAABABMABoAqqI1pKxIABAAAFc8bAAU0LjAuMA=="} 00698{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1486943433175,"flow_last_seen":1486943433175,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943433175,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":34085,"dst_port":10001,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"},"ubntac2": {"version":"UniFiSecurityGateway.ER-e120.v4"}} @@ -32,7 +32,7 @@ 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943443357,"flow_last_seen":1486943443357,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":44641,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943504301,"flow_last_seen":1486943504301,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":42838,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1486943453510,"flow_last_seen":1486943453510,"flow_idle_time":180000,"flow_min_l4_payload_len":175,"flow_max_l4_payload_len":175,"flow_tot_l4_payload_len":175,"flow_avg_l4_payload_len":175,"midstream":0,"thread_ts_msec":1486943504301,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"255.255.255.255","src_port":55321,"dst_port":10001,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"UBNTAC2","breed":"Safe","category":"Network"}} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-events-serialized":35,"global_ts_msec":1486943504301} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"ubntac2.pcap","alias":"nDPId-test","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1400,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":8,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":8,"total-idle-flows":8,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":35,"global_ts_msec":1486943504301} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 8/8 ~~ skipped flows.............: 0 @@ -41,8 +41,8 @@ ~~ total active/idle flows...: 8/8 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4686134 bytes -~~ total memory freed........: 4686134 bytes +~~ total memory allocated....: 4686158 bytes +~~ total memory freed........: 4686158 bytes ~~ total allocations/frees...: 101172/101172 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 463 chars diff --git a/test/results/upnp.pcap.out b/test/results/upnp.pcap.out index e438ecbcd..c96a84292 100644 --- a/test/results/upnp.pcap.out +++ b/test/results/upnp.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"upnp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1541515314826} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1541515314826} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314826,"flow_last_seen":1541515314826,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314826,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01338{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1541515314826,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":718,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":718,"pkt_l4_len":664,"thread_ts_msec":1541515314826,"pkt":"MzMAAAAMGNvyL6AYht1gDeGUApgRAf6AAAAAAAAANEE9JG0wqAf\/AgAAAAAAAAAAAAAAAAAM5jQOdgKYg108P3htbCB2ZXJzaW9uPSIxLjAiIGVuY29kaW5nPSJ1dGYtOCI\/Pjxzb2FwOkVudmVsb3BlIHhtbG5zOnNvYXA9Imh0dHA6Ly93d3cudzMub3JnLzIwMDMvMDUvc29hcC1lbnZlbG9wZSIgeG1sbnM6d3NhPSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA0LzA4L2FkZHJlc3NpbmciIHhtbG5zOndzZD0iaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkiPjxzb2FwOkhlYWRlcj48d3NhOlRvPnVybjpzY2hlbWFzLXhtbHNvYXAtb3JnOndzOjIwMDU6MDQ6ZGlzY292ZXJ5PC93c2E6VG8+PHdzYTpBY3Rpb24+aHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNC9kaXNjb3ZlcnkvUmVzb2x2ZTwvd3NhOkFjdGlvbj48d3NhOk1lc3NhZ2VJRD51cm46dXVpZDozZjQyZGM5YS0yNGNlLTQ4ZDEtODhmOS0xNmI5NmExMzdkNzE8L3dzYTpNZXNzYWdlSUQ+PC9zb2FwOkhlYWRlcj48c29hcDpCb2R5Pjx3c2Q6UmVzb2x2ZT48d3NhOkVuZHBvaW50UmVmZXJlbmNlPjx3c2E6QWRkcmVzcz51cm46dXVpZDplMzI0ODAwMC04MGNlLTExZGItODAwMC0wMDFiYTk5ZWM5NTY8L3dzYTpBZGRyZXNzPjwvd3NhOkVuZHBvaW50UmVmZXJlbmNlPjwvd3NkOlJlc29sdmU+PC9zb2FwOkJvZHk+PC9zb2FwOkVudmVsb3BlPg=="} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1541515314827,"flow_last_seen":1541515314827,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":656,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515314827,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -12,7 +12,7 @@ 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314826,"flow_last_seen":1541515320458,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515321472,"l3_proto":"ip6","src_ip":"fe80::3441:3d24:6d30:a807","dst_ip":"ff02::c","src_port":58932,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00652{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515321472,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"WSD","breed":"Acceptable","category":"Network"}} 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1541515314827,"flow_last_seen":1541515321472,"flow_idle_time":180000,"flow_min_l4_payload_len":656,"flow_max_l4_payload_len":656,"flow_tot_l4_payload_len":4592,"flow_avg_l4_payload_len":656,"midstream":0,"thread_ts_msec":1541515321472,"l3_proto":"ip4","src_ip":"192.168.61.66","dst_ip":"239.255.255.250","src_port":58931,"dst_port":3702,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":9184,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1541515321472} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"upnp.pcap","alias":"nDPId-test","packets-captured":14,"packets-processed":14,"total-skipped-flows":0,"total-l4-data-len":9184,"total-not-detected-flows":0,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1541515321472} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 14/14 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681076 bytes -~~ total memory freed........: 4681076 bytes +~~ total memory allocated....: 4681100 bytes +~~ total memory freed........: 4681100 bytes ~~ total allocations/frees...: 101160/101160 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 460 chars diff --git a/test/results/viber.pcap.out b/test/results/viber.pcap.out index ffacbd6ac..7da55e217 100644 --- a/test/results/viber.pcap.out +++ b/test/results/viber.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"viber.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1527155638428} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1527155638428} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638428,"flow_last_seen":1527155638428,"flow_idle_time":7440000,"flow_min_l4_payload_len":101,"flow_max_l4_payload_len":101,"flow_tot_l4_payload_len":101,"flow_avg_l4_payload_len":101,"midstream":1,"thread_ts_msec":1527155638428,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"52.0.253.101","src_port":33208,"dst_port":4244,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00603{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"viber.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1527155638428,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_msec":1527155638428,"pkt":"AA6OMNv9MAdNo1+nCABFAACZvbBAAEAGio\/AqAARNAD9ZYG4EJTYH5QATQ0UaIAYAtokAwAAAQEICgAhYEL3kz3SZQAKAAAALtCh9tIA1PL3FQOheV4He+mBM0W\/i9pTb10sHI+OMXtBs1b9JHGGgzJlSCkVK80QeHWJMpbzU2NcxAJaXXoLguc1CK5osKkCx6zZTIH0SZ0piWwLO+YlPXpdR9T6nHw="} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"viber.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1527155638474,"flow_last_seen":1527155638474,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1527155638474,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":45743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} @@ -162,7 +162,7 @@ 00646{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.AmazonAWS","breed":"Acceptable","category":"Cloud"}} 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1527155679410,"flow_last_seen":1527155685132,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"18.201.4.3","src_port":33744,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1527155641813,"flow_last_seen":1527155641840,"flow_idle_time":180000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":179,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1527155685757,"l3_proto":"ip4","src_ip":"192.168.0.17","dst_ip":"192.168.0.15","src_port":40445,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Viber","breed":"Acceptable","category":"Chat"}} -00482{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","packets-captured":424,"packets-processed":420,"total-skipped-flows":0,"total-l4-data-len":122215,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":17,"total-updates":0,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-events-serialized":165,"global_ts_msec":1527155685757} +00561{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":424,"source":"viber.pcap","alias":"nDPId-test","packets-captured":424,"packets-processed":420,"total-skipped-flows":0,"total-l4-data-len":122215,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":23,"total-detection-updates":17,"total-updates":0,"current-active-flows":0,"total-active-flows":26,"total-idle-flows":26,"total-compressions":3,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":165,"global_ts_msec":1527155685757} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 424/420 ~~ skipped flows.............: 0 @@ -171,8 +171,8 @@ ~~ total active/idle flows...: 26/26 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4810557 bytes -~~ total memory freed........: 4810557 bytes +~~ total memory allocated....: 4810581 bytes +~~ total memory freed........: 4810581 bytes ~~ total allocations/frees...: 101695/101695 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/vnc.pcap.out b/test/results/vnc.pcap.out index b12100f9a..b26d700fc 100644 --- a/test/results/vnc.pcap.out +++ b/test/results/vnc.pcap.out @@ -1,5 +1,5 @@ 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"vnc.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1476111264364} +00540{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1476111264364} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1476111264364,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1476111264364,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1476111264364,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1476111264364,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"} @@ -12,7 +12,7 @@ 00900{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1476111286462,"flow_last_seen":1476111286549,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":4,"midstream":0,"thread_ts_msec":1476111286549,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} 00946{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1008,"flow_first_seen":1476111286462,"flow_last_seen":1476111290613,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":17966,"flow_avg_l4_payload_len":17,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} 00945{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":3543,"flow_first_seen":1476111264364,"flow_last_seen":1476111280884,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":64300,"flow_avg_l4_payload_len":18,"midstream":0,"thread_ts_msec":1476111290613,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"30": {"risk":"Desktop\/File Sharing Session","severity":"Low","risk_score": {"total":1000,"client":800,"server":200}}},"confidence": {"4":"DPI"},"proto":"VNC","breed":"Acceptable","category":"RemoteAccess"}} -00477{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-data-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":15,"global_ts_msec":1476111290613} +00556{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"vnc.pcap","alias":"nDPId-test","packets-captured":4551,"packets-processed":4551,"total-skipped-flows":0,"total-l4-data-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":15,"global_ts_msec":1476111290613} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 4551/4551 ~~ skipped flows.............: 0 @@ -21,8 +21,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4816745 bytes -~~ total memory freed........: 4816745 bytes +~~ total memory allocated....: 4816769 bytes +~~ total memory freed........: 4816769 bytes ~~ total allocations/frees...: 105699/105699 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars diff --git a/test/results/vxlan.pcap.out b/test/results/vxlan.pcap.out index 8cd3487a6..83fe073b4 100644 --- a/test/results/vxlan.pcap.out +++ b/test/results/vxlan.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"vxlan.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1639650442645} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1639650442645} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1639650442645,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1639650442645,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":126,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":126,"pkt_l4_len":88,"thread_ts_msec":1639650442645,"pkt":"AAy9Bjp0AAy9Bjp1gQAABQgARQAAbAM\/AABAEcnowKgWBMCoFgXt1xK1AFhqBAgAAAAABFcAZnpQqv+aHuppKm\/PCABFAAA6NbBAAEAR1uUKChQECAgICK2VADUAJhfikMYBAAABAAAAAAAACGZhY2Vib29rA2NvbQAAAQAB"} 00636{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639650442645,"flow_last_seen":1639650442645,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1639650442645,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60887,"dst_port":4789,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} @@ -50,7 +50,7 @@ 00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1639650443097,"flow_last_seen":1639650443097,"flow_idle_time":180000,"flow_min_l4_payload_len":62,"flow_max_l4_payload_len":62,"flow_tot_l4_payload_len":186,"flow_avg_l4_payload_len":62,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.4","dst_ip":"192.168.22.5","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1639650442720,"flow_last_seen":1639650443097,"flow_idle_time":180000,"flow_min_l4_payload_len":74,"flow_max_l4_payload_len":1454,"flow_tot_l4_payload_len":5058,"flow_avg_l4_payload_len":389,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":60230,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1639650442682,"flow_last_seen":1639650442711,"flow_idle_time":180000,"flow_min_l4_payload_len":96,"flow_max_l4_payload_len":108,"flow_tot_l4_payload_len":204,"flow_avg_l4_payload_len":102,"midstream":0,"thread_ts_msec":1639650443276,"l3_proto":"ip4","src_ip":"192.168.22.5","dst_ip":"192.168.22.4","src_port":43866,"dst_port":4789,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"VXLAN","breed":"Acceptable","category":"Network"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-data-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-events-serialized":53,"global_ts_msec":1639650443276} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":127,"source":"vxlan.pcap","alias":"nDPId-test","packets-captured":127,"packets-processed":127,"total-skipped-flows":0,"total-l4-data-len":79480,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":9,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":53,"global_ts_msec":1639650443276} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 127/127 ~~ skipped flows.............: 0 @@ -59,8 +59,8 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4690457 bytes -~~ total memory freed........: 4690457 bytes +~~ total memory allocated....: 4690481 bytes +~~ total memory freed........: 4690481 bytes ~~ total allocations/frees...: 101294/101294 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/wa_video.pcap.out b/test/results/wa_video.pcap.out index 1376c00be..9952cca59 100644 --- a/test/results/wa_video.pcap.out +++ b/test/results/wa_video.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_video.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1561455764448} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1561455764448} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455764448,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1561455764448,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI0kIAAEARIhLAqAIBwKgC\/+EV4RUANEtUU3BvdFVkcDC64ScQKi2g\/wABAARIlcIDyUSzc\/3fJAksKuG26pMF0apN5Ek="} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455764448,"flow_last_seen":1561455764448,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455764448,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} @@ -79,7 +79,7 @@ 00841{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":893,"flow_first_seen":1561455781352,"flow_last_seen":1561455792065,"flow_idle_time":180000,"flow_min_l4_payload_len":26,"flow_max_l4_payload_len":1293,"flow_tot_l4_payload_len":647331,"flow_avg_l4_payload_len":724,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"91.252.56.51","src_port":53688,"dst_port":32641,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":133,"flow_first_seen":1561455767339,"flow_last_seen":1561455795283,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1388,"flow_tot_l4_payload_len":11742,"flow_avg_l4_payload_len":88,"midstream":1,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"157.240.20.53","src_port":49355,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} 00832{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1561455781247,"flow_last_seen":1561455791996,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":792,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1561455795283,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"1.60.78.64","src_port":53688,"dst_port":59491,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00486{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","packets-captured":1567,"packets-processed":1567,"total-skipped-flows":0,"total-l4-data-len":891931,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-events-serialized":82,"global_ts_msec":1561455795283} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1567,"source":"wa_video.pcap","alias":"nDPId-test","packets-captured":1567,"packets-processed":1567,"total-skipped-flows":0,"total-l4-data-len":891931,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":14,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":14,"total-idle-flows":14,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":82,"global_ts_msec":1561455795283} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1567/1567 ~~ skipped flows.............: 0 @@ -88,8 +88,8 @@ ~~ total active/idle flows...: 14/14 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4799492 bytes -~~ total memory freed........: 4799492 bytes +~~ total memory allocated....: 4799516 bytes +~~ total memory freed........: 4799516 bytes ~~ total allocations/frees...: 102766/102766 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 464 chars diff --git a/test/results/wa_voice.pcap.out b/test/results/wa_voice.pcap.out index 265919df3..039dbb367 100644 --- a/test/results/wa_voice.pcap.out +++ b/test/results/wa_voice.pcap.out @@ -1,5 +1,5 @@ 00459{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wa_voice.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00466{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1561455687942} +00545{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1561455687942} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1561455687942,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1561455687942,"pkt":"xiwDYGpkkLkxKPrKCABFAAA8VCwAAP8R4ibAqAIMwKgCAcjnADUAKL4MZG8BAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE="} 00767{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1561455687942,"flow_last_seen":1561455687942,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":32,"flow_tot_l4_payload_len":32,"flow_avg_l4_payload_len":32,"midstream":0,"thread_ts_msec":1561455687942,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":51431,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"www.google.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} @@ -163,7 +163,7 @@ 00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1561455687991,"flow_last_seen":1561455688018,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"192.168.2.1","src_port":60765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.WhatsApp","breed":"Acceptable","category":"Chat"}} 00693{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":8,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":762,"flow_avg_l4_payload_len":95,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"185.60.216.51","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":49,"flow_first_seen":1561455706912,"flow_last_seen":1561455741419,"flow_idle_time":180000,"flow_min_l4_payload_len":2,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":3959,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1561455743434,"l3_proto":"ip4","src_ip":"192.168.2.12","dst_ip":"31.13.86.48","src_port":56328,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-data-len":128892,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":26,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-events-serialized":166,"global_ts_msec":1561455743434} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":736,"source":"wa_voice.pcap","alias":"nDPId-test","packets-captured":736,"packets-processed":734,"total-skipped-flows":0,"total-l4-data-len":128892,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":26,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":28,"total-idle-flows":28,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":166,"global_ts_msec":1561455743434} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 736/734 ~~ skipped flows.............: 0 @@ -172,8 +172,8 @@ ~~ total active/idle flows...: 28/28 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4814548 bytes -~~ total memory freed........: 4814548 bytes +~~ total memory allocated....: 4814572 bytes +~~ total memory freed........: 4814572 bytes ~~ total allocations/frees...: 101981/101981 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 457 chars diff --git a/test/results/waze.pcap.out b/test/results/waze.pcap.out index db199cda3..ca036e18b 100644 --- a/test/results/waze.pcap.out +++ b/test/results/waze.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"waze.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1435587866603} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1435587866603} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1435587866603,"flow_last_seen":1435587866603,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1435587866603,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1435587866603,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587866603,"pkt":"ABoRAAACABoRAAABCABFAABNMsFAAEAGQsYKECWdriXnUaUQFGaA18okWhY9doAYAVcoQwAAAQEICgAIazhBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1435587867103,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":91,"pkt_l4_len":57,"thread_ts_msec":1435587867103,"pkt":"ABoRAAACABoRAAABCABFAABNMsJAAEAGQsUKECWdriXnUaUQFGaA18okWhY9doAYAVcoEAAAAQEICgAIa2tBJdw4gAAWBXL2KZLscQ7\/r4Q3YR6R6YsREWIs0w=="} @@ -226,7 +226,7 @@ 00573{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1435587880581,"flow_last_seen":1435587880589,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"200.160.4.49","src_port":52746,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00580{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1435587866603,"flow_last_seen":1435587898628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":15,"midstream":1,"thread_ts_msec":1435587907392,"l3_proto":"ip4","src_ip":"10.16.37.157","dst_ip":"174.37.231.81","src_port":42256,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-data-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":29,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-events-serialized":229,"global_ts_msec":1435587907392} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":597,"source":"waze.pcap","alias":"nDPId-test","packets-captured":597,"packets-processed":597,"total-skipped-flows":0,"total-l4-data-len":326183,"total-not-detected-flows":1,"total-guessed-flows":9,"total-detected-flows":23,"total-detection-updates":29,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":229,"global_ts_msec":1435587907392} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 597/597 ~~ skipped flows.............: 0 @@ -235,8 +235,8 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4800561 bytes -~~ total memory freed........: 4800561 bytes +~~ total memory allocated....: 4800585 bytes +~~ total memory freed........: 4800585 bytes ~~ total allocations/frees...: 101918/101918 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars diff --git a/test/results/webex.pcap.out b/test/results/webex.pcap.out index 658e77df1..719b68d47 100644 --- a/test/results/webex.pcap.out +++ b/test/results/webex.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"webex.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1444570624853} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1444570624853} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1444570624853,"flow_last_seen":1444570624853,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1444570624853,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41346,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1444570624853,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1444570624853,"pkt":"ABoRAAACABoRAAABCABFAAA8OXNAAEAGTZUKCAABQERpZ6GCAbtPGIcMAAAAAKACOQgjFwAAAgQFtAQCCAoATL5\/AAAAAAEDAwY="} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"webex.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1444570624860,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1444570624860,"pkt":"ABoRAAACABoRAAABCABFAAAoAQ5AABAGtg5ARGlnCggAAQG7oYKw53jzTxiHDVAS\/\/9Y4AAA"} @@ -380,7 +380,7 @@ 00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":17,"flow_first_seen":1444570636387,"flow_last_seen":1444570640346,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41386,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} 00576{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1444570640319,"flow_last_seen":1444570652361,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41394,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00922{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1444570672215,"flow_last_seen":1444570673280,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":3939,"flow_tot_l4_payload_len":7463,"flow_avg_l4_payload_len":533,"midstream":0,"thread_ts_msec":1444570742172,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"64.68.105.103","src_port":41419,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Webex","breed":"Acceptable","category":"VoIP"}} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","packets-captured":1580,"packets-processed":1580,"total-skipped-flows":0,"total-l4-data-len":778771,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":52,"total-detection-updates":38,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-events-serialized":383,"global_ts_msec":1444570742172} +00565{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1580,"source":"webex.pcap","alias":"nDPId-test","packets-captured":1580,"packets-processed":1580,"total-skipped-flows":0,"total-l4-data-len":778771,"total-not-detected-flows":0,"total-guessed-flows":5,"total-detected-flows":52,"total-detection-updates":38,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":20,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":383,"global_ts_msec":1444570742172} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1580/1580 ~~ skipped flows.............: 0 @@ -389,8 +389,8 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5031329 bytes -~~ total memory freed........: 5031329 bytes +~~ total memory allocated....: 5031353 bytes +~~ total memory freed........: 5031353 bytes ~~ total allocations/frees...: 103145/103145 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars diff --git a/test/results/websocket.pcap.out b/test/results/websocket.pcap.out index bbec0a345..af4d55359 100644 --- a/test/results/websocket.pcap.out +++ b/test/results/websocket.pcap.out @@ -1,12 +1,12 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"websocket.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1475155931028} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1475155931028} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1475155931028,"pkt":"AFBWwAAIAAwpij2nCABFAABB27JAAEAGhyvAqCuHwKgrATA5xzc8ilRnydSxV1AYAO1IlQAAgRdXZWxjb21lLCAxOTIuMTY4LjQzLjEgIQ=="} 00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1475155931028,"flow_last_seen":1475155931028,"flow_idle_time":7440000,"flow_min_l4_payload_len":25,"flow_max_l4_payload_len":25,"flow_tot_l4_payload_len":25,"flow_avg_l4_payload_len":25,"midstream":1,"thread_ts_msec":1475155931028,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1475155946892,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1475155946892,"pkt":"AAwpij2nAFBWwAAICABFAAA6BcdAAEAGXR7AqCsBwKgrh8c3MDnJ1LFXPIpUgFAYP+\/mwAAAgYzhfo65lRv9zcET68qSH+nc"} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1475155946903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1475155946903,"pkt":"AFBWwAAIAAwpij2nCABFAABc27NAAEAGhw\/AqCuHwKgrATA5xzc8ilSAydSxaVAYAO0tVgAAgTIyMTozMzo1MiAoJzE5Mi4xNjguNDMuMScsIDUwOTk5KSBzYXk6IHRlc3QgbWVzc2FnZQ=="} 00684{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1475155931028,"flow_last_seen":1475156008657,"flow_idle_time":7440000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":55,"flow_tot_l4_payload_len":171,"flow_avg_l4_payload_len":34,"midstream":1,"thread_ts_msec":1475156008657,"l3_proto":"ip4","src_ip":"192.168.43.135","dst_ip":"192.168.43.1","src_port":12345,"dst_port":50999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WebSocket","breed":"Acceptable","category":"Web"}} -00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1475156008657} +00550{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"websocket.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":5,"total-skipped-flows":0,"total-l4-data-len":171,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1475156008657} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 5/5 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4681991 bytes -~~ total memory freed........: 4681991 bytes +~~ total memory allocated....: 4682015 bytes +~~ total memory freed........: 4682015 bytes ~~ total allocations/frees...: 101149/101149 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/wechat.pcap.out b/test/results/wechat.pcap.out index c9b4fc081..5ea6fa65a 100644 --- a/test/results/wechat.pcap.out +++ b/test/results/wechat.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wechat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1492167337792} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1492167337792} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492167337792,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"flow_min_l4_payload_len":604,"flow_max_l4_payload_len":604,"flow_tot_l4_payload_len":604,"flow_avg_l4_payload_len":604,"midstream":1,"thread_ts_msec":1492167337792,"l3_proto":"ip4","src_ip":"203.205.151.162","dst_ip":"192.168.1.103","src_port":443,"dst_port":54084,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 01281{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":670,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":670,"pkt_l4_len":636,"thread_ts_msec":1492167337792,"pkt":"eJKcD6iO8IQvSpdgCABFoAKQLFpAACwG+e7LzZeiwKgBZwG700RsJQvmFiW5B4AYAQBhCAAAAQEICkXRlQMAMKrIjxNPGb1b2gIOFmmrodrIUGWpRD8pBe\/eyANOuHxnf1oEiCDKQxkU6yvgqiltC85O1YOlf4+boaZn\/v7U0TkR+lQ9a8XEdMtbUDNvRkN1lpLANNJe9T6WEXQRZhhQATyvHXIsPxznFQlv1ayF4fN0Lp1Tv+DnMtPovG4l64Fdnf94BKNh3wpUis\/1aaAJUl4N4QYAa2BN+MLHUIjBfzQomk58kbDVZlQvabo4eeiFrJQbG0CRtmIDLIV4UlMABwm2B+L0SD\/lX+vPdRjlbT0hOePKWkrPVp4oa0GnGMtovp\/3dKKj2adHC1yCvZqzc+T4heafDFJJDxNGnnTZtJeXWQW2\/Wn0xAXZa5xeVmiob7mVi7gQwqB4EyVdzoi+MdLqv1I0FdZ7WKuu9o+r6i7T5KxQ7NhUIRC9KEInuscbFfTp5tcTpkg81VRtJhveR07GYTrLSFchnUCEzbFpCOPEOlfHshGkgemcZqUW0JSeBZoVIhGHuP8IElk+zTdckKSFR7XZosRv+JZpXULghhsYEQIcWSnXEwiNwHqD7SkijDTYTSRARplFy3lQ+I9PYai9e3wxDdj38dt3ZjnYHW+Jgcvyxa81TfaFhCzMBo8JWYVcQLLQCzJJ7po8hcjxwSKSvs1BzLjoAmGIOQCY3cD2niwBo4mLwkfrwM7iYYbbTgCByxdl2XUzXKGTmMiV+yqiF1sadTUF0KDk8zQPlxqASeejWTULCaKDKO7zq0WMvrWWgtPS5+WycvqXy24tfwXRN6su4lzlC8cmzA\/wzbACdxOu6m0puRk6CDMzrA=="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wechat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1492167337792,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167337792,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0B7NAAEAGDZLAqAFny82XotNEAbsWJbkHbCUOQoAQAk6qQAAAAQEICgAwqxZF0ZUD"} @@ -464,7 +464,7 @@ 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1519,"source":"wechat.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1492167905858,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1492167905858,"pkt":"8IQvSpdgeJKcD6iOCABFAAA0gtdAAEAGlmTAqAFny82Tq+K7AbsB+ldbRv\/MwYAQAOWMrQAAAQEICgAy1dZFr1pd"} 00901{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1521,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1428,"flow_tot_l4_payload_len":1666,"flow_avg_l4_payload_len":277,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 01435{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1523,"source":"wechat.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1492167905310,"flow_last_seen":1492167905866,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1688,"flow_tot_l4_payload_len":3354,"flow_avg_l4_payload_len":419,"midstream":0,"thread_ts_msec":1492167905866,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.147.171","src_port":58042,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WeChat","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"web.wechat.com","server_names":"webpush1.wechat.com,webpush.wechat.com,login.web.wechat.com,webpush.web.wechat.com,webpush2.wechat.com,webpush.web2.wechat.com,file.web2.wechat.com,web1.wechat.com,file.web.wechat.com,loginpoll.wechat.com,web2.wechat.com,login.wechat.com,login.web2.wechat.com,res.wechat.com,web.wechat.com","ja3":"e330bca99c8a5256ae126a55c4c725c5","ja3s":"699a80bdb17efe157c861f92c5bf5d1d","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=GeoTrust Inc., CN=GeoTrust SSL CA - G3","subjectDN":"C=HK, ST=HongKong, L=Wan Chai, O=Tencent Mobility Limited, CN=web.wechat.com","alpn":"h2,http\/1.1","fingerprint":"4F:3B:6A:87:0C:D2:34:09:C9:53:9F:6F:EE:7D:7B:9B:E9:D6:EF:C1"}} -00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-data-len":556502,"total-not-detected-flows":0,"total-guessed-flows":15,"total-detected-flows":58,"total-detection-updates":63,"total-updates":4,"current-active-flows":30,"total-active-flows":76,"total-idle-flows":46,"total-events-serialized":467,"global_ts_msec":1492171154216} +00566{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1553,"packets-processed":1552,"total-skipped-flows":0,"total-l4-data-len":556502,"total-not-detected-flows":0,"total-guessed-flows":15,"total-detected-flows":58,"total-detection-updates":63,"total-updates":4,"current-active-flows":30,"total-active-flows":76,"total-idle-flows":46,"total-compressions":29,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":467,"global_ts_msec":1492171154216} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154216,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"flow_min_l4_payload_len":1188,"flow_max_l4_payload_len":1188,"flow_tot_l4_payload_len":1188,"flow_avg_l4_payload_len":1188,"midstream":1,"thread_ts_msec":1492171154216,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"203.205.151.162","src_port":54183,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 02086{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1553,"source":"wechat.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1492171154216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1254,"pkt_l4_len":1220,"thread_ts_msec":1492171154216,"pkt":"8IQvSpdgeJKcD6iOCABFAATYpoxAAEAGahTAqAFny82XotOnAbtQhl2xjWp\/PoAYBaSJeAAAAQEICgA\/OhBF4BL0FwMDBJ8AAAAAAAAAk06IK7tTPaQ0tnXGeqHKil75lMj6OyIERVlvQ89pkJ\/5uFrYubJHeJqSrynvitkot5qunWtMUvVbyI8vjd8zycM9IsUAAB\/fKHCxwAngzbmC6gdk\/UoKTL4MIPiK4NVVPRz1DsYhuoql6sqmFMKJKaM6NXpyBkCtYpvlazDCWxllWCP\/i12XdKQQMbcGYN2wvAB3a6vg6oJPIx+XXkk4cY\/+EENsi+PDerl+pB2IlJMObTfaJBhM\/rJFUKMd1xriphMBzgM9PCE+gKKP\/k+AYg8NddY\/gnJX\/+unfAflhC1NZ1nFt2\/\/Y9gesYC0uhG0uLLlbtLmKF2MPjllgxHAEeq6L2rXw2szIJL4yllp+t9tcKCYfzVRzCQkgUtQQaP0YiRh1NQtDTvnuPpM8CS6YfFOx17PkSNzepokWNsrLXMtr9p2nc9zczirZ\/D9H9Xey3Xx0qFAN\/MVzWUXfWpSlTWrXzNWP5kDdvTYBf19VGMPfxtzLKYTLOd\/rVswJ6OAUsAdfTYAu7j6c4KJubGecouom8T9brd1TJm6pyXignKkiQR+nvp0U\/G\/NxhEcnKV91SvFM0mQxh+hfK10svoh9dj1Bq8+PvXaAQljscptiwRlr+X\/V1zPyapTZcrW9A2fGrnzKqVYJASiCPQWyYD8Mn6pda0e6knRW3Ae28WpLnmyjMKx4\/7dOqugSoKa3q7BQRxbcpbcOXlPFfrjt+CwbA3KCTzFvdocE4QeSDn8FuJ85HFummmQOxK7tDtjljV+L\/2nbiMgjTy6jJzYFwXGw6xLdoXOupF5XjIfHUSMeB+R0BhUmtVxXEWPPHfAVdVJcBt8uO5QMhp9jxrSrOX54VXB+P7Qj0VmSag75Jhz20k8Z3uI27cFcp7OjdlKhlEBtlzESNSQ8FGkqCxygPJSf0REdvr2uQA0ApTgzzF+s6YbdeH3vy1SJOH2fQsH4IeYeRjAPrh1RmlhN066XBLLeGtIiz1LEJx17TCB8c1JpUan\/1+JYoV0SCzXlaZWYybCxcBBIz\/2EdpG8hJzN4rtTVwf\/3OYFkhRTMbe1PHW9T5IfuTuKU76wWlDp+aujzjWp1vvFdq4bUrI6AdEquAU5C3BTnuLB9tqzlOb5nzcQjb4fPQCkUUcvHBPPLW9qrLyB05aTRG1W9ShnsibG\/AerW39YgPMVulkynnwtbGsYcGZs7KelCQXCLt3D6RU08N5SulLgw+o5aYItue0wJaW5VDEXxAVhsE4KU4+QsEuXkbd9rTsMt9Gf+Td49H8NzJEXxlYX\/ThtsZsn5doQpcdUcGVMiJrwpHQzTDWZLiBcd51axsLca9fP61xaeKb48j0Kb0TeXy0DcAfEDH4Sy29YAuNi7N4uKdxMrzHsqaQhCFI\/jmx6CqCWjy1zA6Ijzjpx6KTEeNxn3m7OTzuxckZQeS0ArKR7BX7UnCFIAenlvKt7e\/DzO9W1DndidXP+Qwf3XzvB+qvenTl6HWA0XtGBky3MCwBE5b++HXnyFlygjOvbY7LPZovuQtASvUqwAHPkuONuar\/2ZEP2TwCB+AOJYrpZq+HLOc"} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1554,"source":"wechat.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1492171154792,"flow_last_seen":1492171154792,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171154792,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"64.233.167.188","src_port":54205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} @@ -673,7 +673,7 @@ 00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1492171168104,"flow_last_seen":1492171267294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"95.101.34.34","src_port":39231,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00648{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Google","breed":"Acceptable","category":"Web"}} 00581{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1492167377896,"flow_last_seen":1492167468048,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1492171291761,"l3_proto":"ip4","src_ip":"192.168.1.103","dst_ip":"216.58.205.142","src_port":49787,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00489{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-data-len":561272,"total-not-detected-flows":0,"total-guessed-flows":31,"total-detected-flows":80,"total-detection-updates":66,"total-updates":4,"current-active-flows":0,"total-active-flows":110,"total-idle-flows":110,"total-events-serialized":676,"global_ts_msec":1492171291761} +00569{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1672,"source":"wechat.pcap","alias":"nDPId-test","packets-captured":1672,"packets-processed":1672,"total-skipped-flows":0,"total-l4-data-len":561272,"total-not-detected-flows":0,"total-guessed-flows":31,"total-detected-flows":80,"total-detection-updates":66,"total-updates":4,"current-active-flows":0,"total-active-flows":110,"total-idle-flows":110,"total-compressions":52,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":676,"global_ts_msec":1492171291761} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1672/1672 ~~ skipped flows.............: 0 @@ -682,8 +682,8 @@ ~~ total active/idle flows...: 110/110 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5101514 bytes -~~ total memory freed........: 5101514 bytes +~~ total memory allocated....: 5101538 bytes +~~ total memory freed........: 5101538 bytes ~~ total allocations/frees...: 103836/103836 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 450 chars diff --git a/test/results/weibo.pcap.out b/test/results/weibo.pcap.out index 61a6c8ce4..432571ee0 100644 --- a/test/results/weibo.pcap.out +++ b/test/results/weibo.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"weibo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1463089067804} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1463089067804} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089067804,"flow_last_seen":1463089067804,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1463089067804,"l3_proto":"ip4","src_ip":"216.58.210.14","dst_ip":"192.168.1.105","src_port":443,"dst_port":49361,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00619{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1463089067804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1463089067804,"pkt":"eJKcD6iOkDVu60UQCABFAAClAABAADMR2u3YOtIOwKgBaQG7wNEAkSEpAAl3y2T5ujTCSSEU5zJMPfXh7u\/a3oWq2yhhK1m4ny+qR4W2lfILr6Ils4h\/iqKUCkI0zipqePuQ8qDP3gfa2UEwOgxjQY6zEBJhdLLCAKezbAF+wpbNcZnrqI9Vp3iRS5CpzEuDxhuTRv5J009cEtkCA6nVS0D6WXhVs+S9\/EHIHeXl6YD1cbA="} 00854{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"weibo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1463089067804,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":353,"pkt_l4_len":319,"thread_ts_msec":1463089067804,"pkt":"eJKcD6iOkDVu60UQCABFAAFTAABAADMR2j\/YOtIOwKgBaQG7wNEBPzHaAAoUu93Ovdfsj+VZ99cgMeSVKfCKokSNRuOMv1PGF2DIkukcXrUmGkv\/ArCiq\/KK23NXKqXH3z8FxKfa8OQtN5x73GaADweitAmqYsU072yu9KsRUtnFIEIB5Y5LqWVX6vqXepSvfYCEhodq+tUiz0aSzdffkeHhLztt20iOOpChbjrtXhyjh2xOYPCWGl\/75gN\/zEEb2R9h09zfr5IUCExPcV8JWIdoh2fXU4mq9qytwCU0GOdjsWy12v2HhTBnSYnXaFz8kW\/ToyswW6z6hT26xiqWB5RJW9cvGUU8G6jKCXTHHR5WczEJ7NLt9QErBQKutf8Nh4rVBXW1avPgj1A0tNYSKXAcYt1eYGsw4tjOzS7DHafUDgikSZ+H9BNuGGXb1gwh45909vW3665ubMpNt9lmWoI="} @@ -236,7 +236,7 @@ 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":79,"flow_first_seen":1463089071613,"flow_last_seen":1463089072438,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":2872,"flow_tot_l4_payload_len":31898,"flow_avg_l4_payload_len":403,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"93.188.134.137","src_port":51698,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Sina(Weibo)","breed":"Fun","category":"SocialNetwork"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1463089073287,"flow_last_seen":1463089073760,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":150,"flow_avg_l4_payload_len":75,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":50640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00578{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1463089073394,"flow_last_seen":1463089073394,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1463089073893,"l3_proto":"ip4","src_ip":"192.168.1.105","dst_ip":"192.168.1.1","src_port":11798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} -00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-data-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-events-serialized":239,"global_ts_msec":1463089073893} +00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":498,"source":"weibo.pcap","alias":"nDPId-test","packets-captured":498,"packets-processed":498,"total-skipped-flows":0,"total-l4-data-len":234875,"total-not-detected-flows":0,"total-guessed-flows":21,"total-detected-flows":23,"total-detection-updates":11,"total-updates":0,"current-active-flows":0,"total-active-flows":44,"total-idle-flows":44,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":239,"global_ts_msec":1463089073893} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 498/498 ~~ skipped flows.............: 0 @@ -245,8 +245,8 @@ ~~ total active/idle flows...: 44/44 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4735702 bytes -~~ total memory freed........: 4735702 bytes +~~ total memory allocated....: 4735726 bytes +~~ total memory freed........: 4735726 bytes ~~ total allocations/frees...: 101809/101809 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 452 chars diff --git a/test/results/whatsapp_login_call.pcap.out b/test/results/whatsapp_login_call.pcap.out index edac8370c..98082082a 100644 --- a/test/results/whatsapp_login_call.pcap.out +++ b/test/results/whatsapp_login_call.pcap.out @@ -1,5 +1,5 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1432582222253} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432582222253} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582222253,"flow_last_seen":1432582222253,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1432582222253,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.172.100.70","src_port":49199,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582222253,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1432582222253,"pkt":"xiwDYGpkAPS5Jrv0CABFAAA0DNdAAEAG9U7AqAIEEaxkRsAvA+GIPSCcUlOPyIAQH\/poTQAAAQEICi36Gt0QlQ1l"} 00711{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432582222267,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":236,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":236,"pkt_l4_len":202,"thread_ts_msec":1432582222267,"pkt":"xiwDYGpkAPS5Jrv0CABFAADeU1tAAEAGriDAqAIEEaxkRsAvA+GIPSCcUlOPyIAYIAB\/kgAAAQEICi36GusQlQ1lFwMBACCNqYpymgjJuQNgLA+QJekfsmHWqykdlwnJ8t48lRIpCxcDAQCAv+6eyOO6KHhFdGRnKCRyPqihrwnYLrpV5EXpUrXv8Q2ow7fiZ\/ErfHE9ZAprbeZEb1cjDczzZ9GWtg7wUDK1rjYT+gKbhCMZiNQZ3QlWly2tQPPw5M7rqWdzOWy2ATMXqxCkXOBCTdOBYD70ikDCSIjo2fZ8\/cJDhiGvSnc\/9Rw="} @@ -345,7 +345,7 @@ 00844{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":15,"flow_first_seen":1432582258587,"flow_last_seen":1432582267438,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":660,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"1.194.90.191","src_port":51518,"dst_port":60312,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00600{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":53,"flow_first_seen":1432582230648,"flow_last_seen":1432582264928,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":15484,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49204,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1432582355253,"flow_last_seen":1432582356195,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":7941,"flow_avg_l4_payload_len":248,"midstream":0,"thread_ts_msec":1432582361929,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00499{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-data-len":132660,"total-not-detected-flows":0,"total-guessed-flows":22,"total-detected-flows":35,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-events-serialized":348,"global_ts_msec":1432582361929} +00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1253,"source":"whatsapp_login_call.pcap","alias":"nDPId-test","packets-captured":1253,"packets-processed":1251,"total-skipped-flows":0,"total-l4-data-len":132660,"total-not-detected-flows":0,"total-guessed-flows":22,"total-detected-flows":35,"total-detection-updates":9,"total-updates":0,"current-active-flows":0,"total-active-flows":57,"total-idle-flows":57,"total-compressions":22,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":348,"global_ts_msec":1432582361929} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 1253/1251 ~~ skipped flows.............: 0 @@ -354,8 +354,8 @@ ~~ total active/idle flows...: 57/57 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4809392 bytes -~~ total memory freed........: 4809392 bytes +~~ total memory allocated....: 4809416 bytes +~~ total memory freed........: 4809416 bytes ~~ total allocations/frees...: 102620/102620 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 466 chars diff --git a/test/results/whatsapp_login_chat.pcap.out b/test/results/whatsapp_login_chat.pcap.out index 4dbca37fd..62b67610a 100644 --- a/test/results/whatsapp_login_chat.pcap.out +++ b/test/results/whatsapp_login_chat.pcap.out @@ -1,5 +1,5 @@ 00470{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00477{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1432582377898} +00556{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432582377898} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432582377898,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1432582377898,"pkt":"\/\/\/\/\/\/\/\/xiwDYGpkCABFAABI56kAAEARDKvAqAIBwKgC\/+EV4RUANKgAU3BvdFVkcDCYJeGQmjjiDQABAARIlcID1NylhjSgAeWF26p2NNVFJFGe2SE="} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582377898,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} @@ -48,7 +48,7 @@ 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432582402666,"flow_last_seen":1432582402666,"flow_idle_time":180000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"224.0.0.251","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1432582377898,"flow_last_seen":1432582377898,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.1","dst_ip":"192.168.2.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":44,"flow_first_seen":1432582381179,"flow_last_seen":1432582385071,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18995,"flow_avg_l4_payload_len":431,"midstream":1,"thread_ts_msec":1432582431565,"l3_proto":"ip4","src_ip":"192.168.2.4","dst_ip":"17.173.66.102","src_port":49205,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}} -00487{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-data-len":24799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-events-serialized":51,"global_ts_msec":1432582431565} +00566{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"whatsapp_login_chat.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":93,"total-skipped-flows":0,"total-l4-data-len":24799,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":9,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":9,"total-idle-flows":9,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":51,"global_ts_msec":1432582431565} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 93/93 ~~ skipped flows.............: 0 @@ -57,8 +57,8 @@ ~~ total active/idle flows...: 9/9 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4695615 bytes -~~ total memory freed........: 4695615 bytes +~~ total memory allocated....: 4695639 bytes +~~ total memory freed........: 4695639 bytes ~~ total allocations/frees...: 101263/101263 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 475 chars diff --git a/test/results/whatsapp_voice_and_message.pcap.out b/test/results/whatsapp_voice_and_message.pcap.out index 85c583212..eb24e7155 100644 --- a/test/results/whatsapp_voice_and_message.pcap.out +++ b/test/results/whatsapp_voice_and_message.pcap.out @@ -1,5 +1,5 @@ 00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00484{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1432820558921} +00563{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1432820558921} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1432820558921,"flow_last_seen":1432820558921,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1432820558921,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"184.173.179.46","src_port":35480,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1432820558921,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1432820558921,"pkt":"ABoRAAACABoRAAABCABFAAA89o5AAEAGzkgKCAABuK2zLoqYAbsGFK3rAAAAAKACOQj9WQAAAgQFtAQCCAoABFtlAAAAAAEDAwQ="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1432820558982,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1432820558982,"pkt":"ABoRAAACABoRAAABCABFAAAoAAJAABAG9Om4rbMuCggAAQG7ipj561IUBhSt7FAS\/\/+tmQAA"} @@ -78,7 +78,7 @@ 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567917,"flow_last_seen":1432820626171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.74.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00704{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1432820567259,"flow_last_seen":1432820625171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":466,"flow_avg_l4_payload_len":93,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"31.13.84.48","src_port":53620,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.WhatsAppCall","breed":"Acceptable","category":"VoIP"}} 00699{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":52,"flow_first_seen":1432820681899,"flow_last_seen":1432820691973,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":254,"flow_tot_l4_payload_len":1783,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1432820695137,"l3_proto":"ip4","src_ip":"10.8.0.1","dst_ip":"158.85.58.109","src_port":49721,"dst_port":5222,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WhatsApp","breed":"Acceptable","category":"Chat"}} -00500{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-data-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-events-serialized":81,"global_ts_msec":1432820695137} +00579{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":261,"source":"whatsapp_voice_and_message.pcap","alias":"nDPId-test","packets-captured":261,"packets-processed":261,"total-skipped-flows":0,"total-l4-data-len":14389,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":13,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":13,"total-idle-flows":13,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":81,"global_ts_msec":1432820695137} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 261/261 ~~ skipped flows.............: 0 @@ -87,8 +87,8 @@ ~~ total active/idle flows...: 13/13 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4716279 bytes -~~ total memory freed........: 4716279 bytes +~~ total memory allocated....: 4716303 bytes +~~ total memory freed........: 4716303 bytes ~~ total allocations/frees...: 101447/101447 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 472 chars diff --git a/test/results/whatsappfiles.pcap.out b/test/results/whatsappfiles.pcap.out index 89b24f2d9..aa33bc9b4 100644 --- a/test/results/whatsappfiles.pcap.out +++ b/test/results/whatsappfiles.pcap.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whatsappfiles.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1519924083411} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1519924083411} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1519924083411,"flow_last_seen":1519924083411,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1519924083411,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1519924083411,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1519924083411,"pkt":"XEl5dU5qkLkxKPrKCABFAABAAABAAEAG5oDAqAIduTzYNcIKAbs8JoRvAAAAALDC\/\/8eywAAAgQFtAEDAwYBAQgKKOUV+QAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1519924083501,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1519924083501,"pkt":"kLkxKPrKXEl5dU5qCABFAAA8AABAAFUG0YS5PNg1wKgCHQG7wgonNGFZPCaEcKASbTj4zgAAAgQFggQCCAoJITj5KOUV+QEDAwg="} @@ -15,7 +15,7 @@ 00963{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1519924240121,"flow_last_seen":1519924240244,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":110,"midstream":0,"thread_ts_msec":1519924240244,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mmg-fna.whatsapp.net","ja3":"4e1a414c4f4c99097edd2a9a98e336c8","ja3s":"96681175a9547081bf3d417f1a572091","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00706{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":310,"flow_first_seen":1519924083411,"flow_last_seen":1519924193429,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":183524,"flow_avg_l4_payload_len":592,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49674,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.WhatsAppFiles","breed":"Acceptable","category":"Download"}} 00596{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":310,"flow_first_seen":1519924240121,"flow_last_seen":1519924247388,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1398,"flow_tot_l4_payload_len":226819,"flow_avg_l4_payload_len":731,"midstream":0,"thread_ts_msec":1519924247388,"l3_proto":"ip4","src_ip":"192.168.2.29","dst_ip":"185.60.216.53","src_port":49698,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-data-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":18,"global_ts_msec":1519924247388} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":620,"source":"whatsappfiles.pcap","alias":"nDPId-test","packets-captured":620,"packets-processed":620,"total-skipped-flows":0,"total-l4-data-len":410343,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":18,"global_ts_msec":1519924247388} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 620/620 ~~ skipped flows.............: 0 @@ -24,8 +24,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4709195 bytes -~~ total memory freed........: 4709195 bytes +~~ total memory allocated....: 4709219 bytes +~~ total memory freed........: 4709219 bytes ~~ total allocations/frees...: 101780/101780 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 469 chars diff --git a/test/results/whois.pcapng.out b/test/results/whois.pcapng.out index b034f5b9f..95e6a165f 100644 --- a/test/results/whois.pcapng.out +++ b/test/results/whois.pcapng.out @@ -1,11 +1,11 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"whois.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1507397119066} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1507397119066} 00569{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1507397119066,"flow_last_seen":1507397119066,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1507397119066,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1507397119066,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1507397119066,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="} 00458{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1507397119183,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1507397119183,"pkt":"UlQAEjUCCAAnPqwxCABFAAAofopAAEAGwPsKAAIPwAAvO6ycACuFe1kDAJdeAlAQchD7ZAAA"} 00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1507397119066,"flow_last_seen":1507397119183,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":13,"flow_tot_l4_payload_len":13,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1507397119183,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-data-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1604305198454} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":12,"packets-processed":11,"total-skipped-flows":0,"total-l4-data-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1604305198454} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1604305198454,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1604305198454,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1604305198454,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_msec":1604305198454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="} @@ -13,7 +13,7 @@ 01073{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1604305198454,"flow_last_seen":1604305198677,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":170,"flow_tot_l4_payload_len":170,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1604305198677,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 01276{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","alpn":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5"}} 00678{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1507397119066,"flow_last_seen":1507397119369,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":233,"flow_tot_l4_payload_len":246,"flow_avg_l4_payload_len":22,"midstream":0,"thread_ts_msec":1604305198690,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} -00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-data-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":16,"global_ts_msec":1623517268690} +00551{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":19,"packets-processed":18,"total-skipped-flows":0,"total-l4-data-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1623517268690} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623517268690,"flow_last_seen":1623517268690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623517268690,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1623517268690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_msec":1623517268690,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="} 02064{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_msec":1623517269021,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="} @@ -21,7 +21,7 @@ 00926{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1604305198454,"flow_last_seen":1604305198690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1220,"flow_tot_l4_payload_len":1560,"flow_avg_l4_payload_len":222,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"24": {"risk":"Missing SNI TLS Extension","severity":"Medium","risk_score": {"total":500,"client":350,"server":150}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00656{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Whois-DAS","breed":"Acceptable","category":"Network"}} 00583{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":5,"flow_first_seen":1623517268690,"flow_last_seen":1623517269021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1200,"flow_tot_l4_payload_len":3114,"flow_avg_l4_payload_len":622,"midstream":0,"thread_ts_msec":1623517269021,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-data-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":24,"global_ts_msec":1623517269021} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"whois.pcapng","alias":"nDPId-test","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-data-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":24,"global_ts_msec":1623517269021} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 23/23 ~~ skipped flows.............: 0 @@ -30,8 +30,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4691876 bytes -~~ total memory freed........: 4691876 bytes +~~ total memory allocated....: 4691900 bytes +~~ total memory freed........: 4691900 bytes ~~ total allocations/frees...: 101179/101179 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/wireguard.pcap.out b/test/results/wireguard.pcap.out index 60140bbdb..d58124483 100644 --- a/test/results/wireguard.pcap.out +++ b/test/results/wireguard.pcap.out @@ -1,5 +1,5 @@ 00460{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"wireguard.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00467{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1563973554628} +00546{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1563973554628} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1563973554628,"flow_last_seen":1563973554628,"flow_idle_time":180000,"flow_min_l4_payload_len":800,"flow_max_l4_payload_len":800,"flow_tot_l4_payload_len":800,"flow_avg_l4_payload_len":800,"midstream":0,"thread_ts_msec":1563973554628,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 01528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1563973554628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":842,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":842,"pkt_l4_len":808,"thread_ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAAM8FXkAADURYEKLosCdwKgADspsjRQDKLH1BAAAAL5AaY1rAAAAAAAAANUJ2VrXQI01RZfJr8PEwgZEhNNcu6x03VWSZ67dhAHHTWKcRpBFkk8NVHd\/C4D4pz\/puWqoUUxKuxxH6YlcxuxAvZFB0Na5O4CW6jEyMIx3UMKSHboRTInUKfs0ifRWz\/ah3LYVezBxxWAse8HA4hp9J+12MZT8TmyygIwyCCaeEvoUQjFc6leSZrAZpKnPNseLUtXq9seSkA+QHufBd5P\/nAxkid4Fwq057VLJqJcJvFJRIdSNrsUBNHlMd2O226LQDMo6+sXnZNRhM\/0lY6T99lZ2rtutA5g+LROCm\/BZLu+Ww0aOhZ9T5CPKvl1MXzbqDpHjEWohQohUG62HCabsLz2Pl6HJpafmxv\/xXmUvqTxvWO5iYVSI4YH0rzZVN3aVdPUxgXYG+W8rSU+st0bg\/OnAMZWFzotivj2mfqRsGMWV3egRFwhvlfe7Fuv0OvGM3s9ZvinFAlmQZqUDOt74G5zoedU\/69v6LWqjWqMgwmKLQ\/lMwt2MnS6hiTwk\/iqPpTIM8RYnxG13RvjKDr4JXT\/U7OnZL63BA8kKbkL5zeTL+gL4bvPs8T4bLqWJpX+KPgKK5qcCbrRIXtRaFjvffCmBHmxiams\/n7B6m2DssFWcjX1Ev1oBu1UMKN6t2aeneW6ZYl4Q+afpKmmTZbh75sYoA8rPXxM4Q6E\/CvQ8xKFJuG12US4vfj96Tg+HLqjTKQn0aT3tP\/WRrjoWHz5nOKAwY2ssdZ\/sOQ7Z4I975oMYqMkolPHC\/IQyZ00spefKrUv00QdKXcsmU90gzx2i\/XncJUiW6+cRr5y\/xIasdRDvxOeWrnEuyr4eneiO5Pi37MXP8f2E65R6K8EWKkhOt2QxypTL9OYJAB3d80dQUxikTgyJwcF9uQEqgJNA\/GZhO2rBxL\/P3ze0It5qd4umjz9rSz1Tj4x9V7iRrPWik7ncKTUF\/OLBOu3ao3EyUG8u2N+GMLh6DNMnc3AMj260R63yyZIj87BZpn+95duhzSfs8I4u6YbCy54JPpusEK7oluD\/Hy2\/DI77VPA2QYc="} 00629{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1563973554628,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1563973554628,"pkt":"OCxKuzMdABAY3q0FCABFAACsFXoAADURYtGLosCdwKgADspsjRQAmIUlBAAAAL5AaY1sAAAAAAAAAApaAsrtXpH1hJEWMIaMon2Jp07DYKtFnos9KJ2dxNXsnPOlMw8teGIqqtQyAhfCvZKfSoj8FKmPC1PCtu8qqniK567s\/wF6cALr5IJXHXdFnmr1I94kKjzDU62XCT24xGedWrUZRek84+e2Fsx1lJJ6NR9cFgw9VnO9J77GX8hL"} @@ -8,7 +8,7 @@ 00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1654,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1653,"flow_first_seen":1563973554628,"flow_last_seen":1563973742644,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":464906,"flow_avg_l4_payload_len":281,"midstream":0,"thread_ts_msec":1563973742644,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} 00698{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":2391,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2390,"flow_first_seen":1563973554628,"flow_last_seen":1563973930443,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":632512,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1563973930443,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":2399,"flow_first_seen":1563973554628,"flow_last_seen":1563973935842,"flow_idle_time":180000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":1362,"flow_tot_l4_payload_len":633424,"flow_avg_l4_payload_len":264,"midstream":0,"thread_ts_msec":1563973935842,"l3_proto":"ip4","src_ip":"139.162.192.157","dst_ip":"192.168.0.14","src_port":51820,"dst_port":36116,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"WireGuard","breed":"Acceptable","category":"VPN"}} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","packets-captured":2399,"packets-processed":2399,"total-skipped-flows":0,"total-l4-data-len":633424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":11,"global_ts_msec":1563973935842} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2399,"source":"wireguard.pcap","alias":"nDPId-test","packets-captured":2399,"packets-processed":2399,"total-skipped-flows":0,"total-l4-data-len":633424,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":2,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_msec":1563973935842} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 2399/2399 ~~ skipped flows.............: 0 @@ -17,8 +17,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4749369 bytes -~~ total memory freed........: 4749369 bytes +~~ total memory allocated....: 4749393 bytes +~~ total memory freed........: 4749393 bytes ~~ total allocations/frees...: 103542/103542 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 465 chars diff --git a/test/results/youtube_quic.pcap.out b/test/results/youtube_quic.pcap.out index 98f4b02fd..7b07aa21d 100644 --- a/test/results/youtube_quic.pcap.out +++ b/test/results/youtube_quic.pcap.out @@ -1,5 +1,5 @@ 00463{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtube_quic.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00470{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1489363823466} +00549{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1489363823466} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02254{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1489363823466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1489363823466,"pkt":"gCqojWksxCwDBkn+CABFAAViKp8AAEARAADAqAEH2DrNQtbVAbsFTmyMDZNw4V58RG0IUTAzNQHEx\/Yat8K2lJx\/xfCgAQAEQ0hMTx0AAABQQUQABgEAAFNOSQAjAQAAU1RLAF0BAABWRVIAYQEAAENDUwBxAQAATk9OQ5EBAABNU1BDlQEAAEFFQUSZAQAAVUFJRMgBAABTQ0lE2AEAAFRDSUTcAQAAUERNROABAABTUkJG5AEAAFNNSEzoAQAASUNTTOwBAABDVElN9AEAAE5PTlAUAgAAUFVCUzQCAABNSURTOAIAAFNDTFM8AgAAS0VYU0ACAABYTENUSAIAAENTQ1RIAgAAQ09QVEgCAABDQ1JUYAIAAElSVFRkAgAAQ0VUVggDAABDRkNXDAMAAFNGQ1cQAwAALS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLXBhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tfyKC9MwN17piZVNU\/QkmmE3zDBRwXexEviTXtQHZlZT\/o0M3FJ3WOBZp5lL5RXIaTAX\/iszgW7Ui51EwMzUB6IFgkpIa6H7tgIaiFYKRWMXjbzAwMDAwMDAwAGp0dp4RQa9ev39thoVizX7vQxRkAAAAQ0MyMGJldGEgQ2hyb21lLzU3LjAuMjk4Ny45OCBJbnRlbCBNYWMgT1MgWCAxMF8xMl8za3Zj9RsCsgRL78LWSY4+jwAAAABYNTA5AAAQAAEAAAAeAAAAb+PFWAAAAABoJX9SS1LMMIZlh9cGt32w74KlkbfLCJvYbB6phUnjYtV\/J7+3T+WICkKGmxl0apInEplRSWcqg\/3qI+CqJwNXZAAAAAEAAABDMjU1HvdI4XZwU8Me90jhdnBTwz2t9HxBefiRQAt7kKmuees2jgEAnGVpdpNkhQuOQ0r1tyTPo1k8IEM71wOV+MDwud\/WmN8O\/bZt8M5S76zS6GQgUAsZfJUzhYMLh2DzCj0s2UxZDpdWlDQ\/KBiEO80tVmE+bGp5czdFQGnhi\/134fgolaoUotcrvEChNXZdSQ7ze+ZsVxVgDQIPLJn5KItVO0bNTbdFJlK9ck\/6gUes9AlK+Lowm7raNBTPfJpo34tpsNA3toSRqnAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00799{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1489363823466,"flow_last_seen":1489363823466,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1489363823466,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"},"quic": {"client_requested_server_name":"pagead2.googlesyndication.com","user_agent":"beta Chrome\/57.0.2987.98 Intel Mac OS X 10_12_3"}} @@ -18,7 +18,7 @@ 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":258,"flow_first_seen":1489363823738,"flow_last_seen":1489363826862,"flow_idle_time":180000,"flow_min_l4_payload_len":31,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":167659,"flow_avg_l4_payload_len":649,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.198.33","src_port":56074,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTube","breed":"Fun","category":"Media"}} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1489363823466,"flow_last_seen":1489363824024,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":3933,"flow_avg_l4_payload_len":302,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":54997,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":18,"flow_first_seen":1489363824401,"flow_last_seen":1489363824840,"flow_idle_time":180000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":7909,"flow_avg_l4_payload_len":439,"midstream":0,"thread_ts_msec":1489363826862,"l3_proto":"ip4","src_ip":"192.168.1.7","dst_ip":"216.58.205.66","src_port":53859,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.Google","breed":"Acceptable","category":"Advertisement"}} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","packets-captured":289,"packets-processed":289,"total-skipped-flows":0,"total-l4-data-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":21,"global_ts_msec":1489363826862} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":289,"source":"youtube_quic.pcap","alias":"nDPId-test","packets-captured":289,"packets-processed":289,"total-skipped-flows":0,"total-l4-data-len":179501,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_msec":1489363826862} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 289/289 ~~ skipped flows.............: 0 @@ -27,8 +27,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4690067 bytes -~~ total memory freed........: 4690067 bytes +~~ total memory allocated....: 4690091 bytes +~~ total memory freed........: 4690091 bytes ~~ total allocations/frees...: 101441/101441 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 468 chars diff --git a/test/results/youtubeupload.pcap.out b/test/results/youtubeupload.pcap.out index 80e7fa523..08bf329c6 100644 --- a/test/results/youtubeupload.pcap.out +++ b/test/results/youtubeupload.pcap.out @@ -1,5 +1,5 @@ 00464{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"youtubeupload.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1511102576794} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1511102576794} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 02246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1511102576794,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1392,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1392,"pkt_l4_len":1358,"thread_ts_msec":1511102576794,"pkt":"XEl5dU5q2MuK4S0uCABFAAViAT5AAIARbUHAqAIbrNkXb8rVAbsFThECDZHSvk7nMdgaUTAzOQFHnN3hyT1jd4lP+l6gAQUUQ0hMTxMAAABQQUQAywMAAFNOSQDdAwAAVkVSAOEDAABDQ1MA8QMAAE1TUEP1AwAAVUFJRCQEAABUQ0lEKAQAAFBETUQsBAAAU01ITDAEAABJQ1NMNAQAAENUSU08BAAATk9OUFwEAABNSURTYAQAAFNDTFNkBAAAQ1NDVGQEAABDT1BUaAQAAElSVFRsBAAAQ0ZDV3AEAABTRkNXdAQAAC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tdXBsb2FkLnlvdXR1YmUuY29tUTAzOQHogWCSkhrofu2AhqIVgpFkAAAAQ2hyb21lLzYyLjAuMzIwMi45NCBXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQAAAAAWDUwOQEAAAAeAAAAc5gRWgAAAABmJfKEu+Ky\/D790R+7T+2\/0X2\/pJXF+QSwhgBhJRTmB2QAAAABAAAANVJUT5jAAAAAAPAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1511102576794,"flow_last_seen":1511102576794,"flow_idle_time":180000,"flow_min_l4_payload_len":1350,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":1350,"flow_avg_l4_payload_len":1350,"midstream":0,"thread_ts_msec":1511102576794,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"},"quic": {"client_requested_server_name":"upload.youtube.com","user_agent":"Chrome\/62.0.3202.94 Windows NT 10.0; Win64; x64"}} @@ -20,7 +20,7 @@ 00695{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1511102576835,"flow_last_seen":1511102576954,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1430,"flow_tot_l4_payload_len":4704,"flow_avg_l4_payload_len":361,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":57452,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.YouTubeUpload","breed":"Fun","category":"Media"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":100,"flow_first_seen":1511102576794,"flow_last_seen":1511102580286,"flow_idle_time":180000,"flow_min_l4_payload_len":16,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":102276,"flow_avg_l4_payload_len":1022,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":51925,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1511102578051,"flow_last_seen":1511102594936,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":1350,"flow_tot_l4_payload_len":14106,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1511102594936,"l3_proto":"ip4","src_ip":"192.168.2.27","dst_ip":"172.217.23.111","src_port":62232,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"QUIC.YouTubeUpload","breed":"Fun","category":"Media"}} -00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-data-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-events-serialized":23,"global_ts_msec":1511102594936} +00564{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":137,"source":"youtubeupload.pcap","alias":"nDPId-test","packets-captured":137,"packets-processed":137,"total-skipped-flows":0,"total-l4-data-len":121086,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":23,"global_ts_msec":1511102594936} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 137/137 ~~ skipped flows.............: 0 @@ -29,8 +29,8 @@ ~~ total active/idle flows...: 3/3 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4695923 bytes -~~ total memory freed........: 4695923 bytes +~~ total memory allocated....: 4695947 bytes +~~ total memory freed........: 4695947 bytes ~~ total allocations/frees...: 101307/101307 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 467 chars diff --git a/test/results/z3950.pcapng.out b/test/results/z3950.pcapng.out index 3d3451929..03786497b 100644 --- a/test/results/z3950.pcapng.out +++ b/test/results/z3950.pcapng.out @@ -1,10 +1,10 @@ 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"z3950.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00465{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1623680697296} +00544{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1623680697296} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1623680697296,"flow_last_seen":1623680697296,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1623680697296,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1623680697296,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623680697296,"pkt":"eJS0JASgYDjgxTWgCABFAAA07vtAAH8Gl6\/AqAJkwa7wXeYpANJ85vsBAAAAAIAC+vCgIgAAAgQFtAEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1623680697327,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1623680697327,"pkt":"YDjgxTWgeJS0JASgCABFAAA0AABAADYGz6vBrvBdwKgCZADS5indlQhqfOb7AoAS+vC6GgAAAgQFrAEBBAIBAwMH"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1623680697329,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1623680697329,"pkt":"eJS0JASgYDjgxTWgCABFAAAo7vxAAH8Gl7rAqAJkwa7wXeYpANJ85vsC3ZUIa1AQAgTz0QAA"} -00471{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":1625070123680} +00550{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":16,"packets-processed":15,"total-skipped-flows":0,"total-l4-data-len":4151,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":7,"global_ts_msec":1625070123680} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1625070123680,"flow_last_seen":1625070123680,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1625070123680,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1625070123680,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1625070123680,"pkt":"YDjgxTWgABjzZLGICABFAAA0k\/xAAJAGiSTAqAAUgbuLK7W8JweM39PGAAAAAIAC+vDNyQAAAgQFtAEBBAIBAwMH"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1625070123709,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1625070123709,"pkt":"ABjzZLGIYDjgxTWgCABFAAA0AABAADUGeCGBu4srwKgAFCcHtbz4JgxZjN\/Tx4ASchDtagAAAgQFrAEBBAIBAwMH"} @@ -13,7 +13,7 @@ 00587{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":15,"flow_first_seen":1623680697296,"flow_last_seen":1623680698846,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4151,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1625070132777,"l3_proto":"ip4","src_ip":"192.168.2.100","dst_ip":"193.174.240.93","src_port":58921,"dst_port":210,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":26,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1625070123680,"flow_last_seen":1625070196998,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":368,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1625070196998,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} 00823{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1625070123680,"flow_last_seen":1625070200217,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":113,"flow_tot_l4_payload_len":411,"flow_avg_l4_payload_len":25,"midstream":0,"thread_ts_msec":1625070200217,"l3_proto":"ip4","src_ip":"192.168.0.20","dst_ip":"129.187.139.43","src_port":46524,"dst_port":9991,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"Z39.50","breed":"Acceptable","category":"Network"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-data-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":16,"global_ts_msec":1625070200217} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":31,"source":"z3950.pcapng","alias":"nDPId-test","packets-captured":31,"packets-processed":31,"total-skipped-flows":0,"total-l4-data-len":4562,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":1,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1625070200217} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 31/31 ~~ skipped flows.............: 0 @@ -22,8 +22,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4692730 bytes -~~ total memory freed........: 4692730 bytes +~~ total memory allocated....: 4692754 bytes +~~ total memory freed........: 4692754 bytes ~~ total allocations/frees...: 101183/101183 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 453 chars diff --git a/test/results/zabbix.pcap.out b/test/results/zabbix.pcap.out index 59e111b01..9cb3b1be7 100644 --- a/test/results/zabbix.pcap.out +++ b/test/results/zabbix.pcap.out @@ -1,12 +1,12 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zabbix.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1572254070608} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1572254070608} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA85AdAAEAGTujAqENiwKhDGd9KJ0JwAdHUAAAAAKACchAH+wAAAgQFtAQCCAorwjXTAAAAAAEDAwc="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1572254070608,"pkt":"OjUSPEK7RoQclwmZCABFAAA8AABAAEAGMvDAqEMZwKhDYidC30pw8XhkcAHR1aAScSDKPwAAAgQFtAQCCAorfUX3K8I10wEDAwc="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1572254070608,"pkt":"RoQclwmZOjUSPEK7CABFAAA05AhAAEAGTu\/AqENiwKhDGd9KJ0JwAdHVcPF4ZYAQAOUH8wAAAQEICivCNdQrfUX3"} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1572254070608,"flow_last_seen":1572254070608,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1572254070608,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} 00680{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1572254070608,"flow_last_seen":1572254070614,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":3,"midstream":0,"thread_ts_msec":1572254070614,"l3_proto":"ip4","src_ip":"192.168.67.98","dst_ip":"192.168.67.25","src_port":57162,"dst_port":10050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Zabbix","breed":"Acceptable","category":"Network"}} -00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":9,"global_ts_msec":1572254070614} +00549{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":10,"source":"zabbix.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":10,"total-skipped-flows":0,"total-l4-data-len":39,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":9,"global_ts_msec":1572254070614} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 10/10 ~~ skipped flows.............: 0 @@ -15,8 +15,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4680088 bytes -~~ total memory freed........: 4680088 bytes +~~ total memory allocated....: 4680112 bytes +~~ total memory freed........: 4680112 bytes ~~ total allocations/frees...: 101153/101153 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 462 chars diff --git a/test/results/zattoo.pcap.out b/test/results/zattoo.pcap.out index 110b5da37..ac8cfa3f6 100644 --- a/test/results/zattoo.pcap.out +++ b/test/results/zattoo.pcap.out @@ -1,5 +1,5 @@ 00457{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zattoo.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00464{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1614851148233} +00543{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1614851148233} 00568{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1614851148233,"flow_last_seen":1614851148233,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1614851148233,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1614851148233,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148233,"pkt":"5kBKB+riApXG95NLCABFAAAw4ZkAAIAGAAAKZQACCmYAAgtyAbsk8\/zrAAAAAHACgAEU8QAAAgQFtAMDAQA="} 00459{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1614851148234,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1614851148234,"pkt":"ApXG95NL5kBKB+riCABFAAAw4ZMAAH8GRWYKZgACCmUAAgG7C3Ik9AFrJPP87HASgAGZ0wAAAgQFtAMDAQA="} @@ -13,7 +13,7 @@ 00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1614851148248,"flow_last_seen":1614851148248,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":401,"flow_tot_l4_payload_len":401,"flow_avg_l4_payload_len":100,"midstream":0,"thread_ts_msec":1614851148248,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"},"http": {"hostname":"zattosecurehd2-f.akamaihd.net","url":"zattosecurehd2-f.akamaihd.net\/crossdomain.xml","code":0,"content_type":"","user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko\/20100101 Firefox\/6.0"}} 00911{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":11,"flow_first_seen":1614851148233,"flow_last_seen":1614851148238,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1165,"flow_tot_l4_payload_len":3626,"flow_avg_l4_payload_len":329,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2930,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zattoo","breed":"Fun","category":"Video"}} 00671{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1614851148248,"flow_last_seen":1614851148254,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":961,"flow_tot_l4_payload_len":8045,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1614851148254,"l3_proto":"ip4","src_ip":"10.101.0.2","dst_ip":"10.102.0.2","src_port":2936,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"HTTP.Zattoo","breed":"Fun","category":"Video"}} -00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":16,"global_ts_msec":1614851148254} +00553{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":32,"source":"zattoo.pcap","alias":"nDPId-test","packets-captured":32,"packets-processed":32,"total-skipped-flows":0,"total-l4-data-len":11671,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":16,"global_ts_msec":1614851148254} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 32/32 ~~ skipped flows.............: 0 @@ -22,8 +22,8 @@ ~~ total active/idle flows...: 2/2 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4683957 bytes -~~ total memory freed........: 4683957 bytes +~~ total memory allocated....: 4683981 bytes +~~ total memory freed........: 4683981 bytes ~~ total allocations/frees...: 101184/101184 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/zcash.pcap.out b/test/results/zcash.pcap.out index 56411c829..a8a98d43a 100644 --- a/test/results/zcash.pcap.out +++ b/test/results/zcash.pcap.out @@ -1,13 +1,13 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zcash.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1514196094240} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1514196094240} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1514196094240,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1514196094240,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1514196094240,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094240,"pkt":"fmgbW\/gUcIXCQA64CABFAAA8ux1AAEAGRaDAqAJcsiDE2deWI1qAnf85AAAAAKACchAV6gAAAgQFtAQCCApPjruwAAAAAAEDAwc="} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1514196094322,"pkt":"cIXCQA64fmgbW\/gUCABFAAA8AABAADMGDb6yIMTZwKgCXCNa15Yj5r0mgJ3\/OqAScSDZNwAAAgQFtAQCCArshW\/8T467sAEDAwk="} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1514196094322,"pkt":"fmgbW\/gUcIXCQA64CABFAAA0ux5AAEAGRafAqAJcsiDE2deWI1qAnf86I+a9J4AQAOV4LAAAAQEICk+Ou8XshW\/8"} 00880{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1514196094240,"flow_last_seen":1514196094322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":260,"flow_tot_l4_payload_len":260,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1514196094322,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":88,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":88,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":6805,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1514196730496} +00548{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":88,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":88,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":6805,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":8,"global_ts_msec":1514196730496} 00925{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":145,"flow_first_seen":1514196094240,"flow_last_seen":1514197248783,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":303,"flow_tot_l4_payload_len":11022,"flow_avg_l4_payload_len":76,"midstream":0,"thread_ts_msec":1514197248783,"l3_proto":"ip4","src_ip":"192.168.2.92","dst_ip":"178.32.196.217","src_port":55190,"dst_port":9050,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"Mining","breed":"Unsafe","category":"Mining"}} -00476{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":145,"packets-processed":145,"total-skipped-flows":0,"total-l4-data-len":11022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":10,"global_ts_msec":1514197248783} +00555{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":145,"source":"zcash.pcap","alias":"nDPId-test","packets-captured":145,"packets-processed":145,"total-skipped-flows":0,"total-l4-data-len":11022,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":10,"global_ts_msec":1514197248783} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 145/145 ~~ skipped flows.............: 0 @@ -16,8 +16,8 @@ ~~ total active/idle flows...: 1/1 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4694259 bytes -~~ total memory freed........: 4694259 bytes +~~ total memory allocated....: 4694283 bytes +~~ total memory freed........: 4694283 bytes ~~ total allocations/frees...: 101291/101291 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars diff --git a/test/results/zoom.pcap.out b/test/results/zoom.pcap.out index 7da81c296..5174f5548 100644 --- a/test/results/zoom.pcap.out +++ b/test/results/zoom.pcap.out @@ -1,5 +1,5 @@ 00455{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00462{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1569520466080} +00541{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1569520466080} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00735{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520466080,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjbcQAAAQEICiWcznNwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 01035{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520466080,"flow_last_seen":1569520466080,"flow_idle_time":7440000,"flow_min_l4_payload_len":199,"flow_max_l4_payload_len":199,"flow_tot_l4_payload_len":199,"flow_avg_l4_payload_len":199,"midstream":1,"thread_ts_msec":1569520466080,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"172.217.21.72","src_port":54854,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS.GoogleServices","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.googletagmanager.com","ja3":"d78489b860c8bf7838a6ff0b4d131541","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} @@ -208,7 +208,7 @@ 00586{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":16,"flow_first_seen":1569520469341,"flow_last_seen":1569520469413,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1418,"flow_tot_l4_payload_len":5783,"flow_avg_l4_payload_len":361,"midstream":1,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"35.186.224.53","src_port":53872,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00823{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":210,"flow_first_seen":1569520471189,"flow_last_seen":1569520473190,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":57752,"flow_avg_l4_payload_len":275,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":54871,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Zoom","breed":"Acceptable","category":"Video"}} 00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569520469984,"flow_last_seen":1569520470021,"flow_idle_time":180000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1569520473198,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"192.168.1.1","src_port":62988,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Zoom","breed":"Acceptable","category":"Video"}} -00481{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-data-len":329478,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":29,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-events-serialized":211,"global_ts_msec":1569520473198} +00560{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":700,"source":"zoom.pcap","alias":"nDPId-test","packets-captured":700,"packets-processed":697,"total-skipped-flows":0,"total-l4-data-len":329478,"total-not-detected-flows":0,"total-guessed-flows":4,"total-detected-flows":29,"total-detection-updates":23,"total-updates":0,"current-active-flows":0,"total-active-flows":33,"total-idle-flows":33,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":211,"global_ts_msec":1569520473198} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 700/697 ~~ skipped flows.............: 0 @@ -217,8 +217,8 @@ ~~ total active/idle flows...: 33/33 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 4867691 bytes -~~ total memory freed........: 4867691 bytes +~~ total memory allocated....: 4867715 bytes +~~ total memory freed........: 4867715 bytes ~~ total allocations/frees...: 102013/102013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 187 chars diff --git a/test/results/zoom2.pcap.out b/test/results/zoom2.pcap.out index ee7cef7ae..26d1be9ef 100644 --- a/test/results/zoom2.pcap.out +++ b/test/results/zoom2.pcap.out @@ -1,5 +1,5 @@ 00456{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"zoom2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} -00463{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1642965458402} +00542{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_msec":1642965458402} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1642965458402,"flow_last_seen":1642965458402,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1642965458402,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1642965458402,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1642965458402,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGngDAqAGykMNJmsOcAbton\/9jAAAAALAC\/\/+GrAAAAgQFtAEDAwUBAQgKBNjhZQAAAAAEAgAA"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1642965458577,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1642965458577,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADEGrQSQw0mawKgBsgG7w5wp5A9SaJ\/\/ZKASqbBcNQAAAgQFrAQCCApc+vuKBNjhZQEDAww="} @@ -35,7 +35,7 @@ 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":2230,"flow_first_seen":1642965460219,"flow_last_seen":1642965500203,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":334,"flow_tot_l4_payload_len":368542,"flow_avg_l4_payload_len":165,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":8731,"flow_first_seen":1642965459595,"flow_last_seen":1642965500185,"flow_idle_time":180000,"flow_min_l4_payload_len":14,"flow_max_l4_payload_len":1297,"flow_tot_l4_payload_len":7999131,"flow_avg_l4_payload_len":916,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00651{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1642965500049,"flow_last_seen":1642965500203,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":972,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1642965502810,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} -00484{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":11977,"packets-processed":11977,"total-skipped-flows":0,"total-l4-data-len":8482462,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-events-serialized":38,"global_ts_msec":1642965502810} +00563{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11977,"source":"zoom2.pcap","alias":"nDPId-test","packets-captured":11977,"packets-processed":11977,"total-skipped-flows":0,"total-l4-data-len":8482462,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":5,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":5,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":38,"global_ts_msec":1642965502810} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 11977/11977 ~~ skipped flows.............: 0 @@ -44,8 +44,8 @@ ~~ total active/idle flows...: 5/5 ~~ total timeout flows.......: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ total memory allocated....: 5043804 bytes -~~ total memory freed........: 5043804 bytes +~~ total memory allocated....: 5043828 bytes +~~ total memory freed........: 5043828 bytes ~~ total allocations/frees...: 113141/113141 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 461 chars |