diff options
380 files changed, 1038 insertions, 5 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dab2dac6d..f4a447f37 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -45,7 +45,7 @@ jobs: run: | sudo apt-get update sudo apt-get install autoconf automake cmake libtool pkg-config gettext libjson-c-dev flex bison libpcap-dev zlib1g-dev - sudo apt-get install ${{ matrix.compiler }} lcov + sudo apt-get install ${{ matrix.compiler }} lcov iproute2 - name: Install Ubuntu Prerequisites (libgcrypt) if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.ndpid_gcrypt, '-DNDPI_WITH_GCRYPT=ON') run: | @@ -83,6 +83,7 @@ jobs: run: | cd ./build && cpack -G DEB && sudo dpkg -i nDPId-*.deb && cd .. - name: systemd test + if: startsWith(matrix.os, 'ubuntu-latest') && startsWith(matrix.compiler, 'default-cc') run: | sudo systemctl daemon-reload sudo systemctl enable ndpid@lo diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 054bd441f..63e5225fb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,11 +12,11 @@ before_script: build-essential make cmake binutils gcc autoconf automake \ libtool pkg-config git \ libpcap-dev libgpg-error-dev libjson-c-dev zlib1g-dev \ - netcat-openbsd python3 python3-jsonschema tree lcov + netcat-openbsd python3 python3-jsonschema tree lcov iproute2 after_script: - - test -r && cat /tmp/nDPIsrvd.log - - test -r && cat /tmp/nDPId.log + - test -r /tmp/nDPIsrvd.log && cat /tmp/nDPIsrvd.log + - test -r /tmp/nDPId.log && cat /tmp/nDPId.log build_and_test: script: diff --git a/examples/c-analysed/c-analysed.c b/examples/c-analysed/c-analysed.c index 5d86acfb6..e7aa865db 100644 --- a/examples/c-analysed/c-analysed.c +++ b/examples/c-analysed/c-analysed.c @@ -150,7 +150,7 @@ static void csv_buf_add(csv_buf_t buf, size_t * const csv_buf_used, char const * if (siz_len > 0 && str != NULL) { - len = MIN(BUFFER_REMAINING(*csv_buf_used), siz_len - 1); + len = MIN(BUFFER_REMAINING(*csv_buf_used), siz_len); if (len == 0) { return; @@ -621,5 +621,8 @@ int main(int argc, char ** argv) daemonize_shutdown(pidfile); closelog(); + fflush(csv_fp); + fclose(csv_fp); + return retval; } diff --git a/examples/py-flow-info/flow-info.py b/examples/py-flow-info/flow-info.py index d9354e7ad..b7de8c951 100755 --- a/examples/py-flow-info/flow-info.py +++ b/examples/py-flow-info/flow-info.py @@ -512,6 +512,9 @@ if __name__ == '__main__': while True: try: nsock.loop(onJsonLineRecvd, onFlowCleanup, stats) + except nDPIsrvd.SocketConnectionBroken as err: + sys.stderr.write('\n{}\n'.format(err)) + break except KeyboardInterrupt: print('\n\nKeyboard Interrupt: cleaned up {} flows.'.format(len(nsock.shutdown()))) break diff --git a/test/results/flow-analyse/1kxun.pcap.out b/test/results/flow-analyse/1kxun.pcap.out new file mode 100644 index 000000000..04ab354d4 --- /dev/null +++ b/test/results/flow-analyse/1kxun.pcap.out @@ -0,0 +1,23 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.115.8,106.187.35.246,tcp,49601,80,finished,10,22,1470104379118171,1470104379286078,1470104379304068,0,0,360,1260,720,24259,0,22,11413.0,56171,20339.8,413706496.0,3.1,"26,52106,52225,22,5484,34,48207,11555,801,69,59,49,273,37,27,28,464,56171,23,50473,3499,84,64,53877,45,17726,143,82,52,49,50",40,821.9,1300,585.3,342554.8,4.5,"52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300","8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1","4.540471077,4.540471077,4.955154419,4.784184456,4.784184456,5.816493034,5.816493034,4.216916561,5.618361473,7.450107098,7.815211296,7.836095333,7.822941780,7.836542130,7.816992283,7.822154999,7.824875832,7.819305897,4.734184265,4.734184265,7.817429543,7.824024200,7.815408707,7.842577934,4.684183598,4.684183598,7.822679520,7.834252357,7.831438541,7.831308842,7.851968765,7.839091301",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49602,80,finished,12,20,1470104379118544,1470104379309514,1470104379309350,0,0,359,1260,718,21739,0,22,12315.4,66248,24063.6,579054976.0,2.8,"30,54573,54712,41,4152,56,64506,68,36,30,74,39,719,84,86,86,61743,22,885,65392,59,66248,63,504,2917,559,54,52,83,3871,32",40,743.1,1300,600.3,360321.4,4.4,"52,52,52,40,40,399,399,46,359,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40","10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,0,0,1,1,1,1,1,1,0,0","4.502009392,4.502009392,4.993616104,4.730640888,4.730640888,5.803964615,5.803964615,4.390829086,5.642121315,7.460942745,7.814809799,7.800187588,7.823173046,7.782991886,7.796648026,7.817361355,7.794824600,4.784183979,4.784183979,7.794241905,7.811538219,7.814032555,4.784183979,4.784183979,7.809308529,7.796229362,7.803008556,7.811974525,7.809011459,7.814390182,4.834183693,4.834183693",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49599,80,finished,12,20,1470104379117273,1470104379305366,1470104379309692,0,0,361,1260,722,21739,0,23,12274.6,66840,23326.2,544113344.0,2.9,"36,53209,53269,23,4558,53,61521,40,293,57,57277,26,5093,104,312,45,266,88,5943,34,1372,65090,55,53,50,66840,34,3844,90,757,80",40,743.2,1300,600.2,360235.6,4.4,"52,52,52,40,40,401,401,46,359,1300,1300,40,40,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300","10,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1","4.540471077,4.540471077,4.955154419,4.834183693,4.834183693,5.784319878,5.784319878,4.303872585,5.637725830,7.471795559,7.791592598,4.734183788,4.734183788,7.804637909,7.807570934,7.830432415,7.825576305,7.818768978,7.845777035,4.734183788,4.734183788,7.838691235,7.833523750,7.842283726,7.806497097,7.842946529,4.784183979,4.784183979,7.828577518,7.834991455,7.820946693,7.813043594",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49604,80,finished,10,22,1470104379119336,1470104379328801,1470104379305020,0,0,369,1260,1458,23877,0,26,12746.7,96474,26329.7,693255296.0,2.7,"37,50730,50813,26,5716,35,60276,105,70,53,49,73,718,44,49,52,342,56283,26,72323,56,48,50,164,52,68,54,259,49,96474,55",40,833.0,1300,555.0,308021.3,4.6,"52,52,52,40,40,400,400,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1300,918,409,409","6,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0","4.502009392,4.502009392,4.955154896,4.884183884,4.884183884,5.823695183,5.823695183,4.434307098,5.651605129,7.494920254,7.816417217,7.819696903,7.824419022,7.827455044,7.838195324,7.842068195,7.840069771,7.839951038,4.834183693,4.834183693,7.833738804,7.824559212,7.804037571,7.837569714,7.815773964,7.860733032,7.833745480,7.858436108,7.849576473,7.725791931,5.812777519,5.812777519",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.187.35.246,tcp,49600,80,finished,10,22,1470104379117772,1470104379360886,1470104379361184,0,0,362,1260,724,24259,0,23,15694.4,142000,32346.1,1046270720.0,2.8,"54,51945,52076,32,5225,53,60454,877,31,40,63,40,400,73,48,50,170,85115,142000,23,40785,2483,129,70,65,43573,78,404,66,55,49",40,822.0,1300,585.2,342449.5,4.5,"52,52,52,40,40,402,402,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300","8,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1","4.540471077,4.540471077,4.993616104,4.784183979,4.784183979,5.806403637,5.806403637,4.330940247,5.620885849,6.705548286,7.731300354,7.779007435,7.737928867,7.737201214,7.704045296,7.681565285,7.569606781,4.071334362,6.314223289,4.784183979,4.784183979,7.705962181,7.781871796,7.735430241,7.740441799,7.698603153,4.834183693,4.834183693,7.712049484,7.719846249,5.648873806,3.023065329",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,106.185.35.110,tcp,49606,80,finished,14,18,1470104379916887,1470104380141237,1470104380142241,0,0,357,1260,714,20160,0,26,14506.6,146838,33179.1,1100853504.0,2.6,"56,37783,37994,70,1795,58,38952,109751,153,146838,45,329,66,113,56,463,29,236,62,115,388,44,244,36267,36544,26,410,130,482,92,113",40,693.6,1300,612.0,374554.6,4.3,"52,52,52,40,40,397,397,46,1300,1300,40,40,1300,1300,1300,1300,40,40,1300,1300,1300,40,40,1300,1300,40,40,1300,1300,1300,1300,1300","12,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,0,1,1,1,1,1","4.540471077,4.540471077,4.955154896,4.784183979,4.784183979,5.758289814,5.758289814,4.303872585,5.568258762,4.972586632,4.784183979,4.784183979,4.816908836,5.305360317,5.245053291,5.141684532,4.684184074,4.684184074,5.953328609,5.139973164,5.197480202,4.784183979,4.784183979,5.838756561,5.133826733,4.734184265,4.734184265,4.452571869,4.709616661,4.691545486,5.564413548,5.160192013",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,42.120.51.152,tcp,49609,8080,finished,19,13,1470104380890420,1470104382084858,1470104381881083,0,0,445,1260,3612,6271,0,25,70487.1,398999,104302.2,10878943232.0,3.6,"50,76520,76599,25,1136,41,62341,85,61755,47,298859,73,398999,66467,177,166123,34,60273,507,89,60822,34,117112,46,178142,469,61984,45,102335,44259,349653",40,350.6,1300,410.3,168364.1,4.1,"52,52,48,40,40,292,292,46,65,485,485,485,485,46,1300,1300,40,40,1300,1300,528,40,40,267,267,46,65,477,477,46,733,40","9,0,0,0,0,0,0,4,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0","4.633441925,4.633441925,4.967222691,4.981687069,4.981687069,5.768459320,5.768459320,4.652828693,5.358993053,6.064707279,6.064707279,6.054220200,6.054220200,4.609350204,5.268521309,4.718248367,4.931687355,4.931687355,4.699154854,5.227048397,4.912804604,4.931686878,4.931686878,5.830219269,5.830219269,4.609350204,5.397304058,6.051352978,6.051352978,4.696306705,5.685911179,4.912815094",HTTP,7,0,Acceptable,Web,6,DPI,"5,12" +1,ip4,192.168.115.8,183.131.48.144,tcp,49613,80,finished,20,12,1470104382053678,1470104384990940,1470104384790982,0,0,503,1024,1006,9497,0,26,183050.5,862765,252834.9,63925489664.0,3.6,"31,69271,69368,26,1928,34,67940,1399,6083,291,73959,37,665858,862765,47,408647,411020,37,251400,251827,47,336785,335976,58,329935,190,130781,55,599505,799208,58",40,369.3,1064,452.5,204736.5,3.9,"52,52,46,40,40,543,543,46,321,1064,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,40,40,1064,1064,40,40,1064,40,40","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0","4.463547707,4.463547707,4.611080170,4.784183979,4.784183979,5.504161358,5.504161358,4.457919598,5.616157532,3.396698952,2.285910130,4.834183693,4.834183693,2.224251509,4.834183693,4.834183693,2.277304173,4.834183693,4.834183693,2.234616041,4.834183693,4.834183693,2.318356037,4.834183693,4.834183693,2.277927399,2.247195482,4.834183693,4.834183693,2.248827934,4.834183693,4.834183693",HTTP,7,0,Acceptable,Media,6,DPI,"12" +1,ip4,192.168.115.8,106.187.35.246,tcp,49603,80,finished,11,21,1470104379118972,1470104424311883,1470104379310452,0,0,361,1260,723,22966,0,19,1464012.6,45001141,7948794.0,63183326806016.0,0.1,"34,54477,54551,26,4891,45,65495,70,68,364,89,71,208,46,29,27,25,61484,19,69006,62,56,48,731,52,51,51,454,70696,24,45001141",40,781.6,1300,593.2,351838.7,4.4,"52,52,52,40,40,401,401,46,359,1300,1300,1300,1300,1300,1300,1300,1300,1300,40,40,1300,1300,1300,1300,1300,1300,1300,1300,1267,40,40,41","9,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,17,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0","4.578932762,4.578932762,5.032077789,4.884183884,4.884183884,5.794129372,5.794129372,4.434307098,5.652597904,7.484868050,7.818575859,7.782110691,7.797027111,7.823266506,7.845933437,7.821538448,7.845500469,7.838393688,4.834183693,4.834183693,7.836544514,7.832671165,7.837013721,7.831301689,7.829290867,7.832065582,7.849477768,7.838781357,7.842006683,4.884183884,4.884183884,4.829466343",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,172.105.121.82,tcp,46170,80,finished,2,30,1654385136207603,1654385137102946,1654385137455380,208,0,212,21600,420,143010,1,0,69132.9,895343,184366.4,33990969344.0,2.2,"356191,54,308075,59,2442,3212,112,200163,0,56,36,29,26,27,25,1594,86,63,42,33,23,24,35,23,895343,371980,1,1344,81,1941,0",260,4534.2,21652,5608.1,31450232.0,4.2,"264,373,13012,14452,2932,2932,1492,7252,2932,1492,2932,2932,1492,1492,1492,1492,1492,4372,6324,2932,2932,1492,1492,1492,788,260,373,17332,21652,1492,4372,17332","0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,16","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1","5.893450737,5.720896244,7.959624290,7.965476036,7.917325974,7.914794445,7.850610256,7.954618454,7.905844212,7.834187031,7.916584969,7.918063164,7.852417469,7.840590954,7.847774029,7.850798130,7.845216751,7.939498901,7.947888374,7.909615040,7.916443348,7.857475281,7.837258339,7.835073948,7.714247704,5.815073967,5.763088703,7.974996090,7.979550838,7.864511967,7.949629784,7.970819473",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,172.105.121.82,tcp,60148,80,finished,5,27,1654385131029337,1654385137110902,1654385137463937,202,0,212,21600,1039,156844,1,0,403747.2,4660887,1126862.6,1269819375616.0,2.4,"306055,4848,325793,248766,0,4660887,4604216,364,552,841,1047,367664,0,134,94,2523,0,311381,0,119,1695,102,878348,204467,0,1564,1050,216537,375544,43,1531",254,4985.8,21652,6236.2,38890032.0,4.1,"254,370,6284,254,370,5668,264,372,1492,1492,7252,2932,5812,2932,10132,2932,1492,5812,2932,1492,8692,1492,5754,263,372,20212,21652,15349,264,373,2932,21652","0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,17","0,1,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,0,1,1,1","5.855428219,5.722984791,7.936409950,5.839015007,5.749445915,7.913037300,5.895416737,5.774818897,7.526371002,7.860151768,7.955783844,7.904475212,7.946855068,7.922424793,7.958326817,7.918138504,7.851068020,7.947721004,7.924707413,7.854940414,7.955513000,7.859978199,7.947089672,5.929639816,5.726084709,7.965382099,7.968444347,7.959605694,5.904361725,5.721296787,7.762065887,7.963563442",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,172.105.121.82,tcp,46200,80,finished,2,30,1654385136215384,1654385137106944,1654385137800355,212,0,212,21600,424,219741,1,0,79888.1,891560,189010.9,35725131776.0,2.5,"348410,61,2586,311307,74,1916,87,90,200152,34,703,82,0,83,0,49,891560,375934,1624,82,2179,0,1527,332757,94,46,1896,46,1564,0,1588",264,6932.2,21652,6776.1,45915728.0,4.3,"264,372,1492,11572,1492,4372,2932,13012,7252,1492,1492,1492,1492,2932,2932,1492,4591,264,374,21652,2932,10132,11572,17332,7252,18772,5812,20212,1492,10132,11572,21652","0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,20","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.907779694,5.727939606,7.439003944,7.956123352,7.841159344,7.930701256,7.923262119,7.962357998,7.944649220,7.845450401,7.840456009,7.848997116,7.852864742,7.909528732,7.921172619,7.844360828,7.935763836,5.871500015,5.737739563,7.220952511,7.767323017,7.970802784,7.950772762,7.960227966,7.942826271,7.962452412,7.924762726,7.957526207,7.815425396,7.959965229,7.959893227,7.962502480",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,161.117.13.29,tcp,45380,80,finished,3,29,1654385140171515,1654385140959776,1654385142015753,424,0,765,8640,1625,79973,1,331,84919.3,408625,132393.4,17528006656.0,3.3,"380392,4573,408625,215737,457,986,1014,178521,331,482,379636,185383,1426,654,331743,5741,174159,6079,334,924,170502,413,6008,1070,341,710,169481,463,585,5307,422",476,2601.9,8692,2200.3,4841425.0,4.6,"817,1492,1253,488,1492,1492,7252,4372,1492,1492,2504,476,2932,8692,1492,2932,8692,2932,1492,1492,7252,1492,1492,2932,1492,1492,2932,1492,1492,2932,1492,1492","0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,16,0,12","0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.859029770,7.746788025,7.815745831,5.897830009,7.640064240,7.862792492,7.967751980,7.950705051,7.860798836,7.868959904,7.893837929,5.886357784,7.845828056,7.976538658,7.857397079,7.933415890,7.973951340,7.934168339,7.877964020,7.860165596,7.967057228,7.876602173,7.849090099,7.929278374,7.849063396,7.848120213,7.928964138,7.852302074,7.863938808,7.928197861,7.863379478,7.881860733",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,14.136.136.108,tcp,49354,80,finished,2,30,1654385145219802,1654385146051643,1654385146466639,526,0,526,10080,1052,96620,1,0,67054.1,831841,169464.5,28718202880.0,2.4,"207030,367,1074,749,203546,401,538,843,360,1168,0,622,204026,463,1910,0,0,808,831841,413644,0,1524,1634,381,916,201620,415,562,974,897,365",337,3104.2,10132,2492.5,6212617.0,4.6,"578,337,1492,8692,2932,1492,1492,2932,1492,1492,5812,4372,1492,1492,1492,5812,2932,2932,3942,578,337,1492,8692,10132,5812,2932,1492,1492,2932,4372,4372,1492","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,16","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1","5.836778641,5.800940037,7.833999634,7.976774216,7.942587852,7.846837997,7.855956078,7.933282375,7.886686802,7.866371155,7.968765736,7.957736492,7.885743618,7.873675346,7.876061440,7.966520309,7.932492733,7.934986115,7.950095177,5.861396790,5.841276169,7.808639050,7.978169918,7.980235577,7.968087673,7.920913696,7.863669872,7.851905346,7.935641766,7.952698708,7.959656239,7.886331558",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,14.136.136.108,tcp,49370,80,finished,2,30,1654385146263001,1654385147139518,1654385147568107,514,0,526,15840,1040,85228,1,0,70374.9,876517,169534.6,28741967872.0,2.6,"216812,0,1301,0,1174,217584,379,838,0,730,814,206371,3184,729,0,1431,202135,477,2906,412,436,624,0,742,876517,236517,1,2089,899,206105,416",337,2747.9,15892,3042.0,9253907.0,4.4,"566,337,1492,4372,1492,5812,1492,1492,1492,1492,1492,2932,1492,4372,2932,2932,8692,1492,1492,1492,1492,1492,1492,1492,1190,578,337,7252,15892,4372,1492,1492","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,17,0,10","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1","5.857450962,5.836749077,7.826755047,7.934190273,7.674187660,7.939618587,7.839453220,7.840780735,7.846045494,7.830045223,7.801501751,7.909759045,7.855455875,7.935122013,7.917196274,7.838707447,7.965010166,7.842932224,7.847500801,7.848862648,7.845387459,7.829781055,7.842148304,7.830836773,7.812441826,5.880833626,5.847996712,7.975015640,7.987394810,7.957153320,7.871502399,7.839539528",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,14.136.136.108,tcp,49380,80,finished,2,30,1654385146276743,1654385147163604,1654385147585918,514,0,526,18720,1040,97896,1,0,70839.9,886861,171207.7,29312067584.0,2.6,"223740,209594,1687,0,207155,354,1309,724,462,462,1177,203967,420,1398,676,628,3543,0,0,886861,237591,464,978,2452,823,206716,876,409,919,0,651",337,3143.8,18772,3724.0,13867894.0,4.3,"566,2932,1492,1492,11572,1492,1492,2932,1492,1492,1492,7252,1492,1492,1492,1492,4372,1492,2932,4239,578,337,1492,8692,18772,1492,2932,1492,1492,5812,1492,1316","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,17,0,11","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1","5.862786770,7.902865887,7.781876564,7.771229267,7.963672161,7.848064899,7.850860119,7.915616512,7.853264332,7.865233421,7.839958668,7.951301098,7.843721867,7.832941532,7.839491367,7.869894028,7.948531628,7.838067055,7.923059940,7.938112259,5.870801449,5.836921215,7.830684185,7.978819847,7.990375519,7.851813316,7.925859928,7.854060650,7.888266563,7.969222546,7.854313850,7.852722645",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,14.136.136.108,tcp,49372,80,finished,3,29,1654385146253018,1654385147560064,1654385147928387,514,0,526,18720,1554,113644,1,0,96206.9,899707,188732.5,35619966976.0,3.0,"205636,2121,0,0,1,224803,394,328,1444,0,193718,403,372,1728,1281,1888,225980,899707,237971,1,2439,199154,468,952,1305,0,0,407339,371504,0,1478",337,3651.9,18772,4182.9,17496908.0,4.3,"566,337,1492,4372,2932,4372,1492,1492,1492,1492,5812,1492,1492,1492,2932,4372,5812,3718,578,337,7252,15892,1492,1492,7252,1492,5812,640,566,337,7787,18772","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,14","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,0,1,1,1","5.863167286,5.867280483,7.343351841,7.933300972,7.883011341,7.923881531,7.831630230,7.793837070,7.811074257,7.877987385,7.956270695,7.807632446,7.787700176,7.808306217,7.895200729,7.941674709,7.934331417,7.911615372,5.884228706,5.838101864,7.975082397,7.990115643,7.874265194,7.866392612,7.972415924,7.851024628,7.967773914,7.664193153,5.866144657,5.879995346,7.941644669,7.977370262",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,161.117.13.29,tcp,45416,80,finished,8,24,1654385140835391,1654385156967826,1654385157149701,434,0,1114,14400,6674,81693,1,0,1046669.2,6045020,1981650.1,3926937042944.0,3.0,"188503,1,1404,179436,1430,692,418,2433,676,270050,61,0,644,0,3892849,3428911,186128,186289,192621,208977,367165,352334,5253796,5339015,3643,6045020,5959115,408,493,194856,189377",486,2813.5,14452,2993.9,8963654.0,4.4,"486,2932,2932,8692,2932,7252,1492,1492,14452,1492,2932,2932,7252,7252,4078,803,695,805,1511,807,1401,803,1516,1065,2932,1130,1155,1492,1492,1575,1166,1083","0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,0,0,7,0,13","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,1,0,1","5.943944454,7.829628944,7.931543350,7.979783535,7.931476593,7.968062401,7.861111164,7.864268780,7.984925747,7.877884388,7.929042339,7.930032253,7.967924595,7.974642754,7.952368736,5.943904400,6.386446476,5.942170143,7.482911110,5.931495190,6.238120556,5.934639931,6.488353729,5.849187374,6.477306366,6.757167339,5.825885773,6.421376705,7.814886093,7.859082222,5.823412418,6.869374752",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,172.105.121.82,tcp,46184,80,finished,4,28,1654385136206220,1654385176599830,1654385177114485,207,0,212,23040,838,163493,1,0,2622641.0,39119714,9528466.0,90791657603072.0,1.3,"353699,0,3771,104,303718,4300,92,205833,106,0,880957,368900,1,5053,392939,352227,0,1591,70,2344,55,1451,285655,0,2146,39119714,38675191,1,2923,335353,3681",259,5187.3,23092,6479.7,41986280.0,4.1,"264,372,1492,1492,10132,2932,2932,23092,1492,1492,1158,259,372,18772,7743,264,373,1492,21652,4372,17332,4372,10132,5812,1492,5145,259,374,1492,11572,2932,2932","0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,7,0,16","0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1","5.840793610,5.758453846,7.221220016,7.581106663,7.944396973,7.912007809,7.918235779,7.968857765,7.829185963,7.833258629,7.814552307,5.918824673,5.722350121,7.963245392,7.958693981,5.886214256,5.716395378,7.016712666,7.971186638,7.917016029,7.966053009,7.937659740,7.962855339,7.935114861,7.850684166,7.933465481,5.848567009,5.760809898,7.509957790,7.938345909,7.890325069,7.878456116",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,172.105.121.82,tcp,38314,80,finished,2,30,1654385176794172,1654385178155648,1654385178652815,207,0,207,15840,414,190898,1,0,103874.8,1361476,260786.7,68009684992.0,2.5,"326102,0,0,0,180,328843,179,2720,0,177591,469,1313,2855,118,155,777,2306,401346,1361476,293524,1,1093,2137,2758,88,201,2770,309632,0,0,1485",259,6030.5,15892,5319.9,28301380.0,4.4,"259,374,1492,1492,2932,7252,1492,8692,2932,15892,1492,1492,4372,13012,8692,2932,1492,15892,13186,259,374,1492,5812,15892,11572,10132,4372,14452,2932,2932,13012,4372","0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,21","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1","5.862609386,5.739748001,7.483025551,7.871859074,7.907062054,7.948117256,7.824954033,7.955245495,7.912051678,7.957016468,7.844995975,7.818977833,7.915155411,7.942556381,7.931100368,7.889071465,7.843290806,7.954283714,7.957226276,5.824898720,5.733853340,7.490488529,7.941090584,7.961003304,7.942962170,7.945000648,7.908642769,7.925697327,7.901566505,7.900532722,7.942762852,7.917910576",HTTP.1kxun,7.295,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.126,18.66.2.90,tcp,35664,80,finished,1,31,1654385184927393,1654385184927393,1654385184996498,183,0,183,7140,183,129251,1,0,2229.2,14880,3186.7,10155003.0,3.8,"14880,612,571,2499,0,0,3579,106,930,0,2545,9210,1,87,6481,115,1571,2984,1607,79,1540,90,67,2792,6531,3088,0,2380,1844,2843,73",235,4096.8,7192,1776.8,3156934.0,4.8,"235,783,1480,2908,4336,4336,4336,4336,2908,1480,4336,4336,2908,4336,4336,2908,4336,5764,5764,5764,5764,4336,5764,1480,5764,4336,2908,7192,4336,7192,7192,2908","0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,27","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.996097565,5.777042866,7.226827621,7.290063858,7.169473648,7.549562454,7.741216660,7.886993408,7.805087090,7.871054173,7.816677570,7.889826775,7.874413013,7.855673790,7.883734226,7.880590916,7.907371998,7.911734104,7.904975414,7.920679092,7.923110485,7.898054600,7.889371872,7.836673737,7.848505497,7.876494408,7.870183945,7.916009903,7.791001797,7.856836319,7.815247536,7.823584557",HTTP,7,0,Acceptable,Web,6,DPI,"" +1,ip4,192.168.2.126,18.64.103.30,tcp,36640,80,finished,1,31,1654385184944474,1654385184944474,1654385185026289,497,0,497,5712,497,108528,1,0,2639.2,21003,4638.3,21513396.0,3.6,"21003,154,0,129,0,3134,0,1686,3067,15801,2210,0,2030,2737,73,1485,603,2873,1573,1531,81,0,114,3525,1587,2816,10499,1437,55,0,1612",549,3459.0,5764,1697.9,2882863.0,4.8,"549,1480,1480,2908,1480,2908,1480,4336,4336,4336,2908,1480,4336,1480,4336,4336,4336,5764,5764,4336,1480,1480,1480,4336,5764,5764,3200,4188,5576,1524,5764,5764","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,1,21","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.799116135,7.840260029,7.837001801,7.939268112,7.819420338,7.933657646,7.851344109,7.947911739,7.957500458,7.951948166,7.927341938,7.869306087,7.937100410,7.834094048,7.880655766,7.952060223,7.945407391,7.962455273,7.963794708,7.945417404,7.845272064,7.833052158,7.834871292,7.945909023,7.953672886,7.962710381,7.899997234,7.937138081,7.962800980,7.869377136,7.964761734,7.964723110",HTTP,7,0,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/443-chrome.pcap.out b/test/results/flow-analyse/443-chrome.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/443-chrome.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/443-curl.pcap.out b/test/results/flow-analyse/443-curl.pcap.out new file mode 100644 index 000000000..cc4123c8a --- /dev/null +++ b/test/results/flow-analyse/443-curl.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.13,178.62.197.130,tcp,55523,443,finished,17,15,1581113120474299,1581113121447770,1581113121447985,0,0,517,1440,899,10128,0,2,62811.5,784064,190271.5,36203257856.0,2.2,"38692,38799,9627,47643,2769,1124,2,41874,4,11797,50900,31,39132,3,742,11,18,78,76,38549,8926,46564,784064,784044,367,123,462,127,121,240,248",52,397.2,1492,558.7,312115.0,3.8,"64,60,52,569,52,1492,1492,183,52,52,178,103,109,52,52,105,108,94,119,90,52,90,52,267,52,1492,1492,52,1492,1048,52,1492","10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,1,0,1","4.367087364,5.300120831,4.945419312,4.294172764,5.100070000,7.382002354,7.456428051,6.751153946,4.945419312,4.945419312,6.263377666,5.952023029,6.200525761,4.983880997,4.930902004,5.836982250,5.780514240,5.536261082,5.983234406,5.510023117,5.215455055,5.937692642,5.060803890,7.153983116,5.060803890,7.879748821,7.892062664,5.060803890,7.868061543,7.808748245,5.060803890,7.868031502",TLS.ntop,91.26,1,Safe,Network,6,DPI,"" diff --git a/test/results/flow-analyse/443-firefox.pcap.out b/test/results/flow-analyse/443-firefox.pcap.out new file mode 100644 index 000000000..2a8ca3e83 --- /dev/null +++ b/test/results/flow-analyse/443-firefox.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.13,178.62.197.130,tcp,53096,443,finished,15,17,1581109488041083,1581109490061876,1581109490062194,0,0,517,1440,1047,13867,0,2,130384.0,1655693,403949.6,163175268352.0,2.0,"38504,38612,1822,40006,4099,93,2,42327,4,2052,40671,32,38677,3,193774,83,215,231092,9994,47033,1655690,50,1655693,186,15,177,176,149,321,109,243",52,518.7,1492,610.4,372566.0,4.0,"64,60,52,569,52,1492,1492,126,52,52,137,318,101,52,52,221,298,82,52,82,52,1492,1492,52,1492,1016,52,1492,1492,52,1492,1016","11,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1","4.367087364,5.366787434,4.894361019,5.219459057,5.100070000,7.372200966,7.462010860,6.339152336,5.022342205,5.022342205,6.101534367,7.216136456,6.184206486,5.060803890,5.060803890,6.919060707,7.232208252,5.746105194,5.176993370,5.774940014,4.930902004,7.873261929,7.864090443,5.022342205,7.874901772,7.771182060,4.983880520,7.883468628,7.853567600,4.945418835,7.868775368,7.782253265",TLS.ntop,91.26,1,Safe,Network,6,DPI,"" diff --git a/test/results/flow-analyse/443-git.pcap.out b/test/results/flow-analyse/443-git.pcap.out new file mode 100644 index 000000000..cc849e387 --- /dev/null +++ b/test/results/flow-analyse/443-git.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.13,140.82.114.4,tcp,55744,443,finished,17,15,1581113657633853,1581113658139408,1581113658139371,0,0,517,1424,850,8277,0,2,32615.3,143502,53225.8,2832981760.0,3.2,"110467,110568,6595,119379,41,9,112809,2,11075,123994,112907,571,143502,5,142911,2,6496,2,14,6523,7,6,115,82,1242,13,1267,3,237,2,227",52,337.8,1476,464.4,215710.4,4.0,"64,60,52,569,1476,1476,754,52,52,178,103,52,259,423,126,52,52,86,344,85,52,52,52,150,52,1451,608,52,52,1451,472,52","14,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,1,1,0,0,0,0,0,1,0,1,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0","0,1,0,0,1,1,1,0,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,0,0,1,1,0","4.341937065,5.174957275,4.831954479,4.223120689,6.954095364,7.397567272,7.645401001,5.014835358,4.976373672,6.355282307,5.929066658,4.937911987,6.952417850,7.419026852,6.223026752,4.937911987,4.976373672,5.637029648,7.370140076,5.726850986,4.937911987,4.937911987,4.899450302,6.443542957,4.976373672,7.866954327,7.624365330,5.014835358,5.014835358,7.857865334,7.532955170,5.014835358",TLS.Github,91.203,1,Acceptable,Collaborative,6,DPI,"" diff --git a/test/results/flow-analyse/443-opvn.pcap.out b/test/results/flow-analyse/443-opvn.pcap.out new file mode 100644 index 000000000..dd639e558 --- /dev/null +++ b/test/results/flow-analyse/443-opvn.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.84,192.12.192.103,tcp,52973,1194,finished,17,15,1581153175528454,1581153177970762,1581153177992252,0,0,1440,1440,3449,3196,0,4,158261.5,1160659,364282.7,132701855744.0,2.7,"21611,21701,1053819,1075076,968,22235,339,57386,57093,21241,11768,32975,174,239,20560,20491,9065,4,19997,11251,22162,19953,19952,207,21422,21230,137,58577,1160659,1122501,1313",52,260.3,1492,407.4,166005.6,3.8,"64,60,52,96,52,108,52,104,52,373,52,1222,52,1492,104,55,104,1492,849,52,104,52,159,52,605,368,52,104,52,138,52,104","7,5,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","8,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,1,1","4.398337364,5.141623974,4.810735226,5.491009712,5.116507530,5.561252594,4.971283913,5.772772789,5.078045845,6.141608238,5.116507530,6.862905025,4.887658596,7.272125721,5.704599857,5.040360451,5.785276413,6.812845707,7.438625336,5.154969215,5.830996513,4.908878326,6.252464294,5.009745598,7.575043678,7.235865593,4.971283913,5.734311104,5.063528538,6.235281944,5.217375278,5.826463223",OpenVPN,159,1,Acceptable,VPN,6,DPI,"" diff --git a/test/results/flow-analyse/443-safari.pcap.out b/test/results/flow-analyse/443-safari.pcap.out new file mode 100644 index 000000000..592c26e2f --- /dev/null +++ b/test/results/flow-analyse/443-safari.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.13,178.62.197.130,tcp,53031,443,finished,17,15,1581109359601646,1581109360694080,1581109360694172,0,0,328,1440,797,9828,0,2,70482.6,695650,174729.3,30530334720.0,2.6,"38199,38303,1123,39767,4074,97,2,42774,4,225660,264285,31,38670,4,1586,32,19,43,88,40010,28,9938,48247,695603,124,695650,120,128,123,103,125",52,384.7,1492,559.6,313139.8,3.8,"64,60,52,285,52,1492,1492,154,52,52,137,95,101,52,52,97,94,86,380,82,52,52,82,52,1492,1492,52,1492,52,1016,52,1492","11,3,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1","4.335837364,5.333454132,4.945418835,5.728343010,5.176993370,7.389316082,7.427206516,6.413387775,4.945418835,4.906957150,6.036595821,5.811348915,6.124800682,4.945419312,4.983880520,5.883585453,5.842953205,5.796744347,7.425425053,5.590555668,5.047091484,5.085553169,5.773722649,4.983880520,7.878831863,7.880546093,4.945418835,7.877892971,4.808815002,7.814340115,4.945418835,7.877443314",TLS.ntop,91.26,1,Safe,Network,6,DPI,"" diff --git a/test/results/flow-analyse/4in4tunnel.pcap.out b/test/results/flow-analyse/4in4tunnel.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/4in4tunnel.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/4in6tunnel.pcap.out b/test/results/flow-analyse/4in6tunnel.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/4in6tunnel.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/6in4tunnel.pcap.out b/test/results/flow-analyse/6in4tunnel.pcap.out new file mode 100644 index 000000000..e72f56dd5 --- /dev/null +++ b/test/results/flow-analyse/6in4tunnel.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,174.3.73.24,184.105.255.26,41,,,info,18,14,1444236893450580,1444236901127917,1444236901118187,72,0,276,1877,2127,4797,0,105,494998.2,1005120,454962.0,206990442496.0,4.2,"104776,780142,221063,1000457,1001744,1001146,1001712,1005120,1001052,1000771,1001064,1001072,1001370,999940,1001888,1003131,365420,1118,348987,4072,96728,99146,95730,758,97863,1021,105,98080,140,8789,539",92,236.4,1897,383.0,146712.7,4.1,"124,124,186,124,124,124,124,124,124,124,124,124,124,124,124,124,124,119,119,259,247,100,100,92,296,92,1490,1897,92,92,254,145","0,0,4,11,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,2,8,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1","0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,1,0,0,0,0","5.680680275,5.741242886,5.591180325,5.686768055,5.741242886,5.686768055,5.741242886,5.664551258,5.741242886,5.729067326,5.773500919,5.648445129,5.741242886,5.664551258,5.725113869,5.680680275,5.735155106,4.719979763,4.710355759,4.773607731,4.870984077,5.180728912,5.772128105,5.515571117,5.818006039,5.609004974,6.932967663,6.965810776,5.515571117,5.514929771,6.708754063,6.001224995",,,,,,,,"" diff --git a/test/results/flow-analyse/6in6tunnel.pcap.out b/test/results/flow-analyse/6in6tunnel.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/6in6tunnel.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/BGP_Cisco_hdlc_slarp.pcap.out b/test/results/flow-analyse/BGP_Cisco_hdlc_slarp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/BGP_Cisco_hdlc_slarp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/BGP_redist.pcap.out b/test/results/flow-analyse/BGP_redist.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/BGP_redist.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/EAQ.pcap.out b/test/results/flow-analyse/EAQ.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/EAQ.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out b/test/results/flow-analyse/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out new file mode 100644 index 000000000..6d789bb7a --- /dev/null +++ b/test/results/flow-analyse/FAX-Call-t38-CA-TDM-SIP-FB-1.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.35.40.22,10.23.1.42,udp,2944,2944,finished,16,16,1228468937630923,1228468963851351,1228468963854227,45,0,334,372,1020,3039,0,15,1691733.2,4370196,2031243.2,4125948903424.0,3.7,"147,2580,146,4369720,177,4369379,142,4370170,85,4370186,150,4369866,79,4370149,291,4370036,88,4369436,150,3508424,3524296,204367,192966,657514,15,652477,151,4369658,82,4370196,609",73,154.8,400,98.9,9786.3,4.7,"73,73,278,150,73,73,278,150,73,73,278,150,73,73,278,150,73,73,278,150,362,400,80,87,74,74,279,151,74,74,279,151","0,15,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,7,0,0,0,7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1","5.184563637,5.058271885,5.379110336,5.406789303,5.184563637,5.179216385,5.374631405,5.446616650,5.168875217,5.151818752,5.378158569,5.424983501,5.206613541,5.151818752,5.376394272,5.444680214,5.168875217,5.134762764,5.362365723,5.408768177,5.778869152,5.247618675,5.299749374,5.105933189,5.158446312,5.175271988,5.367991447,5.455423832,5.202299118,5.175271988,5.384085178,5.429594994",Megaco,181,0,Acceptable,VoIP,6,DPI,"" +1,ip4,10.35.60.100,10.23.1.52,udp,15580,16756,finished,32,0,1228468965434208,1228468966054624,1228468965434208,172,0,172,0,5504,0,0,1438,20013.4,39530,4863.7,23655656.0,4.9,"20823,19142,39530,1438,19970,20000,19294,20526,19616,19873,20995,20283,18519,20415,19722,19948,20367,20228,19700,20355,19296,20527,20111,20020,19630,19979,19869,20276,20190,19810,19964",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1.668765187,1.658265829,1.688265920,1.668265820,1.688265920,1.664491415,1.674491525,1.654990792,1.678265929,1.688265920,1.674491405,2.400679350,2.428031683,2.447857141,2.461457968,2.439298868,2.470501661,2.457857370,2.473841906,2.452007294,2.451812983,2.430955410,2.434056997,2.410386086,2.416019678,2.457857370,2.467857122,2.455026150,2.458799601,2.438038588,2.441251755,2.457820177",RTP,87,0,Acceptable,Media,6,DPI,"" +1,ip4,10.35.40.25,10.35.40.200,udp,5060,5060,finished,16,16,1228468958651923,1228469002203721,1228469002181512,383,0,881,852,9868,8158,0,263,2809077.0,27628387,6895590.0,47549159309312.0,2.5,"1429,5975,263,162733,421,6673080,696,6843298,378,2041486,761,2040704,344,12449,653,131771,424,27628387,388,27585469,481,6913792,703,6841323,326,83992,388,88136,409,19767,961",290,591.3,909,211.9,44888.2,4.9,"905,905,290,290,474,474,811,811,438,438,880,880,411,411,779,779,479,479,446,446,558,558,832,832,350,350,461,461,438,438,909,909","0,0,0,0,0,0,0,0,0,0,0,2,4,2,0,0,0,0,0,0,0,0,0,2,0,2,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,2,0,2,0,0,4,2,0,2,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,1,1,1,0,0,1,1,0,0,0,0,1,1,0,0,1,1,0,0,1,1,1,1,0,0,0,0","5.687162399,5.687162399,5.626669884,5.626669884,5.571601391,5.571601391,5.667925358,5.667925358,5.573338985,5.573338985,5.690092564,5.690092564,5.617296219,5.617296219,5.771171570,5.771171570,5.591165543,5.591165543,5.621240139,5.621240139,5.739367962,5.739367962,5.722489834,5.722489834,5.587724209,5.587724209,5.563357353,5.563357353,5.591295242,5.591295242,5.709114552,5.709114552",SIP,100,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/IEC104.pcap.out b/test/results/flow-analyse/IEC104.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/IEC104.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/KakaoTalk_chat.pcap.out b/test/results/flow-analyse/KakaoTalk_chat.pcap.out new file mode 100644 index 000000000..eccf1a37a --- /dev/null +++ b/test/results/flow-analyse/KakaoTalk_chat.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip4,10.24.82.188,31.13.68.70,tcp,43581,443,finished,16,16,1430069031042945,1430069031534339,1430069031721991,0,0,997,1280,2489,4397,0,92,37756.1,174316,43491.6,1891518208.0,4.0,"36956,40344,305,47699,3998,72083,702,123993,153,15869,671,16632,152,12207,67230,35950,15778,732,105866,38147,60424,4517,92,3936,174316,67658,16785,16968,108490,672,81115",40,256.1,1320,386.9,149674.2,3.8,"60,44,40,605,44,40,1320,158,40,40,1320,933,40,40,1037,40,298,97,85,40,40,93,830,87,77,85,40,461,40,40,40,40","10,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,3,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1","4.650922298,5.150120735,4.884183884,6.666303635,4.612587929,4.981687069,6.409718037,5.859195709,4.780641556,4.730641365,7.017275810,6.970731735,4.680641651,4.730641365,7.788617134,4.881686687,7.033622742,6.130742073,5.968101501,4.830641270,4.830641270,5.971898556,7.719824314,5.908120155,5.773283005,5.968101501,4.780641556,7.527770996,4.830641270,5.031687260,4.931687355,5.031687260",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"15" +113,ip4,10.24.82.188,173.252.97.2,tcp,35503,443,info,18,14,1430069026370215,1430069036014563,1430069032269782,0,0,654,1280,1689,3666,0,3723,501416.6,3802978,831986.8,692202045440.0,3.7,"995911,1037903,49316,6684,695526,683563,56000,2329864,2320373,251618,299011,4547,4395,4089,3723,105469,239411,242157,376495,82611,125763,244537,287323,18128,164581,238983,428131,146027,274079,3802978,24719",40,209.0,1320,352.3,124085.1,3.7,"60,60,44,40,224,44,40,44,224,40,1320,40,1320,40,1027,40,162,40,87,40,694,40,69,40,342,40,83,40,180,40,67,116","11,0,1,1,1,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,0,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,0","4.685176849,4.685176849,4.968303204,4.931687355,5.173561573,5.104666710,4.981687546,4.658042908,5.164632797,4.931687355,6.476998329,4.734184265,7.115762234,4.784183979,6.729174137,4.884183884,6.557168484,4.881687164,5.730113029,4.834184170,7.744181156,4.881687164,5.543020725,4.884183884,7.357668877,4.981687546,5.880825043,4.834184170,6.839711666,4.981687546,5.593678474,6.365212917",,,,,,,,"" +113,ip4,10.24.82.188,173.252.97.2,tcp,35511,443,finished,16,16,1430069036068122,1430069064769263,1430069064804816,0,0,522,1280,1362,3690,0,122,1852833.4,27030701,6601250.5,43576507498496.0,1.5,"41748,45806,2228,39459,11261,448395,183,2868,498749,183,122,36927,124176,229920,321990,23011,161804,229858,405273,183,57404,108246,75989,156006,245086,67993,69489,26937805,56885,27030701,8087",40,198.8,1320,348.1,121165.0,3.7,"60,44,40,224,44,40,1320,1320,1027,40,40,40,162,40,87,40,562,40,69,40,199,312,40,40,78,40,69,40,67,116,40,40","10,0,1,1,1,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,0,1,1","4.718510151,5.042055130,4.931687355,5.220941067,4.748951435,4.981687069,6.464412689,7.117209911,6.734959602,4.834183693,4.884183884,4.884183884,6.501401424,4.931686878,5.853732109,4.834183693,7.664524555,4.981687069,5.600991726,4.784183979,6.880613327,7.129980087,5.031687260,4.981687069,5.767374516,4.884183884,5.543020248,4.884183884,5.563827038,6.334234238,5.031687260,5.031687260",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"7" diff --git a/test/results/flow-analyse/KakaoTalk_talk.pcap.out b/test/results/flow-analyse/KakaoTalk_talk.pcap.out new file mode 100644 index 000000000..75c635c22 --- /dev/null +++ b/test/results/flow-analyse/KakaoTalk_talk.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip4,10.24.82.188,1.201.1.174,udp,11320,23044,finished,20,12,1430069171118750,1430069172108954,1430069172193000,55,0,56,148,1101,793,0,30,66595.3,389008,72818.7,5302568960.0,4.2,"2106,92,91278,244,98327,122,103547,389008,99365,152,41687,34149,94086,1190,99945,98542,31952,72327,100128,1037,27862,87799,99732,30,76142,16052,99243,84228,99884,1099,113099",83,87.2,176,16.7,278.8,5.0,"84,83,83,83,83,83,83,83,107,83,83,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83","0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,9,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1","5.993387222,5.923110008,5.808535576,5.840019703,5.914015293,5.832631588,5.914015770,5.855021000,6.200585842,6.019496441,5.775343418,6.698559761,6.165978909,5.899013996,5.936404705,5.904920578,5.802630901,6.042388916,5.947206974,5.889919281,5.864114761,5.946004391,5.961005211,5.938111305,5.775344849,6.018292904,5.994196892,5.880824089,6.018293381,5.947206020,5.880824566,6.019496441",RTP,87,0,Acceptable,Media,6,DPI,"" +113,ip4,10.24.82.188,1.201.1.174,udp,10268,23046,finished,18,14,1430069171389136,1430069172366187,1430069172379615,55,0,148,55,1232,770,0,4181,63468.7,143921,37951.6,1440325376.0,4.7,"36072,39245,140350,102021,35217,98114,7904,55847,41962,93445,6775,89905,91767,48217,40192,100067,12024,81512,89386,6988,84107,40741,87677,54901,38818,107880,4181,87555,68482,32257,143921",83,90.6,176,20.8,434.5,5.0,"107,176,99,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,83,150,125,83","0,13,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,1,0,0,0,1","6.182826996,6.676399708,6.166987896,5.773637295,5.758635521,5.947207451,6.042389393,5.855524540,5.888211727,5.874918938,5.873714447,5.962208271,5.880824566,5.816429138,5.874918461,5.914016247,5.961004734,5.962207794,5.986305714,5.970099449,5.789143085,5.936405182,5.874918938,5.927813530,5.971302986,6.010401249,5.946002960,5.985101223,5.817630768,6.659305096,6.296253204,6.043592453",RTP,87,0,Acceptable,Media,6,DPI,"" +113,ip4,10.24.82.188,110.76.143.50,tcp,32968,8080,finished,18,14,1430069163715308,1430069202114386,1430069181143378,0,0,746,852,2452,3072,0,2289,1800875.8,20336762,4155046.5,17264411672576.0,2.9,"141571,151855,11750,244934,5676,231720,5279,268921,267944,260468,295685,6066894,6069489,2289,183686,177368,76049,36560,148072,8359650,8675995,4516,469818,147369,147094,2564,694885,724152,479767,20336762,1138366",52,225.5,904,230.0,52885.8,4.4,"60,60,52,194,52,904,52,378,286,798,558,52,766,52,222,350,52,52,222,52,238,52,222,52,350,52,222,222,52,64,238,238","8,0,0,0,1,7,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,1,0,1,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,0,0,1,1,0,0","4.739262104,5.194311619,5.168681622,5.344344139,5.053296566,7.386932850,5.077241421,7.234003544,7.051656723,7.730213165,7.626702785,5.130219936,7.729208469,5.130219936,7.004224300,7.276331425,5.168681622,5.053296566,6.966996193,5.168681622,7.017478943,5.091758251,6.947218895,5.130219936,7.270596504,5.168681622,6.928867817,6.919858456,5.130219936,5.071470261,7.064198494,7.072602749",TLS.KakaoTalk,91.193,1,Acceptable,Chat,6,DPI,"5,6,7,8" +113,ip4,10.24.82.188,110.76.143.50,tcp,58857,9001,finished,18,14,1430069164966834,1430069202329230,1430069203383368,0,0,794,852,2842,3488,0,183,2444481.5,21237091,5342425.0,28541506813952.0,2.9,"148041,148315,14374,196289,3692,185608,22217,228394,215698,291656,316833,4536377,4872620,301514,147949,147858,122284,336243,8596588,8810699,73731,557586,700867,602508,20472016,917846,21237091,519257,336,183,1054260",52,251.1,904,266.4,70953.5,4.3,"60,60,52,194,52,904,52,378,286,750,718,52,846,830,52,350,52,222,52,350,52,222,222,52,64,238,238,414,52,52,52,64","9,0,0,0,1,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,0,1,1,0,0,0,1,1,0,0,1,0,1,0,1","4.685176373,5.185489655,5.156889915,5.339006424,5.207143307,7.375075340,5.233812809,7.382006645,6.995015144,7.704098225,7.705970764,5.248330116,7.776240349,7.756853104,5.171406746,7.334384441,5.130220413,7.042468071,5.207143307,7.231501102,5.171406746,6.845736027,6.836727142,5.130220413,5.138105392,7.055267334,7.030057430,7.403200150,5.248330116,5.168681622,5.248330116,5.220060349",TLS.KakaoTalk,91.193,1,Acceptable,Chat,6,DPI,"5,6,7,8" diff --git a/test/results/flow-analyse/NTPv2.pcap.out b/test/results/flow-analyse/NTPv2.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/NTPv2.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/NTPv3.pcap.out b/test/results/flow-analyse/NTPv3.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/NTPv3.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/NTPv4.pcap.out b/test/results/flow-analyse/NTPv4.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/NTPv4.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/Oscar.pcap.out b/test/results/flow-analyse/Oscar.pcap.out new file mode 100644 index 000000000..ade9f6ffb --- /dev/null +++ b/test/results/flow-analyse/Oscar.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.30.29.3,178.237.24.249,tcp,63357,443,info,19,13,1434606464176482,1434606524600171,1434606524130160,0,0,315,1360,1138,3047,0,3,3883141.0,58215154,14267685.0,203566836875264.0,1.3,"28653,28776,8916,42424,33521,518,478,147,33511,33418,288,33636,843,34123,226,44565,44326,32783,32790,157,115,322,31348,31096,58175544,58215154,3,39626,1457397,1490083,502580",40,172.5,1400,263.3,69345.6,4.0,"64,46,40,355,50,40,605,40,92,130,40,56,1400,337,40,66,46,152,497,40,270,40,252,46,335,76,46,78,40,78,46,76","11,4,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,1,0,0,0,0,1,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0","4.441382408,4.871388912,4.661769390,7.090702057,4.724371910,4.661769390,5.245636463,4.661769390,4.009517670,4.346171379,4.611769676,4.280395031,3.817430019,3.863874197,4.611769676,4.309496880,4.501398563,3.542632341,4.154665947,4.611769676,3.726292849,4.611769199,5.504406452,4.457919598,3.418277502,4.801239491,4.544876099,5.035846710,4.611769676,4.478143215,4.501398087,4.761171341",,,,,,,,"" diff --git a/test/results/flow-analyse/TivoDVR.pcap.out b/test/results/flow-analyse/TivoDVR.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/TivoDVR.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/WebattackRCE.pcap.out b/test/results/flow-analyse/WebattackRCE.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/WebattackRCE.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/WebattackSQLinj.pcap.out b/test/results/flow-analyse/WebattackSQLinj.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/WebattackSQLinj.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/WebattackXSS.pcap.out b/test/results/flow-analyse/WebattackXSS.pcap.out new file mode 100644 index 000000000..3237ca8bd --- /dev/null +++ b/test/results/flow-analyse/WebattackXSS.pcap.out @@ -0,0 +1,20 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,172.16.0.1,192.168.10.50,tcp,52200,80,finished,20,12,1499346956870305,1499346960890984,1499346960891254,0,0,559,7926,2972,13653,0,4,259407.4,2805230,698816.2,488344092672.0,2.4,"124,911,4,880,1546,2266,23623,26506,34185,32207,1143,1040,156,926,221,412,39847,69861,111250,1094,61600,62698,1083,842694,846614,3833,131682,132698,1100,2804194,2805230",52,572.0,7978,1374.1,1888110.0,3.4,"60,60,52,361,52,564,52,394,1184,417,793,440,1500,7978,52,52,52,52,363,557,52,393,557,52,611,415,52,409,573,52,52,52","12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,1","0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1","4.638340950,5.106241703,4.916693211,5.861679077,4.916693211,5.770593166,4.916693211,5.961223125,7.451019764,5.951989651,7.265627861,5.935786247,7.624871254,7.963999748,4.906957626,4.908878326,4.945419312,4.868495941,5.956186771,5.832140923,4.983880997,5.975498676,5.839316845,4.945419312,5.879628181,5.695242882,4.945419312,5.977171898,5.846479416,4.976374149,5.053297043,4.945418835",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,52298,80,finished,20,12,1499346976603214,1499346977842457,1499346977841725,0,0,559,4344,2998,14938,0,4,79927.5,856251,206521.8,42651250688.0,2.7,"152,921,4,863,1492,2144,20680,25919,42487,6012,44423,1321,232,1259,67,51,1208,273,437,68644,70522,37847,60433,98253,1091,851698,856251,4579,109710,139259,29522",52,613.0,4396,1050.3,1103191.5,3.7,"60,60,52,361,52,564,52,394,1186,52,417,793,52,440,4396,4396,738,52,52,52,363,557,52,393,557,52,611,415,52,435,1856,52","12,0,0,0,0,0,0,0,0,2,2,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,3","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,1,0,0,0,0,1,0,0,1,0,0,1,0,0,1,0","4.605007648,5.060326576,4.878231525,5.859004021,4.825252533,5.712884426,4.916693211,5.889322281,7.407968998,4.930902481,5.868651867,7.247689247,4.853979111,5.863908291,7.905287266,7.943071842,7.650606155,4.892440796,4.930902481,4.839461803,5.855611324,5.816545963,4.830034733,5.891600132,5.824794292,4.815517426,5.864365101,5.691962719,4.894361496,5.912110329,7.768774033,4.961857319",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,52910,80,finished,21,11,1499347033203906,1499347043160870,1499347042153970,0,0,585,1869,4840,16418,0,97,609904.1,3808906,940979.2,885441822720.0,3.7,"97,845,3808060,3808906,3088,3867,1010444,1014181,3805,246952,250608,3613,1037920,1041646,3765,265406,269174,3736,1020088,1024520,4409,240929,244611,3693,1033112,1036761,3674,252788,256472,3667,1006191",52,716.8,1921,755.7,571022.9,4.2,"60,60,52,637,52,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.481729507,5.039574623,4.844108105,6.027367115,4.861793995,7.775769711,4.938717365,5.904430389,7.740994930,4.900255680,6.023871899,7.767442703,4.900255680,5.872165680,7.741530418,4.938717365,6.025243759,7.782982349,4.938717365,5.858062744,7.742496490,4.736229897,5.995160103,7.771011829,4.683251381,5.862007141,7.737675190,4.786791325,6.021321297,7.770700932,4.861794472,5.879370689",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,53584,80,finished,21,11,1499347097460010,1499347107720768,1499347107453968,0,0,585,1868,4840,16319,0,127,653377.9,4898512,1185987.6,1406566662144.0,3.5,"127,684,4897818,4898512,8582,9379,243178,246717,3562,1041173,1044833,3840,241167,245261,3969,1005489,1009493,3958,240995,244588,3615,1008862,1012541,3693,268328,273700,5337,1005565,1009604,4099,266047",52,713.7,1920,750.9,563862.5,4.2,"60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.605007172,5.106241703,4.892748356,5.892271042,4.892748356,7.736833572,4.861793995,6.022665024,7.761230469,4.983880997,5.891326904,7.737265587,4.868495941,6.024899483,7.792784691,4.945419312,5.879211426,7.737951756,4.945419312,6.019626617,7.772718906,4.906957626,5.895821571,7.739050388,4.853979111,6.015067101,7.782599449,4.906957626,5.886952400,7.740243912,4.870416641,6.043610573",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,54268,80,finished,21,11,1499347163177633,1499347173124164,1499347172102919,0,0,585,1869,4840,16417,0,107,608768.2,3827235,943347.2,889903972352.0,3.7,"107,901,3826349,3827235,3096,3895,1023011,1026934,3928,268230,273681,5427,1005208,1009216,4030,256246,259862,3614,1006897,1010591,3696,250084,253817,3763,1011263,1016096,4808,241019,244651,3645,1020517",52,716.8,1921,755.6,570947.8,4.2,"60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1917,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.638340950,5.039574623,4.854287148,6.029434681,4.892748833,7.778367043,4.983880997,5.926498413,7.738680363,4.930902481,6.053852081,7.756084442,4.945419312,5.899237633,7.743415833,4.908878326,6.045033455,7.770442009,4.930902481,5.892504692,7.745852947,5.022342682,6.052529335,7.776908875,4.983880997,5.921900749,7.741519928,4.906957626,6.052155972,7.775801659,4.945419312,5.897080421",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,54956,80,finished,21,11,1499347228091325,1499347237016547,1499347236759533,0,0,585,1869,4840,16317,0,95,567530.0,3642588,903579.0,816455024640.0,3.6,"95,698,3641887,3642588,3124,4095,234104,238457,4183,1006077,1010963,4878,233120,236850,3778,1005601,1010652,5027,236201,239833,3605,1006827,1010500,3683,232616,236267,3614,1034871,1038879,4091,256266",52,713.7,1921,750.8,563712.5,4.2,"60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1915,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.571673870,5.060326576,4.892748356,5.911661148,4.892748833,7.739586830,4.755836964,6.006965160,7.753130913,4.870416641,5.890732765,7.738875389,4.906957626,6.010314941,7.782026768,4.906957626,5.890962601,7.741142273,4.945419312,6.027306080,7.776299953,4.945419312,5.905275345,7.742319107,4.983880997,6.020912647,7.756708145,4.906957626,5.913722038,7.742949486,4.945419312,6.050437927",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,55632,80,finished,21,11,1499347291442976,1499347301278351,1499347300267830,0,0,585,1869,4840,16422,0,124,601942.8,3784925,935922.8,875951489024.0,3.7,"124,875,3784070,3784925,3065,3805,1003969,1007602,3694,223699,227380,3680,1007795,1011581,3778,255776,259460,3650,1007868,1011955,4221,230369,234793,4295,1037481,1041928,4473,238345,242041,3668,1009864",52,716.9,1921,755.9,571323.5,4.2,"60,60,52,637,52,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1921,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.550921917,5.018822670,4.892748833,6.038469315,4.878231525,7.804656506,4.945419312,5.886735916,7.737145901,4.945419312,6.004831314,7.766214371,4.861793995,5.894402504,7.741394520,4.983880997,6.054348946,7.774952888,4.983880997,5.889629364,7.739490032,4.830034733,6.038223267,7.778916836,4.868495941,5.871979713,7.739353657,4.892440319,6.027006149,7.758635521,4.945419312,5.859021187",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,56306,80,finished,19,13,1499347355229572,1499347365069246,1499347365072209,0,0,585,1868,4255,16323,0,49,634913.3,4805402,1169757.4,1368332173312.0,3.4,"124,694,4804702,4805402,3052,3844,248597,252202,3707,1022416,1026219,3805,225184,229157,49,3959,1026815,1030902,4151,232536,236200,80,3611,1006031,1010739,4812,233237,236850,3621,1007952,1011661",52,695.6,1920,708.0,501313.9,4.2,"60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1500,472,52,435,1822,52,637,1500,472,52,435,1822,52,637,1920,52,435,1822","10,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,7","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,0,1","4.605007172,5.106241703,4.969672203,5.887770653,4.931210041,7.737622738,4.900255680,6.023592472,7.759787560,4.945419312,5.879158020,7.735323429,4.945419312,6.020521164,7.675088406,7.536506176,4.770353794,5.889800072,7.738374233,5.022342682,6.041303158,7.670452118,7.573883533,4.983880997,5.897212029,7.740057945,4.983880997,6.042107105,7.747768879,4.945419312,5.886207581,7.738952160",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,56994,80,finished,21,11,1499347419786749,1499347429693747,1499347428675378,0,0,585,1868,4840,16415,0,126,606310.6,3818967,944243.6,891595915264.0,3.7,"126,889,3818133,3818967,2889,3638,1026811,1031184,4412,231903,235642,3751,1006981,1010745,3756,236240,239931,3646,1008869,1012823,4179,228551,232759,4019,1040911,1048342,7412,251595,255221,3632,1017670",52,716.7,1920,755.5,570797.2,4.2,"60,60,52,637,52,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1918,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.638340950,5.039574623,4.854287148,6.026527405,4.931210518,7.777307510,4.983880997,5.879386902,7.740555286,4.906958103,6.039316654,7.777638435,4.983880997,5.853911400,7.740018845,4.930902481,6.019202709,7.769432068,4.983880997,5.861763954,7.746566296,4.906957626,6.037178040,7.786467552,4.906957626,5.895909309,7.742385864,4.983880997,6.017253876,7.766935825,4.945419312,5.907352448",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,57684,80,finished,21,11,1499347484263170,1499347493168704,1499347492935868,0,0,585,1868,4840,16319,0,126,567039.8,3536204,877375.9,769788411904.0,3.7,"126,910,3535287,3536204,3041,3865,353475,357566,4142,1009473,1013529,4051,235924,239646,3697,1007485,1011210,3722,236124,239766,3661,1007627,1011378,3776,240922,244715,3743,1011730,1015517,3791,232129",52,713.7,1920,750.9,563862.5,4.2,"60,60,52,435,52,1823,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.550921917,5.006241322,4.808815002,5.875412941,4.774691582,7.740199566,4.646709919,6.001397610,7.775830746,4.755031586,5.850878716,7.738961697,4.793493271,5.989969254,7.789359570,4.870416641,5.872076035,7.741474628,4.817437649,5.998672962,7.788164616,4.831954956,5.868983269,7.740512848,4.831954956,6.002839088,7.786237717,4.831954956,5.862294197,7.736440182,4.793493271,5.982177258",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,58360,80,finished,21,11,1499347547687536,1499347557536513,1499347556527820,0,0,585,1869,4840,16419,0,124,602879.4,3809547,940726.8,884966883328.0,3.7,"124,686,3808906,3809547,3416,4144,1007073,1011285,4302,225901,229521,3769,1021770,1025776,4116,233969,238478,4482,1006263,1010669,4325,238452,243200,4543,1006668,1011166,4498,253524,257102,3581,1008005",52,716.8,1921,755.7,571097.9,4.2,"60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.638340950,5.106241703,4.969671726,6.036019325,4.969671726,7.763245583,5.022342682,5.918416023,7.743572712,4.906957626,6.001263142,7.780893326,4.906957626,5.904815674,7.746741772,4.983880997,6.035089493,7.783490658,4.983880997,5.917668343,7.744116783,4.945419312,6.018520355,7.767279625,4.868495941,5.905341148,7.745261192,4.861793995,6.048130512,7.761913776,4.815517426,5.915553093",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,59042,80,finished,21,11,1499347611162032,1499347621032822,1499347621031071,0,0,585,1869,4255,16323,0,143,636768.6,4822860,1172576.8,1374936236032.0,3.4,"143,1062,4821803,4822860,2874,5990,221999,227886,4985,1013,1004953,1011219,4071,265484,269299,3619,1019861,1023488,4016,238184,242252,4785,1005968,1010668,4015,237942,242400,5048,1010956,1015950,5036",52,695.6,1921,759.8,577334.1,4.1,"60,60,52,435,52,1823,52,637,1921,52,52,435,1822,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52","12,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0","4.638340950,5.106241703,4.931210041,5.869386673,4.815825462,7.741599560,4.861793995,5.992467880,7.779530048,4.892440796,4.892440796,5.846882820,7.743978024,4.906957626,6.006172180,7.770215034,4.945419312,5.875662804,7.742156029,4.830034256,6.027259350,7.759240150,4.906957626,5.861507416,7.742101192,4.868495941,5.986130238,7.747363091,4.983880997,5.861079216,7.737266064,4.983880997",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,59732,80,finished,21,11,1499347675703973,1499347685575239,1499347684567341,0,0,585,1869,4840,16418,0,122,604343.1,3767000,933372.4,871184138240.0,3.7,"122,677,3766369,3767000,3476,4237,1039907,1045427,5545,227268,230918,3646,1037098,1040865,3812,252859,256647,3763,1024020,1027777,3716,237350,240983,3608,1007832,1011497,3720,234952,238656,3696,1007191",52,716.8,1921,755.7,571022.9,4.2,"60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1921,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.571673870,5.106241703,4.892748833,6.023725510,4.854287148,7.786217690,4.945419312,5.883897781,7.741504192,4.983880997,6.049694538,7.769575596,4.830034256,5.875819206,7.739855289,4.945419312,5.995629787,7.765204906,4.831954956,5.869315147,7.744027615,4.945419312,6.017279625,7.784244537,4.753110886,5.875353813,7.744633198,4.945419312,6.029817104,7.765758514,4.945419312,5.879001617",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,60464,80,finished,21,11,1499347743331813,1499347752309607,1499347752053014,0,0,585,1868,4840,16319,0,130,570935.4,3582115,886830.3,786468044800.0,3.7,"130,887,3581223,3582115,3304,4122,271038,275625,4605,1007486,1011252,3777,268863,273004,4125,1007482,1011640,4170,263574,267468,3888,1019754,1023735,4007,253226,261155,7923,1002871,1011773,8903,255870",52,713.7,1920,750.9,563862.6,4.2,"60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637,1917,52,435,1822,52,637,1920,52,435,1822,52,637","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.605007172,5.139575005,4.892748833,5.855112076,4.854287148,7.740097046,4.861793995,5.995685577,7.768898010,4.945419312,5.890089989,7.741286755,4.945419312,6.012487888,7.771459579,4.983880997,5.883958817,7.743787289,4.945419312,5.988662720,7.773043156,4.983880997,5.862193108,7.740000248,4.906957626,5.998622894,7.761761665,4.983880997,5.841221809,7.740222454,4.906957626,6.034659863",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,32906,80,finished,21,11,1499347807664615,1499347817702402,1499347816662711,0,0,585,1869,4840,16417,0,158,614060.8,3861987,952957.6,908128223232.0,3.7,"158,871,3861200,3861987,3248,3959,1007386,1010966,3670,256861,260494,3559,1018334,1021980,3614,243418,246972,3620,1033482,1037187,3726,244230,248333,4100,1037495,1041661,4162,261455,265110,3630,1039015",52,716.8,1921,755.6,570948.0,4.2,"60,60,52,637,52,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1920,52,435,1822,52,637,1916,52,435,1822,52,637,1921,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.525758743,5.072907925,4.892748356,6.020434380,4.892748833,7.791048527,4.945419312,5.893647194,7.740782261,4.830034733,6.007053375,7.809398174,4.945419312,5.892089844,7.742994785,4.777055264,6.018450260,7.794157982,4.906957626,5.894688606,7.744627476,4.906957626,6.065685749,7.761301517,4.868495941,5.905168533,7.745905876,4.868495941,6.015729427,7.773281574,4.853978634,5.898605347",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,33580,80,finished,21,11,1499347872187685,1499347882404199,1499347882158637,0,0,585,1869,4840,16321,0,126,651208.6,4840595,1171443.9,1372280717312.0,3.5,"126,862,4839753,4840595,3674,4464,263225,266840,3672,1005298,1009118,3796,260614,264369,3758,1024972,1028663,3708,266053,269708,3666,1007636,1011884,4257,260865,265134,4231,1006690,1010841,4181,244813",52,713.8,1921,751.0,564013.3,4.2,"60,60,52,435,52,1823,52,637,1919,52,435,1822,52,637,1921,52,435,1822,52,637,1918,52,435,1822,52,637,1920,52,435,1822,52,637","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.559092522,5.072907925,4.931210518,5.917668343,4.892748833,7.738794327,4.863714695,6.007505894,7.798718929,5.022342682,5.905847549,7.739555359,4.906957626,6.033310413,7.766191959,4.983880997,5.910769463,7.742557526,4.945419312,6.030111790,7.769622803,4.906957626,5.902417183,7.741934776,4.945419312,6.047390461,7.800710201,4.908878326,5.889702797,7.740861416,5.022342682,6.020066261",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,34278,80,finished,21,11,1499347939286105,1499347947010010,1499347947009327,0,0,585,1868,4457,16413,0,171,498294.4,2588369,688746.1,474371129344.0,3.7,"171,739,2587661,2588369,3663,4498,1020517,1024859,4382,244684,248374,3703,1042345,1046980,4607,242309,245980,3660,1031191,1034926,3726,241353,245065,3596,495,1025211,1029311,3750,251257,255524,4221",52,704.7,1920,762.8,581830.0,4.1,"60,60,52,637,52,1918,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,52,435,1822,52,637,1918,52","12,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,1,0","4.605007172,5.039574623,4.969671726,6.030518532,4.931210041,7.775516510,4.945419312,5.902482986,7.745615482,4.945419312,6.037442207,7.774715900,4.983880997,5.896422386,7.742757320,4.945419312,6.040554523,7.771491051,4.868495941,5.892494202,7.744132996,4.853979111,6.017662048,7.776625156,4.868495941,4.861793995,5.911713600,7.744248867,4.817438126,6.033777237,7.744309425,4.906957626",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,34940,80,finished,21,11,1499348002450018,1499348012729966,1499348012487215,0,0,585,1868,4840,16321,0,168,655391.8,4897215,1186666.9,1408178323456.0,3.5,"168,874,4896388,4897215,3139,3939,250433,254530,4103,1006878,1011034,4128,267330,271177,3882,1007953,1011957,4030,246777,250412,3605,1038702,1042399,3673,241578,245223,3629,1046261,1049943,3750,242035",52,713.8,1920,751.0,564013.2,4.2,"60,60,52,435,52,1823,52,637,1920,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1920,52,435,1822,52,637","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.571673870,5.072907925,4.969671726,5.887361526,4.878231525,7.741217613,4.885738850,6.010152817,7.782044411,4.945419312,5.887085915,7.743456841,4.983880997,6.006285667,7.788482189,4.969364166,5.877018929,7.744219303,4.983880997,6.010739803,7.771894455,4.983880997,5.901759148,7.743703842,5.022342682,6.005155087,7.771924019,4.892440796,5.896227837,7.743970394,4.983880997,6.034862995",HTTP,7,0,Acceptable,Web,6,DPI,"12,14" +1,ip4,172.16.0.1,192.168.10.50,tcp,35626,80,finished,21,11,1499348068136241,1499348078263151,1499348077222575,0,0,585,1868,4840,16415,0,124,619782.1,3953842,972474.7,945707024384.0,3.7,"124,706,3953188,3953842,3024,3763,1020630,1024309,3710,248238,252345,4156,1041683,1045979,4295,255096,258771,3649,1007135,1010804,3655,252666,256217,3575,1010481,1014239,3761,262869,266680,3784,1039870",52,716.7,1920,755.5,570797.2,4.2,"60,60,52,637,52,1920,52,435,1822,52,637,1918,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435,1822,52,637,1919,52,435","11,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.605007172,5.106241703,4.969672203,6.010980606,4.854287148,7.776665688,4.983880997,5.869518280,7.738469601,5.022342682,6.005230904,7.777610302,5.022342682,5.854826927,7.740310192,5.022342682,6.000309944,7.769937992,5.022342682,5.859811783,7.741565704,4.983880997,6.018991470,7.775127888,4.983880997,5.899751663,7.740706921,4.945419312,6.032977104,7.768198013,4.945419312,5.894873619",HTTP,7,0,Acceptable,Web,6,DPI,"1,12,14" diff --git a/test/results/flow-analyse/activision.pcap.out b/test/results/flow-analyse/activision.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/activision.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/afp.pcap.out b/test/results/flow-analyse/afp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/afp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/agora-sd-rtn.pcap.out b/test/results/flow-analyse/agora-sd-rtn.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/agora-sd-rtn.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ah.pcapng.out b/test/results/flow-analyse/ah.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ah.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/aimini-http.pcap.out b/test/results/flow-analyse/aimini-http.pcap.out new file mode 100644 index 000000000..3a1089152 --- /dev/null +++ b/test/results/flow-analyse/aimini-http.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.101.0.2,10.102.0.2,tcp,28501,80,finished,14,18,1614860229383219,1614860229387313,1614860229385946,0,0,1460,1460,4110,20912,0,1,220.0,1148,358.7,128687.4,3.4,"532,1116,414,1004,27,697,105,894,3,1,2,1,1,2,2,191,11,276,4,1,4,2,1,3,3,78,197,1,99,1148,1",46,824.4,1500,690.0,476082.3,4.4,"48,48,48,48,46,635,46,635,1500,1500,1500,1500,1500,1500,1500,276,1500,1500,46,1500,1500,46,1500,1500,46,1500,276,46,46,46,1500,1500","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,0,1,1,0,0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,0,0,0,0","3.876627445,4.083755016,4.256327152,4.460499287,3.752108097,6.013849258,4.032184601,6.031517506,7.687114239,7.864995956,7.665461540,7.860690594,7.831142426,7.843841553,7.850586891,7.036180973,7.689830303,7.865575314,3.752107620,7.667116165,7.864095211,3.752107859,7.832858562,7.845948219,3.752108335,7.852002144,7.046712399,3.988705873,4.032184124,3.988706112,5.843052864,4.502032280",HTTP.Aimini,7.99,0,Fun,Download,6,DPI,"" diff --git a/test/results/flow-analyse/ajp.pcap.out b/test/results/flow-analyse/ajp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ajp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/alexa-app.pcapng.out b/test/results/flow-analyse/alexa-app.pcapng.out new file mode 100644 index 000000000..46e0ee1d5 --- /dev/null +++ b/test/results/flow-analyse/alexa-app.pcapng.out @@ -0,0 +1,25 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,172.16.42.216,52.85.209.216,tcp,54411,443,info,14,18,1490976041942417,1490976042286958,1490976042283855,0,0,1030,1448,1358,15533,0,47,22128.4,90510,31052.4,964249024.0,3.6,"46971,52965,277,73178,134,18906,393,341,423,88175,318,744,233,8121,32759,75313,63701,49446,70919,806,90510,2043,419,465,407,524,703,47,5315,294,1129",52,580.3,1500,637.0,405792.1,4.1,"60,60,52,254,52,52,1500,1500,1500,819,52,52,52,52,178,1082,294,52,52,1500,1500,52,1500,1500,1500,450,1500,1112,86,52,52,52","11,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,1,1,1,1,1,1,1,0,0,0","4.626680851,5.273560524,5.056022167,5.578444004,5.038779736,5.038779736,6.941484451,7.235523224,7.505930424,7.618381500,5.017560482,4.979098797,4.979098797,4.979099274,6.314942837,7.805894852,7.019865036,5.056022167,5.000318527,7.867209435,7.863208771,4.979098797,7.856099606,7.887753487,7.874964714,7.517594337,7.873031139,7.831841469,5.789580822,4.979099274,4.979098797,4.940637589",,,,,,,,"" +1,ip4,172.16.42.216,52.94.232.134,tcp,45661,443,finished,18,14,1490976041156517,1490976043655892,1490976043654956,0,0,1114,1460,4861,5515,0,70,161219.8,1015894,286084.3,81844248576.0,3.4,"55686,59305,1428,66601,358,70,64102,4784,271,2661,66908,3070,100753,8343,108356,5909,66864,500848,354092,941132,3002,88712,111843,176480,211,64686,9150,104205,1015894,966451,45639",40,366.2,1500,485.1,235358.5,3.9,"60,48,40,247,1500,1500,385,40,40,40,366,46,99,40,1122,46,941,40,1106,1106,46,493,40,1154,46,877,40,40,46,40,46,40","12,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0","4.617588520,5.095174789,4.784183979,5.540180683,6.803335667,7.281946659,7.383058548,4.784183979,4.784183979,4.734184265,7.281152725,4.652828693,6.003940582,4.881687164,7.811503887,4.501398087,7.765291691,4.831687450,7.799355507,7.797914982,4.565871716,7.570134640,4.831686974,7.815543175,4.565872192,7.742568493,4.881687164,4.931687355,4.544876099,4.831687450,4.544876099,4.781687260",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,72.21.206.135,tcp,42130,443,info,18,14,1490976043814984,1490976046401041,1490976046398896,0,0,1460,1460,5245,5794,0,38,166773.2,835939,244032.9,59552047104.0,3.7,"54151,55408,518,50304,258867,520111,785264,3831,152,61,38,60785,290,133,140,52112,10967,286978,223908,2741,139187,177,171943,179936,143,402714,22375,216464,783828,835939,50504",40,387.0,1500,534.6,285800.0,3.9,"60,48,40,245,46,245,245,46,1500,1500,1500,674,40,40,40,40,166,1500,91,468,46,46,466,40,1500,1196,46,343,40,40,46,40","10,0,0,1,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0","7,1,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,0,1,1,1,0,0,0,1,1,0,0,1,0","4.639262199,5.093094349,4.881687164,5.568202496,4.549461365,5.554956913,5.568202496,4.565872192,7.128635883,7.312258720,7.415528297,7.604400635,4.781687260,4.881687164,4.831687450,4.781687260,6.335466385,7.875119209,5.923600674,7.493732452,4.609350681,4.565872192,7.514861107,4.781687260,7.858917713,7.840357780,4.609350681,7.350516796,4.881687164,4.931686878,4.609350204,4.881687164",,,,,,,,"" +1,ip4,172.16.42.216,54.239.24.186,tcp,34034,443,finished,19,13,1490976047050685,1490976047738970,1490976047737869,0,0,1460,510,18550,666,0,114,44370.0,352057,78836.5,6215196160.0,3.5,"57034,58621,1781,56791,4768,135,59291,267,22886,80040,5852,71839,321,148,565,303,201,1403,296,114,67763,34752,23901,352057,295338,129,57737,650,60553,128,59805",40,643.2,1500,676.9,458225.8,4.1,"60,48,40,299,46,46,196,40,91,806,46,550,1500,1425,1500,1500,1500,1500,1500,1500,69,46,46,46,1500,46,46,1500,1500,46,46,1500","4,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,11,0,0","11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,0","4.705928802,5.119034290,4.831687450,5.956132412,4.565872192,4.522393703,6.373359203,4.831687450,5.346002579,7.707840443,4.565872192,7.614433289,7.881308079,7.868000031,7.843427658,7.860275269,7.859666824,7.853141308,7.878274441,7.872379303,5.651857376,4.478915691,4.522393703,4.522393703,7.860081673,4.565871716,4.565872192,7.860362053,7.853739262,4.609350681,4.609350681,7.878521442",TLS.AmazonAWS,91.265,1,Acceptable,Cloud,6,DPI,"" +1,ip4,172.16.42.216,52.85.209.216,tcp,54434,443,finished,17,15,1490976064452332,1490976068084335,1490976068174801,0,0,1448,1448,7862,9710,0,123,237241.0,2896813,560116.6,313730662400.0,2.8,"52937,67187,1048,63231,9607,59757,285,20918,462,225,155,1078,225,97487,133,7299,15901,484594,178,170,116007,306256,538314,1116565,2896813,279,153,126,123,583169,913790",52,603.1,1500,665.4,442821.7,4.1,"60,60,52,569,52,208,52,103,1500,1500,125,1500,1500,1481,52,52,52,52,1500,1500,1209,1209,1500,1500,1500,52,64,64,64,64,52,52","9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0","7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,1","4.705928802,5.273560047,4.979098797,6.082272053,5.000318527,6.571692467,5.056022167,5.591795921,7.858945847,7.890957355,6.413620949,7.866191387,7.874218941,7.863078117,5.038779736,5.000318050,5.000318050,4.884933472,7.878181458,7.882399559,7.840240955,7.842101574,7.879061222,7.879629612,7.876855850,4.940637112,4.991729736,5.085479736,5.116729736,5.116729736,5.056022167,5.000318050",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"" +1,ip4,172.16.42.216,54.239.29.146,tcp,41691,443,info,11,21,1490976067968666,1490976068790465,1490976070313997,0,0,1460,1460,3760,16863,0,41,102165.5,486056,138313.6,19130660864.0,3.7,"92394,95354,2440,97381,1862,14105,301,61,113369,268,157,49644,132555,83310,183928,260,326122,293069,272379,138,443688,400,541,41,276469,199153,505,44,713,486056,423",40,686.3,1500,682.0,465082.8,4.2,"60,48,40,261,46,46,1500,1500,450,40,40,40,166,91,40,1500,533,46,1500,46,46,1500,1500,1500,211,1500,1500,1500,211,1500,1500,1500","6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","6,1,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1","4.672595501,5.134760857,4.731687546,5.428875923,4.609350681,4.609350204,7.207319260,7.309862137,7.406122684,4.781687260,4.831686974,4.831686974,6.560224533,5.827393532,4.734183788,7.885433197,7.643744469,4.652828693,7.886434555,4.522393703,4.462504387,7.848043919,7.856681824,7.865322113,6.980444908,7.848917007,7.856569290,7.864667892,6.965065002,7.849271774,7.848181248,7.856681824",,,,,,,,"" +1,ip4,172.16.42.216,52.94.232.134,tcp,45703,443,finished,19,13,1490976085644885,1490976090198099,1490976090039279,0,0,1460,677,8230,2302,0,65,288632.5,1569527,416979.2,173871693824.0,3.7,"325447,332868,307,247719,185,241306,284,257,23807,287,429915,65,1569527,1485936,352980,706902,73800,283,358821,365,256619,3724,240,956217,948562,95336,235551,1125,68,275387,23718",40,371.1,1500,516.0,266233.0,3.9,"60,48,40,279,125,93,40,40,99,1500,174,46,46,174,46,717,40,1500,238,46,525,40,1500,206,525,40,1500,46,557,46,40,1500","8,1,0,0,2,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,0,0","4.705928802,5.176427841,4.831686974,5.818729401,6.126292229,6.106202126,4.781687737,4.781687260,5.941904068,7.857767582,6.910596848,4.609350204,4.462504387,6.922091484,4.565871716,7.688728809,4.831687450,7.879225254,7.100984097,4.652828693,7.572484970,4.831687450,7.874036789,7.033442974,7.572484970,4.831687450,7.874202251,4.652828693,7.581998825,4.652828693,4.731687546,7.891161442",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,52.94.232.134,tcp,45710,443,finished,16,16,1490976088631582,1490976090996390,1490976091223863,0,0,1460,1093,7259,2355,0,30,159906.1,1191626,282043.2,79548358656.0,3.5,"214415,219069,3661,1161828,1191626,138,43,75944,170423,352,118993,9705,7936,105518,89968,79074,135403,22399,255382,307,202303,1216,199697,125,147,204784,30,11403,221917,129,253154",40,343.0,1500,486.7,236894.1,3.9,"60,48,40,279,279,46,125,93,40,46,178,40,99,1500,46,206,46,46,1133,1500,254,46,541,1500,270,162,46,46,525,1500,190,46","4,1,0,1,1,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","10,1,1,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,1,0,1,1,0,0,0,1,0,1,1,1,0,0,1,1,0,0,0,1,1,1,0,0,1","4.672595501,5.134761333,4.762815475,5.883847237,5.876678944,4.609350204,6.148330688,5.967529297,4.712815285,4.565871716,6.521196365,4.662815094,5.915507793,7.852227211,4.565872192,6.894952297,4.565871716,4.565871716,7.832350731,7.860533714,7.115900993,4.609350204,7.520314217,7.876235962,7.163622856,6.629608631,4.522393703,4.609350204,7.614107132,7.867299557,6.817775249,4.609350204",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,52.94.232.134,tcp,45712,443,finished,18,14,1490976088958157,1490976092170541,1490976092236982,0,0,1460,661,8342,1817,0,69,209393.8,1080313,303367.1,92031574016.0,3.7,"1005698,1080313,210230,18680,169715,18028,104975,95,107187,277,11694,34788,143,215183,306,69,21708,195595,278,202797,728,212905,264,205823,10952,236264,754701,277,888900,405375,377261",40,360.5,1500,516.5,266795.3,3.8,"60,60,48,40,279,48,40,125,93,40,40,99,1500,254,46,46,46,541,1500,206,46,701,1500,238,46,557,40,1500,206,46,1500,46","7,1,0,0,0,2,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1","4.693347454,4.647432327,5.119034290,4.831686974,5.881499290,5.077367306,4.881687164,6.046293259,6.063190460,4.781687260,4.881687164,5.804432392,7.875989437,7.151407242,4.652828693,4.565872192,4.609350681,7.607057095,7.888786316,6.953813553,4.652828693,7.704366207,7.873492241,7.130478382,4.609350204,7.637624264,4.881687164,7.872291088,6.858013630,4.501398087,7.871377945,4.522393703",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,54.239.29.253,tcp,40856,443,finished,11,21,1490976107455953,1490976108033189,1490976108034115,0,0,1460,1460,2227,13907,0,48,37270.9,325585,74532.9,5555151872.0,3.0,"55943,57350,1409,113314,370,112296,148,3166,65706,1386,70006,242,85334,246615,142,48,84,325585,285,3839,797,233,347,98,286,299,648,356,1116,6749,1201",40,545.4,1500,489.8,239933.9,4.4,"60,48,40,251,1500,1275,40,40,366,46,99,1500,270,46,1021,589,589,589,40,40,1500,1500,741,1101,589,589,589,589,589,589,40,589","7,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,0,1","4.617588520,5.160700798,4.812815189,5.608482361,7.251046658,7.253318787,4.881687164,4.881687164,7.319745541,4.609350204,6.071163177,7.874879360,7.157014847,4.609350681,7.805180550,7.654304981,7.622537136,7.647720337,4.881687164,4.831687450,7.897753239,7.890997410,7.726983070,7.812017441,7.596513748,7.640295982,7.658002377,7.630609512,7.630146980,7.583954334,4.881687164,7.691880703",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,54.239.29.253,tcp,40854,443,finished,17,15,1490976107365814,1490976108753694,1490976108749413,0,0,1460,1460,5131,7946,0,38,89402.5,932653,197976.2,39194591232.0,3.0,"109911,111642,1568,102004,158,101584,303,1866,56194,150,87519,19070,7646,147913,304065,639361,932653,32742,136,49,686,68,38,318,579,110731,248,1820,214,123,120",40,450.1,1500,541.5,293230.8,4.0,"60,48,40,251,1500,1275,40,40,366,46,99,40,1500,254,46,1500,1500,46,1021,589,589,589,589,589,1469,77,40,40,40,40,40,40","11,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0","0,1,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0","4.660013676,5.218094349,4.762815475,5.646678925,7.241643429,7.258272171,4.781687260,4.831686974,7.252469063,4.652828693,6.063538551,4.881687164,7.878282547,7.156798363,4.522393703,7.878647804,7.879301548,4.652828693,7.771139622,7.614057541,7.658779144,7.663974285,7.639388084,7.634205341,7.870131969,5.701726913,4.831686974,4.831687450,4.881687164,4.831686974,4.881687164,4.881687164",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,52.94.232.134,tcp,45711,443,finished,21,11,1490976088937719,1490976109911223,1490976110045165,0,0,1460,901,10414,1844,0,138,1357450.1,9247029,2197151.2,4827473510400.0,3.5,"992408,1100523,1068,243574,812,17238,3008616,6019841,9247029,138,67248,300,303,66691,669495,281,275185,528033,1079938,2835215,349963,114629,72089,219293,5051089,276,5193864,64990,174211,2275400,2411210",40,425.8,1500,556.2,309356.4,3.9,"60,60,48,48,40,40,279,279,279,125,93,40,40,99,46,1500,1118,1500,1500,1500,46,1118,46,941,40,1500,222,46,845,40,40,46","9,1,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,5,0,0","7,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,1,0,1,1,0,0,0,1,1,0,0,1","4.705928802,4.705928802,5.160700798,5.077367783,4.881687164,4.881687164,5.840246201,5.847414970,5.847414970,6.003486633,5.947547913,4.693943024,4.831686974,6.024143219,4.609350204,7.869801998,7.823491096,7.871860504,7.870593548,7.871356964,4.565872192,7.822906017,4.609350204,7.791450024,4.681686878,7.872803211,6.941987991,4.652828693,7.739228249,4.881687164,4.931686878,4.544876575",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,176.32.101.52,tcp,44001,443,info,17,15,1490976093358419,1490976114866501,1490976095732113,0,0,1460,1460,3149,4067,0,32,770379.9,19096185,3357549.8,11273140961280.0,1.4,"123577,127990,5388,470526,584,630,42,1232537,1463,5048,697,664,10016,973197,496,53,32,190922,73204,348,171867,142,116971,408177,413652,66693,140934,83299,138,166304,19096185",40,267.5,1500,412.9,170449.2,3.9,"60,48,40,232,46,1500,1500,522,232,232,40,40,40,166,46,46,46,85,40,1500,276,46,198,104,278,233,232,46,46,258,40,342","7,0,1,1,0,0,5,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","8,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,0,0,1,1,1,0,0","4.739262104,5.134761333,4.812815189,5.509502888,4.565871716,7.166137695,7.318473339,7.577383041,5.500881672,5.500882149,4.831686974,4.881687164,4.734184265,6.340515137,4.501398087,4.501398087,4.835486889,5.641122818,4.831686974,7.860523701,7.242097378,4.462505341,6.761913776,6.045580387,7.062158108,7.012423515,6.904469013,4.522393703,4.565872192,7.040098190,4.831687450,7.286717415",,,,,,,,"" +1,ip4,172.16.42.216,52.84.63.56,tcp,51986,80,finished,17,15,1490976134141916,1490976134949644,1490976134943908,0,0,547,1448,1641,15770,0,121,51926.5,295198,97638.1,9533208576.0,3.0,"57953,60331,1632,154699,385,386,415,483,524,207,360,156722,299,4146,127,3380,248,131,172,143,126,121,6987,268261,295198,18253,286273,480,356,286588,4334",52,597.0,1500,635.8,404189.9,4.1,"60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,52,52,1500,427,52,52,52,52,52,52,52,599,599,427,64,592,1500,1500,52,52","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,1,1,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,1,1,0,0","4.650922298,5.231404781,5.038780212,6.035903931,5.085056305,7.148868561,7.815765381,7.846660614,7.867961407,7.834940910,7.842315674,7.841011524,5.000318527,5.038780212,7.824505806,6.526866436,5.038780212,5.038780212,5.038780212,5.000318527,5.000318527,5.000318527,5.000318527,6.008402348,6.008402348,6.531550407,5.026865005,5.889882088,7.468186855,7.750551224,5.038780212,5.038780212",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"" +1,ip4,172.16.42.216,54.239.29.253,tcp,40871,443,finished,15,17,1490976136930982,1490976138976244,1490976139259019,0,0,1460,1460,6666,5757,0,24,141074.2,1107068,256640.3,65864265728.0,3.2,"111073,112352,831,179894,143,45,179940,2913,265,3255,516,135136,162,170164,502171,1107068,16816,231,180,41,28,24,706579,352,9657,355942,325,629177,147816,149,54",40,430.0,1500,555.4,308431.6,4.0,"60,48,40,283,46,125,93,40,40,99,1500,286,46,46,1500,1500,46,1500,121,1500,153,429,77,40,40,40,1500,318,46,1021,589,589","7,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","6,2,2,1,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1","4.672595501,5.093094349,4.831687450,5.938469410,4.522393703,6.167151451,6.033568382,4.831686974,4.881687164,6.044344425,7.863042355,7.143759251,4.522394180,4.565872192,7.864801884,7.864607811,4.565872192,7.861513138,6.401272774,7.883206367,6.629675865,7.515489578,5.831597805,4.781687260,4.831687450,4.712815285,7.866571903,7.334980965,4.565871716,7.784813404,7.636542797,7.660583019",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"8" +1,ip4,172.16.42.216,52.84.63.56,tcp,51995,80,finished,15,17,1490976139643559,1490976140004854,1490976140002371,0,0,547,1448,1094,21002,0,45,23229.3,179149,43867.1,1924322304.0,3.1,"31287,34141,578,113361,46407,49,49,50,45,46,11194,1598,7176,179149,121,126,120,120,142,3369,257,407,4520,99192,277,120761,46881,156,255,789,17484",52,743.4,1500,681.3,464196.8,4.3,"60,60,52,599,52,1500,1500,1500,1500,1500,1500,1500,1223,1223,52,52,52,52,52,52,52,52,64,599,1500,1500,52,1500,1336,1500,1500,52","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,12,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,0","4.684255600,5.264738083,4.815825462,5.981299400,4.959492683,7.149340153,7.740746498,7.612607002,7.631985664,7.692628384,7.667311668,7.729136467,7.507924080,7.508758068,5.115703106,5.000318050,5.077241421,5.062724590,5.115703106,5.077241421,5.077241421,5.077241421,5.163660049,6.000374794,7.141010284,7.761897087,5.115703106,7.808045864,7.811527252,7.791535378,7.807326794,4.955154419",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"" +1,ip4,172.16.42.216,52.84.63.56,tcp,51992,80,finished,16,16,1490976139642766,1490976140230625,1490976140359077,0,0,547,1448,1641,18414,0,97,42070.0,510931,110064.9,12114281472.0,2.5,"24956,26298,431,110222,135,214,308,354,363,1114,487,409,385,114928,244,126,125,3452,97,26252,252,149,120,119,152,4719,62468,45133,368811,510931,416",52,679.6,1500,671.9,451493.0,4.2,"60,60,52,599,52,52,1500,1500,1500,1500,1500,1500,1500,1500,52,52,52,52,1500,1295,52,52,52,52,52,52,599,1295,64,599,1500,1500","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,1,1","4.650921822,5.231404781,5.077241898,5.992787838,5.008132935,4.955154419,7.144702911,7.824075699,7.838180542,7.817303181,7.827538967,7.785875320,7.819852829,7.815253735,5.038779736,5.000318527,4.908877850,5.038779736,7.787726402,7.553128719,5.038780212,5.038780212,5.038779736,5.038780212,5.038780212,5.038780212,6.005241394,7.550778389,5.163660049,6.010917664,7.134511948,7.768814087",HTTP.Amazon,7.178,0,Acceptable,Web,6,DPI,"" +1,ip4,172.16.42.216,52.85.209.197,tcp,55242,443,info,15,17,1490976029248822,1490976030758212,1490976150757970,0,0,1448,1448,5474,6814,0,33,3968339.8,120002762,21185284.0,448816230694912.0,0.3,"77142,79508,13198,60889,401,551,135,48584,1797,3570,177758,227426,44512,20026,267154,445550,122636,142,45,33,282451,8709,270484,1626,407007,145,164075,140,290013,120002762,69",52,436.5,1500,570.0,324877.8,3.9,"60,60,52,273,52,1500,1500,626,52,52,52,178,294,52,1416,1416,52,1500,300,96,86,52,52,1500,1003,52,52,1315,86,52,83,52","9,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1,0,0","7,3,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,1,1,1,1,1,0,0,0,0,1,1,1,1,0,1,1","4.739262104,5.306893826,5.017560959,5.448555946,5.115703583,6.960030556,7.238288403,7.584036827,5.017560959,5.094483852,5.041505337,6.602245331,7.164677143,5.041505337,7.862887383,7.863117218,5.115703106,7.885983467,7.259884357,6.084556580,5.826154709,5.094483852,5.132945538,7.862029552,7.810581207,5.115703106,5.077241421,7.851958752,5.873827457,5.132945538,5.636672497,5.115703106",,,,,,,,"" +1,ip4,172.16.42.216,54.239.28.178,tcp,50799,443,info,18,14,1490976177276176,1490976187574979,1490976187571653,0,0,1460,1460,8229,4012,0,112,664331.6,8001087,1905246.8,3629965115392.0,2.5,"133822,140403,3233,141605,1309,112,137230,287,136,2714,82197,163,95708,410,359058,405413,633638,688626,100774,373131,50752,202632,7767064,1576,8001087,353783,410110,314766,108314,179,84048",40,424.7,1500,584.7,341856.6,3.8,"60,48,40,247,1500,1500,385,40,40,40,366,46,99,1500,190,46,1500,99,40,1500,46,669,40,1500,286,46,40,46,1500,46,46,40","9,0,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","8,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,0,0,0,1,1,0,0,1,0,1,0,0,1,1,0,0,0,1,0,1,0,1,1,0","4.739262104,5.176427841,4.831687450,5.587803364,6.784171104,7.276063442,7.379589558,4.681686878,4.831686974,4.881687164,7.374952793,4.565872192,6.002931595,7.862873554,6.853326321,4.609350204,7.863068104,6.002931595,4.831687450,7.863775730,4.652828693,7.736141205,4.831687450,7.863870144,7.273199081,4.501398087,4.781687260,4.544876099,7.864799976,4.565871716,4.609350204,4.881687164",,,,,,,,"" +1,ip4,172.16.42.216,52.85.209.143,tcp,41828,443,info,15,17,1490976195529965,1490976195874449,1490976195873685,0,0,1448,1448,4065,11044,0,49,22200.1,105973,31062.3,964868608.0,3.6,"42665,43661,659,44970,3982,526,602,251,50626,787,253,1113,7308,12716,306,65597,42616,4166,48889,363,25248,76421,105973,250,551,581,305,49,101959,2918,1893",52,525.8,1500,600.4,360465.6,4.1,"60,60,52,254,52,1500,1500,1500,819,52,52,52,52,178,1500,767,64,178,1500,64,306,52,52,1500,1500,1500,683,594,129,52,149,52","9,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","5,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,1,1,1,0,1,1,1,1,1,1,0,1,0","4.672595501,5.194312096,4.986606121,5.562634945,5.014835358,6.943727970,7.231536865,7.504313469,7.550236702,5.056022167,4.926120281,5.003043652,4.940637589,6.271958828,7.856376171,7.737624168,5.206705093,6.298671246,7.856991291,5.133970261,7.098200321,5.000318050,4.979098797,7.871394634,7.857693672,7.882867336,7.672193050,7.592197895,6.342199802,4.986606121,6.480828762,4.846472263",,,,,,,,"" +1,ip4,172.16.42.216,52.84.62.115,tcp,41913,443,info,16,16,1490976195984177,1490976196473740,1490976196515206,0,0,1277,1448,5359,12694,0,54,32922.3,261773,58822.9,3460134400.0,3.5,"16682,17944,1581,27330,5292,477,511,279,32463,293,12932,291,133,38969,52766,61918,541,272,54,35117,659,5109,216850,261773,199,39363,7450,74173,66612,42132,427",52,617.0,1500,624.9,390532.6,4.2,"60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1329,1500,1500,756,86,52,52,1294,1294,848,86,52,1305,86,64,1500,1500","10,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0","2,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,0,0,0,0,1,1,0,0,1,0,1,1","4.672595501,5.227645397,4.979098797,5.733110428,5.038779736,7.056696892,7.289340973,7.487235546,7.581061363,5.056022644,5.056022644,5.056022167,5.017560482,6.267822742,7.174037933,7.836223602,7.860962391,7.884104729,7.725840569,5.789581299,4.948144436,4.933627605,7.835659504,7.836359024,7.744181633,5.795281410,4.926120281,7.845304489,5.818537712,4.911738873,7.873147964,7.870454311",,,,,,,,"" +1,ip4,172.16.42.216,52.85.209.143,tcp,38483,443,finished,10,22,1490976196223999,1490976196651032,1490976196769763,0,0,666,1448,1652,16510,0,67,31380.5,241435,57224.6,3274655232.0,3.4,"33996,35089,2227,37919,5059,483,236,42863,280,131,30800,68825,38426,227149,241435,50068,58385,55537,3754,2000,4418,1636,659,7796,67,79,9049,341,3084,756,10250",52,620.4,1500,578.4,334504.2,4.3,"60,60,52,246,52,1500,1500,618,52,52,52,178,103,718,718,103,64,52,1096,427,256,815,905,441,1500,177,557,1500,1500,1500,1500,1500","6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,2,0,1,0,0,1,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.672595501,5.240227222,5.056022644,5.370272160,5.154164791,6.988568306,7.250431538,7.681571960,5.014835835,5.094483852,5.094484329,6.573484898,6.064765453,7.685264111,7.690067768,6.064765930,5.061889172,5.154164791,7.838786125,7.447540760,7.087004662,7.738961697,7.760296345,7.499400616,7.878207684,6.822522163,7.598652363,7.869508743,7.877407074,7.877415180,7.877339363,7.877696514",TLS.Amazon,91.178,1,Acceptable,Web,6,DPI,"15,24" +1,ip4,172.16.42.216,52.84.62.115,tcp,41914,443,info,18,14,1490976195985305,1490976196879161,1490976196866304,0,0,1285,1448,5470,9856,0,50,57253.4,264056,85984.0,7393244160.0,3.6,"22841,23998,943,22793,6583,564,615,276,39690,124,146,157,6771,37572,46160,226745,213104,3861,222252,264056,50,55344,103406,128,10396,183950,242536,953,71,38628,142",52,532.2,1500,595.2,354289.1,4.1,"60,60,52,271,52,1500,1500,1500,750,52,52,52,52,178,310,1337,310,64,1337,1337,930,86,86,52,52,64,1322,1500,1500,508,52,52","12,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,0,0,0,0,0,0,0","2,2,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,0,0,1,1,1,0,0,0,0,1,1,1,0,0","4.705928802,5.306893826,5.094483852,5.740943432,5.077241898,7.061615944,7.289163589,7.495290279,7.599352837,5.094483852,5.017560482,5.094483852,5.017560482,6.445491791,7.218114853,7.854625702,7.211663246,5.042434692,7.851956367,7.855620384,7.792708397,5.812836647,5.812836647,5.056022167,5.132945538,5.093139648,7.841275692,7.859713554,7.867431164,7.510861874,5.094483852,5.094483852",,,,,,,,"" +1,ip4,172.16.42.216,54.239.23.94,tcp,44912,443,info,18,14,1490976186884448,1490976195471370,1490976197346218,0,0,1460,1460,10437,5046,0,32,614473.9,7470598,1477715.5,2183643136000.0,2.8,"168457,171158,1511,108893,4406,1671,697,112679,290,4146,167,6217,127,10389,13091,1079,255,290409,42,32,60,299358,743,529311,1065924,2114234,3665356,7470598,595200,595070,1817122",40,526.2,1500,637.5,406420.1,3.9,"60,48,40,267,46,46,1500,1500,40,40,1500,655,40,40,166,1500,1424,360,46,46,91,46,40,1424,1424,1424,1424,40,46,1424,46,46","8,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,1,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,1,1","4.626680374,5.134761333,4.831686974,5.716956139,4.609350204,4.505982876,7.141723156,7.316176414,4.831687450,4.812815189,7.392494678,7.608505726,4.881687164,4.831687450,6.348018646,7.864303589,7.858262062,7.260771751,4.390829086,4.347350597,5.864610672,4.390829086,4.684184074,7.859017372,7.859235764,7.859332085,7.859507561,4.784183979,4.347350597,7.859881401,4.457920074,4.501398087",,,,,,,,"" diff --git a/test/results/flow-analyse/alicloud.pcap.out b/test/results/flow-analyse/alicloud.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/alicloud.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/among_us.pcap.out b/test/results/flow-analyse/among_us.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/among_us.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/amqp.pcap.out b/test/results/flow-analyse/amqp.pcap.out new file mode 100644 index 000000000..733684bd4 --- /dev/null +++ b/test/results/flow-analyse/amqp.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,127.0.0.1,127.0.1.1,tcp,44205,5672,finished,16,16,1490904166118902,1490904169595775,1490904169595788,37,0,329,0,2113,0,1,31,224314.8,2001684,536643.9,287986745344.0,2.4,"31,198,177,103,103,2001663,2001684,188,167,98,97,1032593,1032598,113,109,94,93,11037,11041,111,108,94,93,17674,17676,105,104,99,99,412703,412706",52,118.0,381,99.5,9895.7,4.6,"93,52,148,52,355,52,93,52,148,52,355,52,90,52,148,52,381,52,89,52,148,52,257,52,91,52,148,52,311,52,90,52","0,6,0,5,0,0,1,0,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.892737865,4.569115162,5.131951332,4.569115162,5.420554638,4.569115162,4.937272072,4.569115162,5.150565624,4.569115162,5.432780266,4.569115162,4.933847904,4.569115162,5.110024929,4.516136646,5.444756508,4.569115162,4.894715786,4.569115162,5.123056412,4.569115162,5.521058559,4.530653477,4.818450451,4.530653477,5.131469727,4.569115162,5.487017632,4.569115162,4.933847904,4.569115162",AMQP,192,0,Acceptable,RPC,6,DPI,"" diff --git a/test/results/flow-analyse/android.pcap.out b/test/results/flow-analyse/android.pcap.out new file mode 100644 index 000000000..0f2cf621e --- /dev/null +++ b/test/results/flow-analyse/android.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.16,216.239.38.120,tcp,32996,443,finished,17,15,1582454871152402,1582454871906464,1582454871901421,0,0,512,1418,819,10828,0,3,48486.5,404574,104241.1,10866214912.0,3.0,"13673,15022,32725,47474,16568,3,34518,282,386517,404574,19668,197623,221096,19209,15019,27735,41804,1657,22,36,1002,1575,133,18,9,1204,14,1169,2703,19,10",52,416.5,1470,552.7,305506.2,3.9,"60,60,52,232,52,1470,1188,52,52,145,344,52,564,52,86,52,641,52,1470,1470,1407,1470,52,1470,382,88,52,52,52,52,52,52","13,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,5,0,0,0","0,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,0,0,0,0,0,0","4.671797276,5.277319908,5.092563152,5.518131256,5.077241421,7.236341000,7.433474064,5.131024837,5.131024837,6.086913109,7.119209766,4.962661266,7.515064716,4.947339535,5.439514160,5.038779736,7.633175850,5.015639782,7.866302967,7.846067905,7.867026806,7.835390091,5.092563152,7.847195148,7.413039684,5.580356598,5.054101467,5.092563152,5.054101467,5.092563152,5.015639782,4.977178097",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/anyconnect-vpn.pcap.out b/test/results/flow-analyse/anyconnect-vpn.pcap.out new file mode 100644 index 000000000..461b29aa6 --- /dev/null +++ b/test/results/flow-analyse/anyconnect-vpn.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.0.227,8.37.102.91,tcp,56919,443,info,17,15,1569687245688240,1569687246009851,1569687246009730,0,0,1448,1448,6050,7973,0,0,20745.2,71520,21568.3,465190496.0,4.0,"39490,39550,431,43733,1217,44517,40926,4,40928,1,38216,8,38254,1,33217,1,0,71520,5,38273,6102,35094,41225,217,42300,2869,5,1,44938,0,58",52,490.7,1500,597.2,356597.6,4.0,"64,56,52,219,52,1500,52,1500,1500,52,52,1500,1167,52,52,1500,1500,1319,52,52,663,52,127,52,1161,52,345,697,105,52,52,52","11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,2,0,0","6,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,0,0,0","4.277806282,5.056655407,4.776611805,5.499976635,4.815073490,7.340889931,4.829590321,7.117477894,7.208638191,4.868052006,4.829590321,7.407335281,5.918903828,4.829590321,4.829590321,6.806384563,7.188310623,7.472460270,4.685171604,4.791129112,7.602285385,4.714205265,6.163617611,4.752666950,7.823616028,4.868052006,7.252848148,7.725178242,5.773176193,4.906513691,4.829590321,4.829590321",,,,,,,,"" +1,ip4,10.0.0.227,8.37.96.194,tcp,56921,4287,finished,16,16,1569687260591875,1569687261807505,1569687261836138,0,0,1195,1368,2943,4489,0,272,79351.4,384774,121592.3,14784686080.0,3.7,"28537,28596,272,35158,11581,46466,4231,33144,2963,31899,1468,30539,1730,30777,254948,281121,5133,31326,314965,342213,26303,53543,25788,25778,4801,30501,2712,28408,358152,384774,2066",52,285.0,1420,416.2,173206.9,3.9,"64,64,52,200,52,1360,52,1247,52,103,52,496,52,463,52,363,52,167,52,777,52,1420,52,1160,52,114,52,122,52,110,52,110","9,2,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","8,2,1,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1","4.328511238,5.005488396,4.776612282,5.402243614,5.091758728,7.442438602,4.882569313,7.578964233,4.916693211,5.863890648,4.829590321,7.531296730,4.969671726,7.509452820,4.882569313,7.315038681,4.993616581,6.548084259,4.959492683,7.706759453,5.014835358,7.870440960,4.921030998,7.786418438,4.882569313,6.148206234,5.014835358,6.198904037,4.921030998,6.028552055,5.091758728,6.119950771",TLS,91,1,Safe,Web,6,DPI,"5,6,15,24" +1,ip4,10.0.0.227,8.37.102.91,tcp,56929,443,info,15,17,1569687267035097,1569687267393587,1569687267393508,0,0,965,1448,1471,13402,0,0,23125.8,138032,32185.7,1035917504.0,3.6,"42362,42438,1999,46916,1210,46124,40336,4,40344,1,37231,6,37243,1,97159,138032,40854,1159,43270,9027,4,1,1,0,9,1,1,51168,0,0,0",52,517.3,1500,619.3,383541.0,4.0,"64,56,52,204,52,1500,52,1500,1500,52,52,1500,1167,52,52,406,127,52,1017,52,1500,209,1500,209,1500,209,1500,209,52,52,52,52","12,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,0,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0","4.215306282,4.950672150,4.700937271,5.452831745,4.700937271,7.337546349,4.738150120,7.112461567,7.211231709,4.791128635,4.791128635,7.407482147,5.922111034,4.791128635,4.829590321,7.350569248,6.160544395,4.791128635,7.794639587,4.868052006,7.862796307,6.916011810,7.871273518,6.899218082,7.872875214,6.733156681,7.846444607,6.809710979,4.829590321,4.767184258,4.829590321,4.829590321",,,,,,,,"" +1,ip4,10.0.0.227,8.37.102.91,udp,54107,443,finished,16,16,1569687268746220,1569687268990048,1569687268992240,93,0,157,365,2016,3458,0,1,15801.5,47070,18787.6,352972736.0,3.9,"43486,43887,46602,46963,13778,22397,136,45366,3,1,180,3,8893,184,3220,4,34551,3,41128,530,5716,3654,11825,10035,4233,4600,46982,47070,168,405,3845",76,199.1,393,70.7,5001.8,4.9,"127,76,147,216,121,153,153,153,249,201,201,201,185,137,153,345,297,169,217,153,153,297,153,265,185,393,185,265,153,169,169,329","0,0,1,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,2,5,1,2,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,0,1,1,1,1,1,0,0,1,1,1,1,0,0,1,0,1,0,1,0,1,0,0,0,1","5.462343693,4.390864372,5.914839268,6.005654812,5.535966873,6.360437393,6.343824863,6.387973785,6.973914146,6.706965446,6.711217403,6.676970959,6.521679401,6.215778828,6.357885838,7.282065392,7.113596439,6.506012440,6.831180573,6.432122707,6.290798664,7.059806824,6.370957851,7.132057190,6.624488354,7.326114655,6.671812534,7.077751637,6.532753944,6.585647583,6.474001408,7.264476776",DTLS,30,1,Safe,Web,6,DPI,"7" diff --git a/test/results/flow-analyse/anydesk.pcapng.out b/test/results/flow-analyse/anydesk.pcapng.out new file mode 100644 index 000000000..bdda144d0 --- /dev/null +++ b/test/results/flow-analyse/anydesk.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.149.129,51.83.238.219,tcp,43535,80,info,15,17,1591342199201196,1591342201135977,1591342202739154,0,0,1460,1460,5696,5521,0,2,176540.0,1602919,394272.9,155451113472.0,2.8,"164805,164917,612,1082,165028,165426,485,455,339,338,1756,2021,164886,165169,210,191,219,307,218569,218677,606,928,1215453,1216321,7,87,855,7,2,1602919,62",40,392.7,1500,555.2,308238.0,3.8,"60,46,40,303,46,1340,40,1340,40,46,40,1134,46,91,40,80,40,186,46,186,40,111,46,119,1500,1500,1242,46,46,46,1500,1180","8,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,0","9,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,2,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,1","4.772595406,4.903359890,4.834184170,5.369554996,4.390828609,7.460080147,4.834184170,7.770876408,4.834184170,4.609350204,4.734183788,7.619944096,4.390829086,5.750715733,4.765311718,5.803060055,4.765311718,6.743920803,4.390828609,6.830827713,4.834184170,6.275036812,4.434307098,6.390825272,7.863389492,7.871673107,7.811679363,4.390829086,4.390829086,4.390829086,7.887207985,7.841894150",,,,,,,,"" +1,ip4,192.168.1.187,192.168.1.178,tcp,54164,7070,finished,14,18,1613977595379986,1613977601740964,1613977601737415,0,0,3926,1460,5712,2727,0,0,410271.2,3021750,825943.1,682181918720.0,2.9,"491,529,333,431,328,10474,0,10878,39566,40320,8749,0,9516,516873,517463,1553,27804,26175,2358,56316,902900,957284,0,0,1754245,1753698,16355,71246,2966766,3021750,4006",40,306.3,3966,747.4,558552.1,3.1,"52,52,40,285,46,46,1500,183,40,1326,46,954,80,40,87,46,75,74,46,74,40,3966,46,46,46,79,46,141,40,99,46,116","6,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1","11,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,1,0,0,1,1,1,0,0,1,1,0,1,1,0,0,1,1,1,0,1,1,0,0,1,0","4.461627960,4.714205742,4.680641174,5.380415440,4.190888405,4.260394573,7.726966381,6.171197891,4.680641174,7.726874828,4.303872585,7.788730145,5.640313625,4.630640984,5.698182583,4.200505257,5.465894222,5.550601006,4.303872585,5.570474148,4.680640697,7.956365585,4.157026768,4.303872585,4.190888405,5.661315441,4.260394096,6.538077354,4.630641460,6.000421047,4.260393620,6.241518974",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"5,15,24,30" +1,ip4,192.168.1.128,195.181.174.176,tcp,48260,443,finished,16,16,1663090549161771,1663090558034917,1663090558365585,0,0,1448,1448,5817,3029,0,4,583127.8,8444631,2063627.1,4258557067264.0,1.5,"17715,17815,909,17821,3430,20304,88,41,3772,21850,18137,104,44,888,64188,13442,76786,1527,18418,206643,224790,16,4,18683,18,62779,11,80221,8427892,8444631,313993",52,328.9,1500,495.5,245485.5,3.8,"60,60,52,341,52,1500,52,1132,52,1146,103,52,92,52,199,52,198,52,137,52,145,1500,1500,1273,52,52,92,90,52,137,52,145","8,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,2,0,0","7,4,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,0,1,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,1,0,0,1,1","4.759216309,5.287539482,5.061608315,5.575212479,5.085552692,7.541802406,5.085552692,7.720355034,5.138531685,7.691242218,6.017449379,5.100070000,6.076607704,5.061608315,6.938662529,5.176993370,6.939621925,5.176993370,6.553288460,5.176993370,6.578802109,7.876228809,7.874102592,7.832963467,5.176993370,5.176993370,6.054868221,5.938801765,5.138531685,6.484602451,5.215455055,6.623850822",TLS.AnyDesk,91.252,1,Acceptable,RemoteAccess,6,DPI,"24,30,31" diff --git a/test/results/flow-analyse/avast.pcap.out b/test/results/flow-analyse/avast.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/avast.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/avast_securedns.pcapng.out b/test/results/flow-analyse/avast_securedns.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/avast_securedns.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/bad-dns-traffic.pcap.out b/test/results/flow-analyse/bad-dns-traffic.pcap.out new file mode 100644 index 000000000..774561d8b --- /dev/null +++ b/test/results/flow-analyse/bad-dns-traffic.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.43.91,4.2.2.4,udp,56354,53,finished,19,13,1486012635073060,1486012651592518,1486012651846910,53,0,248,281,1392,1397,0,63089,1073977.6,4101854,689094.3,474850951168.0,4.7,"1006460,1005839,1008074,1008541,4101854,73173,63089,1023925,1006666,2080907,1018755,962463,1014062,1012614,1013561,1040293,1038247,1060225,1011738,991100,1041523,1066575,1017786,982256,1029549,1026193,1027755,1007446,2080430,166358,305851",81,115.2,309,50.6,2560.6,4.9,"119,119,119,119,119,150,81,116,81,81,112,81,114,81,116,81,114,81,114,81,112,81,114,81,116,81,114,81,81,160,276,309","0,13,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1","4.888009548,4.952452183,4.965347767,4.979370117,4.967788696,4.929614544,5.009302616,4.960116863,5.043313503,5.058685303,5.000692368,5.003250122,5.011343002,4.956934929,5.038347244,4.966254234,5.016212940,4.953866959,4.986301899,5.024673939,4.983958244,4.935227871,4.998669147,4.940047741,4.970242500,4.999982357,4.987974167,4.999982834,5.024673939,4.881881237,4.176499844,4.325556755",DNS,5,0,Acceptable,Network,6,DPI,"16,27" diff --git a/test/results/flow-analyse/badpackets.pcap.out b/test/results/flow-analyse/badpackets.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/badpackets.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/bitcoin.pcap.out b/test/results/flow-analyse/bitcoin.pcap.out new file mode 100644 index 000000000..317089271 --- /dev/null +++ b/test/results/flow-analyse/bitcoin.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.142,69.118.54.122,tcp,55328,8333,finished,2,30,1301328089970465,1301328231627793,1301328234475638,44,0,105,1448,149,36033,1,1,9231048.0,141657328,28184708.0,794377756606464.0,1.9,"52705,59165,36072737,6972560,71059721,141657328,28238337,91,32968,6,2,1933055,1,2,1,2,4527,16790,273,4103,461,12118,1136,339,10616,15667,2671,6,3102,4098,7913",72,1182.7,1500,570.2,325114.2,4.8,"157,157,72,113,107,113,96,1500,1500,1500,1500,1031,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.331577301,4.391512871,4.909439087,5.158895969,4.722836494,5.592147827,4.927504063,7.410189629,7.472129822,7.510345459,7.516362667,7.410877228,3.553941965,3.447642088,3.529692411,3.496179581,3.466899872,3.442958832,3.518888474,3.453003168,3.457215071,3.471271992,3.497405529,3.477877617,3.477765560,3.484272242,3.466756582,3.504224300,3.495511293,3.509394407,3.499261856,3.458781719",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.142,74.89.181.229,tcp,55348,8333,finished,3,29,1301328319392147,1301328419814379,1301328420325069,44,0,105,1448,204,35103,1,5,6495327.5,100110670,19444800.0,378100231700480.0,2.0,"59193,103209,9823152,39766075,21773202,100110670,311562,29237037,27,63547,5,128,1815,36336,73,10069,11,2188,6,22497,6,36,5434,1881,16669,98,3307,3200,88,2587,1046",72,1155.3,1500,597.2,356626.8,4.7,"157,157,72,168,107,107,96,107,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.470258713,4.521859646,5.133765697,5.303792000,4.884179592,4.884179592,5.089661121,4.793436050,3.556293964,3.471724272,3.563110828,3.507483721,3.465379477,3.476032257,3.517805815,3.485985279,3.486981392,3.481694460,3.513358593,3.496114254,3.507799149,3.471463203,3.516937494,3.517798901,3.501855373,3.464563370,3.465409040,3.545469761,3.513061523,3.455718517,3.526946545,3.479244232",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.142,66.68.83.22,tcp,55383,8333,finished,9,23,1301328472925065,1301328607711436,1301328616076718,44,0,1448,1448,9102,23653,1,11,8965742.0,134322478,25481870.0,649325705166848.0,2.2,"62318,90510,14042384,39643167,11451980,9238604,22700384,134322478,190526,216456,52,56784,49,15,11,45582876,5468,2949,79677,2390,56420,14875,38291,1106,29429,10233,41403,43,29590,11803,15753",72,1075.6,1500,630.5,397582.1,4.7,"157,157,72,113,113,113,168,113,96,1500,1500,1500,1500,1500,1500,317,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","1,4,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0","0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.314049721,4.516415119,5.159438610,5.621953964,5.629888535,5.436272144,5.232412338,5.492824554,5.047397614,6.620144367,6.645269394,6.641551971,6.624248028,6.652445793,6.650110245,6.173855782,3.519509792,3.418695927,3.522331953,3.473526716,3.458976030,3.461488724,3.521340132,3.498308420,3.439558506,3.445366859,3.488321781,3.470211506,3.484444618,3.500530481,3.521874428,3.458418369",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.142,195.218.16.178,tcp,55400,8333,finished,6,26,1301328699728375,1301328741904043,1301328743741542,44,0,1448,1448,5826,27918,1,34,2780285.0,41186439,7975567.0,63609669419008.0,2.2,"128208,113258,17195103,11450771,3438749,6775,2755264,41186439,319900,321845,34,347450,8283500,31885,35035,52689,19022,36630,49289,41130,63903,2317,29070,27748,37436,32734,49198,24571,33724,41084,34074",72,1106.5,1500,621.5,386298.0,4.7,"157,157,72,107,107,107,107,113,96,1500,1500,1500,1385,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,3,0,0","1,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0","0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.383668423,4.444240093,4.982605934,4.668665886,4.713104248,4.762123585,4.780815601,5.560832977,4.996669769,6.587570190,6.648486137,6.600738525,6.599431038,3.406774759,3.373550653,3.345058441,3.338595867,3.355129480,3.392081499,3.337737560,3.285459280,3.329736471,3.341146708,3.315114975,3.270951748,3.318075180,3.308751106,3.279112339,3.298598528,3.384484768,3.426392555,3.339625120",Mining,42,0,Unsafe,Mining,6,DPI,"22" diff --git a/test/results/flow-analyse/bittorrent.pcap.out b/test/results/flow-analyse/bittorrent.pcap.out new file mode 100644 index 000000000..6a2783568 --- /dev/null +++ b/test/results/flow-analyse/bittorrent.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.3,198.100.146.9,tcp,52915,60163,finished,12,20,1455469976336620,1455469980135637,1455469980194523,17,0,176,1440,904,20536,1,12043,246997.4,919975,228791.8,52345696256.0,4.4,"176832,184047,360999,337345,477634,919975,779765,619481,619422,156869,158080,151021,161242,12043,185627,163549,148908,165750,153542,19235,148725,12813,146117,495893,130312,32142,133808,27318,421482,129521,27423",66,722.4,1492,635.2,403438.9,4.4,"120,132,611,228,66,176,90,86,1492,69,1166,69,609,81,69,389,69,188,609,1492,1492,1492,1492,1492,188,1492,1492,1492,1492,197,1492,1492","5,1,1,1,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,12,0,0","0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,0,1,1,1,1,0,1,1","6.014183998,6.126387119,4.946569443,5.524954319,4.794059277,3.940484047,5.368589878,4.276479721,7.786795139,4.471814156,7.741641998,4.592490196,7.566695690,4.716621876,4.551665783,7.390619278,4.569711208,2.883123636,7.557919025,4.866727352,7.736888409,7.724407196,7.768088341,7.796109200,3.117206812,7.722576141,7.763302326,7.809885979,7.808127880,3.077500105,7.837090492,7.871365547",BitTorrent,37,0,Acceptable,Download,6,DPI,"5" diff --git a/test/results/flow-analyse/bittorrent_utp.pcap.out b/test/results/flow-analyse/bittorrent_utp.pcap.out new file mode 100644 index 000000000..fe0055be8 --- /dev/null +++ b/test/results/flow-analyse/bittorrent_utp.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,82.243.113.43,192.168.1.5,udp,64969,40959,finished,18,14,1456385034843882,1456385041276103,1456385041181191,20,0,1472,477,14142,872,0,959,411920.3,5430275,1202360.0,1445669502976.0,2.4,"4392194,1037924,5430275,116819,116920,100471,240441,139898,4463,110556,115010,959,58628,60551,88152,88141,37493,37665,24480,24365,43679,55465,11575,11793,11863,53659,52777,104119,173318,8337,17540",48,497.2,1500,600.8,360942.7,4.0,"132,132,48,58,238,505,48,48,103,257,48,48,132,1500,54,1500,54,1500,54,1500,54,82,1500,54,1500,54,1500,48,48,1037,1037,1037","3,0,0,3,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0","11,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0","5.803075790,5.866444111,4.474482536,4.231768131,4.447527885,5.267382622,4.667174816,5.259760857,3.872052193,5.423846722,5.259760857,4.750508785,5.806200504,7.847329140,4.531593323,7.839333057,4.619647026,7.837954521,4.582609653,7.820847988,4.619647026,4.109564304,7.831181049,4.693720818,7.634190559,4.693720818,7.787273407,4.892893314,4.750508785,7.761264801,7.781966686,7.702743530",BitTorrent,37,0,Acceptable,Download,6,DPI,"5" diff --git a/test/results/flow-analyse/bjnp.pcap.out b/test/results/flow-analyse/bjnp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/bjnp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/bot.pcap.out b/test/results/flow-analyse/bot.pcap.out new file mode 100644 index 000000000..13d568dd1 --- /dev/null +++ b/test/results/flow-analyse/bot.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,40.77.167.36,89.31.72.220,tcp,64768,80,finished,7,25,1645108240233170,1645108240455112,1645108240455337,0,0,316,1440,316,33120,0,4,14326.1,114244,36180.2,1309009792.0,2.2,"409,106526,4,106682,7609,64,117,61,7,4,842,8,6,4,114244,282,105363,69,4,6,123,5,6,4,232,8,61,8,763,123,465",46,1086.5,1480,631.2,398369.0,4.6,"48,48,46,356,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,1480,46,46,1480","6,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1","4.668832779,4.823934078,4.705051422,5.553816795,4.685968399,6.426275253,7.497505188,7.820932388,7.830261230,7.797591209,7.805040359,7.821845531,7.816341877,7.795114517,7.064133644,4.748529911,4.585274220,7.814039707,7.815784454,7.820162296,7.814042091,7.827082157,7.799123287,7.792435646,7.357606411,5.923022270,7.867007732,5.467782974,4.930641174,4.661573410,4.661573410,5.117170334",HTTP,7,0,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/bt_search.pcap.out b/test/results/flow-analyse/bt_search.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/bt_search.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/cachefly.pcapng.out b/test/results/flow-analyse/cachefly.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/cachefly.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/capwap.pcap.out b/test/results/flow-analyse/capwap.pcap.out new file mode 100644 index 000000000..bc268879d --- /dev/null +++ b/test/results/flow-analyse/capwap.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.10.9,192.168.10.10,udp,5246,12380,finished,17,15,1422329005767224,1422329016659899,1422329016659404,64,0,1457,1457,8579,6468,0,0,702737.3,10093423,2455548.8,6029719371776.0,1.6,"760,9998434,10093423,96372,2625,2,127,182379,1,0,0,94,314122,135275,2746,249,111759,1,157255,1,325739,280124,1,39490,1,39481,264,2133,995,502,500",92,498.2,1485,485.4,235625.0,4.4,"142,142,101,92,133,576,576,346,576,576,165,315,406,123,1485,1485,1485,1437,1021,1437,461,141,109,125,141,125,109,877,141,109,125,861","0,0,5,3,0,0,0,0,0,1,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0","0,0,1,6,1,0,0,0,1,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0","0,0,1,0,1,0,0,0,1,1,1,1,1,0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,1,0,1,0","3.893290997,3.893290997,4.830492973,4.615938187,5.436969757,6.642759323,6.913249969,6.397701263,6.902666569,6.846169949,6.368118286,7.090667248,7.118800163,5.456940651,7.874491215,7.866423607,7.870229721,7.867388248,7.782578468,7.843720436,7.507147312,6.314983845,5.763504982,6.039584160,6.280849457,6.035200119,5.804700375,7.759332657,6.342943668,5.774928570,6.117315292,7.735942364",CAPWAP,247,0,Acceptable,Network,6,DPI,"" +1,ip4,192.168.10.10,192.168.10.9,udp,12380,5247,finished,32,0,1422329017533285,1422329049032294,1422329017533285,80,0,283,0,4909,0,0,499857,1016097.1,3999845,875106.2,765810835456.0,4.6,"499983,500014,499872,2999961,499995,500031,499980,499982,499890,499986,499975,499998,499999,999998,999993,500014,2999827,1000005,999991,500032,1999814,500016,499990,999989,500017,1499983,499857,1999983,999996,999993,3999845",108,181.4,311,58.4,3415.7,4.9,"108,195,282,137,224,137,108,195,311,137,108,108,137,282,137,195,195,282,137,195,108,253,166,195,195,195,253,137,108,195,224,166","0,0,6,7,2,9,2,5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.322847843,4.775271893,5.243394375,4.682712078,4.886671543,4.761803627,4.409015179,4.971165657,5.125069618,4.609245777,4.380640507,4.355712414,4.823248386,4.982461452,4.627756596,4.929459095,4.873090267,5.032708645,4.636066914,4.873720646,4.399159431,4.936395168,4.818520069,5.070401192,4.945625305,4.792158127,4.963052750,4.698768139,4.306179047,4.887980938,4.937054634,4.651456833",CAPWAP,247,0,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/cassandra.pcap.out b/test/results/flow-analyse/cassandra.pcap.out new file mode 100644 index 000000000..197071446 --- /dev/null +++ b/test/results/flow-analyse/cassandra.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,127.0.0.1,127.0.0.1,tcp,46536,9042,finished,17,15,1450889498032587,1450889525230546,1450889525227132,0,0,321,25148,938,59385,0,11,1754596.9,26002233,6369210.5,40566842720256.0,1.3,"11,19,249,264,5672,5686,233,620,1533,1593,1631,2318,1136,3494,3539,2825,4760,1891,1781,667,2471,2015,1427,3423,25963183,26002233,1164047,1204436,1335,2304,5708",52,1937.6,25200,5902.9,34844348.0,2.0,"60,60,52,61,52,113,52,83,61,110,61,153,168,179,11131,52,105,543,373,366,243,52,21802,25200,52,110,52,126,133,125,130,143","9,2,3,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,2,2,1,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,0","4.356947899,4.780833244,4.606328011,4.416564465,4.644789696,5.177784443,4.606328011,4.859959602,4.473884106,5.159387589,4.505033970,5.351017952,4.924544334,5.412157059,3.751090527,4.637282372,5.276634216,4.988539696,5.158010483,4.843147755,4.920887947,4.661226749,5.202728748,4.642983913,4.675744057,5.390335560,4.661226749,5.410961628,4.876290798,5.477229118,5.139830112,5.335116386",Cassandra,264,0,Acceptable,Database,6,DPI,"" +1,ip4,127.0.0.1,127.0.0.1,tcp,46537,9042,finished,18,14,1450889498074112,1450889535475611,1450889531765769,0,0,225,11446,794,12001,0,13,2293327.5,25937061,6507358.0,42345709961216.0,2.0,"13,21,671,688,5291,5315,288,749,1660,4537,3374,25897068,25937061,6031,46634,674,28,18,1162,1117,2315,1239,3343,41722,7689860,7730331,832,186,642,40128,3670158",52,452.3,11498,1984.7,3939065.0,1.7,"60,60,52,61,52,113,52,83,61,126,11498,52,187,52,99,126,52,125,52,133,130,52,143,275,52,99,80,52,87,80,52,277","10,2,4,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0","4.423614979,4.826748371,4.697768211,4.527300358,4.697767735,5.244243145,4.697768211,4.935437202,4.551833153,5.263758659,3.921820164,4.805645943,5.681179523,4.659306049,5.163017273,5.385207176,4.659306049,5.483267784,4.659306049,4.881966591,5.109060287,4.805645943,5.340395927,5.132059097,4.728722572,5.154477119,4.869704247,4.637282848,4.956277847,4.844704151,4.584303856,5.709095955",Cassandra,264,0,Acceptable,Database,6,DPI,"" diff --git a/test/results/flow-analyse/check_mk_new.pcap.out b/test/results/flow-analyse/check_mk_new.pcap.out new file mode 100644 index 000000000..2f63b633b --- /dev/null +++ b/test/results/flow-analyse/check_mk_new.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.100.22,192.168.100.50,tcp,58998,6556,finished,16,16,1512031663734797,1512031663748376,1512031663748413,0,0,0,502,0,1376,0,27,877.3,2128,812.2,659616.6,4.3,"27,188,2128,2061,102,68,67,104,1865,1834,72,90,1254,1242,147,158,91,94,1228,1205,176,172,1964,1988,1810,1805,1867,1907,699,663,119",52,95.5,554,116.8,13650.4,4.4,"60,60,52,67,52,317,52,62,52,53,52,61,52,554,52,61,52,70,52,463,52,68,52,68,52,69,52,65,52,117,52,61","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.777318954,5.266787052,5.116507530,5.382888317,4.972088814,5.429334641,5.063528538,5.369284153,5.025067329,5.119153976,5.025067329,5.200747967,5.025067329,3.834031105,5.063528538,5.200747967,4.972088814,5.439786434,5.116507530,4.356705666,5.078045845,5.383426666,5.078045845,5.414306641,5.078045845,5.456064701,5.116507530,5.341373920,5.010550022,5.388670444,5.116507530,5.245910168",CHECKMK,138,0,Acceptable,DataTransfer,6,DPI,"" diff --git a/test/results/flow-analyse/chrome.pcap.out b/test/results/flow-analyse/chrome.pcap.out new file mode 100644 index 000000000..08075df97 --- /dev/null +++ b/test/results/flow-analyse/chrome.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.178,146.48.58.18,tcp,64393,443,finished,14,18,1620902507870345,1620902508741011,1620902508774460,0,0,750,1440,1998,15691,0,3,57251.0,629043,154280.9,23802585088.0,2.4,"28765,28872,339,29774,6968,212,36564,499,471,13592,322,42282,28,185,11,28620,3,627868,1163,629043,92,171,257,86,255,319,1121,131143,160052,5604,100",52,605.4,1492,632.9,400560.7,4.2,"64,60,52,569,52,1492,1492,52,758,52,132,802,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1471,52,52,703,52,1492,1492","10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,0","0,1,0,0,1,1,1,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,1,1","4.353732109,5.187538624,4.899450302,4.408748150,5.023146629,7.839999199,7.885083199,4.976373196,7.695921421,5.053296566,6.239557743,7.672363281,5.100070000,5.100070477,7.407363892,7.424428940,5.014835358,5.053296566,7.878479958,7.865577221,5.014835358,7.868523121,7.861433029,4.976373672,7.872521877,7.876061916,5.014835358,4.969671726,7.674196243,5.138531685,7.867238522,7.866298676",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,64394,443,info,15,17,1620902508740717,1620902509329896,1620902509327995,0,0,717,1440,2136,15926,0,111,37950.2,468764,110334.2,12173627392.0,2.3,"28488,28560,612,28383,2758,30530,2041,28373,116,26422,441785,468764,1748,1393,30158,119,111,182,125,120,237,134,128,266,240,251,495,806,26027,25276,1809",52,617.1,1492,638.0,407026.8,4.2,"64,60,52,687,52,312,52,132,52,355,52,769,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,52,1015,52,756","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,0,1,0,0","4.416232109,5.300120831,4.923394680,7.069493294,5.100070000,6.936732292,5.014835358,6.319468975,5.176993370,7.399957657,5.053297043,7.734244347,5.100070477,7.871783733,7.865388870,5.000318050,7.853028297,7.882699490,5.000318050,7.860120296,7.865950584,4.923395157,7.858026981,7.861842632,4.961856365,7.886532307,7.875236988,5.038779736,4.863714218,7.794827461,4.961856365,7.699286461",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,64411,443,info,16,16,1620902509276446,1620902509372872,1620902509370350,0,0,754,1440,2057,13178,0,0,6139.7,34983,11118.4,123618440.0,3.1,"26769,26817,1326,28249,6762,1293,14,34983,12,374,291,27566,2,0,26902,1379,1360,1118,15,1124,130,231,245,356,130,118,13,252,11,746,1742",52,528.7,1492,598.4,358096.1,4.1,"64,60,52,569,52,1492,1492,758,52,52,132,758,52,355,52,52,355,52,1492,1492,52,52,1492,1492,52,1492,1492,398,52,52,52,806","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,1,0,0,0,0","4.372218132,5.300120354,4.976373672,4.428920269,5.061608315,7.850123882,7.875483036,7.741683960,5.014835358,4.983880520,6.165837288,7.733215809,5.025067329,7.436167240,5.061608315,5.014835358,7.285673618,5.014835358,7.868979931,7.867131233,4.961856842,4.892748356,7.867380619,7.881838322,5.014835358,7.868318081,7.878070354,7.538454533,4.945418835,4.976373672,4.892748356,7.771022320",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,64409,443,info,13,19,1620902509273191,1620902509394114,1620902509395716,0,0,706,1440,1421,19283,0,114,7853.2,30653,12089.6,146159520.0,3.4,"29278,29334,864,29011,2497,30653,580,334,26242,1058,2318,28687,1760,236,1984,377,499,883,126,124,243,136,114,251,129,941,26868,117,26169,1503,132",52,699.6,1492,675.5,456346.8,4.2,"64,60,52,687,52,312,52,132,758,52,52,355,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,1492,52,1492,1492","10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1","4.459277153,5.300120831,5.053297043,7.112785339,5.138531685,6.956218719,5.014835358,6.314823151,7.726174831,5.100070477,5.138531685,7.359657288,5.053297043,7.866115093,7.869250298,5.053296566,7.869906902,7.896156788,5.091758251,7.882206440,7.875400543,5.091758251,7.869582176,7.850453377,5.091758251,7.881830215,4.931210041,7.872938633,7.859384537,5.014835358,7.875035286,7.879170895",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,64410,443,info,14,18,1620902509274034,1620902509374250,1620902509399481,0,0,706,1440,1303,17152,0,3,7279.5,38324,12250.6,150076944.0,3.2,"28686,28726,1295,29880,9620,122,15,38324,11,451,233,27995,116,117,14,27547,3,1242,1253,2514,126,125,241,123,122,245,249,230,376,396,25266",52,629.3,1492,651.9,424923.8,4.2,"64,60,52,569,52,1492,1492,758,52,52,132,758,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,52,1492","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1,0,1","4.459277153,5.227644920,5.053297043,4.381318092,5.061608315,7.847862244,7.882750034,7.710128307,4.976373672,5.014834881,6.203536034,7.715669155,5.047091484,5.061608315,7.379821777,7.371205807,5.038779736,5.014835358,7.886833668,7.871653080,5.053297043,7.876582146,7.890680313,5.053297043,7.866287708,7.867833614,5.053297043,7.851022720,4.931210041,7.851374149,5.053297043,7.874514103",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,64408,443,info,15,17,1620902509272814,1620902509401477,1620902509396846,0,0,709,1440,2130,15696,0,1,8151.5,32013,12799.0,163814464.0,3.3,"29778,29819,1050,30027,2482,31460,377,194,32013,8,1,31458,983,109,1078,130,153,122,98,131,118,249,502,124,630,126,1459,27278,100,26052,4586",52,609.7,1492,634.7,402848.7,4.2,"64,60,52,687,52,312,52,132,758,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,1492,52,1492,1492,52,1492,52,1492,785,52,761","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0","4.428027153,5.266787052,5.000318050,7.051597595,5.100070000,6.943971634,5.000318050,6.181417465,7.706695080,5.023147106,7.387262821,5.061608315,4.923395157,7.884211063,7.888196468,4.961856365,7.848547459,4.916692734,7.861028194,5.038779736,7.884697914,7.888879299,5.038779736,7.874349594,7.889142036,5.000318050,7.871818066,4.916692734,7.869739056,7.732701302,5.038779736,7.671216488",,,,,,,,"" diff --git a/test/results/flow-analyse/citrix.pcap.out b/test/results/flow-analyse/citrix.pcap.out new file mode 100644 index 000000000..3e3cf8a69 --- /dev/null +++ b/test/results/flow-analyse/citrix.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,21.0.0.8,22.0.0.7,tcp,45225,1494,finished,27,5,0,72692,72684,0,0,343,84,1670,114,0,5,4689.5,56256,12448.2,154958800.0,2.6,"2099,2106,6093,6094,4120,7122,1007,6,6,6,6,1006,1007,7,5,13,6,1007,6,5,2009,7,5,6,5,1007,5,56256,46119,4116,4114",50,100.3,387,63.6,4041.6,4.8,"50,50,50,50,50,62,198,107,87,88,91,387,83,211,95,133,103,97,95,103,98,83,83,83,100,103,97,95,128,50,50,50","5,18,1,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0","4.094119072,4.506643772,4.039021015,4.568367004,4.528367043,4.245353222,5.186970711,4.576177120,4.820792675,4.800546169,4.260721207,4.770667076,4.545018196,3.338554859,4.081573486,4.165511131,4.056994915,4.437763214,4.102537632,4.181773186,4.332800388,4.481823921,4.388646603,4.394422054,4.212355614,4.095830441,4.246722221,4.279045105,4.048637390,4.188758850,4.256690979,4.322698593",Citrix,132,1,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/cloudflare-warp.pcap.out b/test/results/flow-analyse/cloudflare-warp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/cloudflare-warp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/coap_mqtt.pcap.out b/test/results/flow-analyse/coap_mqtt.pcap.out new file mode 100644 index 000000000..8a9d09899 --- /dev/null +++ b/test/results/flow-analyse/coap_mqtt.pcap.out @@ -0,0 +1,9 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.56.1,192.168.56.101,tcp,53528,17501,finished,15,17,1455907267002212,1455907271697274,1455907271735420,0,0,60,86,286,367,0,72,304137.8,4438876,1061040.8,1125807423488.0,1.6,"72,248,4635,4859,1038,9311,9054,2795,3496,481,2352,21820,23421,198700,4438876,4242440,38504,37941,469,2294,62501,64983,1232,38696,37823,527,2778,66747,69695,1087,39395",40,62.3,126,30.1,907.0,4.9,"52,52,46,59,40,44,100,44,55,45,124,46,100,44,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40","11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1","4.523146629,4.808010101,4.370963573,5.094007969,4.634184361,4.533184528,5.525953770,4.586559772,4.953907967,4.699598312,5.658671856,4.370963097,5.525953770,4.632013798,4.267595291,5.562683582,4.539122581,4.634183884,5.525953293,4.684184074,4.677468300,5.578556538,4.370963573,4.582601070,4.634183884,5.473502159,4.634183884,4.632013321,5.594429493,4.294663429,4.555532932,4.684184074",MQTT,222,0,Acceptable,RPC,6,DPI,"5" +1,ip4,192.168.56.1,192.168.56.101,tcp,53522,17501,finished,14,18,1455907243976582,1455907271915318,1455907271915135,0,0,60,86,258,448,1,130,1802493.1,27505948,6724537.0,45219399598080.0,1.2,"709,199149,27505948,27310358,42735,39960,130,529,60417,61165,1588,38934,37729,553,2947,66282,69491,1247,39646,39140,1019,2437,62744,65305,1790,40465,38726,170,6175,66713,73088",40,63.4,126,32.8,1072.6,4.8,"46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46","10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0","4.462504387,4.630411148,4.327484608,5.610302448,4.685968399,4.634184361,5.482468128,4.634184361,4.722923279,5.610302448,4.370963097,4.729446411,4.534184456,5.565953732,4.634184361,4.768377304,5.610302448,4.370963097,4.729446888,4.634184361,5.525953293,4.634184361,4.722922802,5.626175404,4.370963573,4.729446411,4.634184361,5.522468567,4.684184551,4.768377781,5.610302448,4.414441586",MQTT,222,0,Acceptable,RPC,6,DPI,"5" +1,ip4,192.168.56.1,192.168.56.101,tcp,53523,17501,finished,14,18,1455907258332152,1455907271915337,1455907271915223,0,0,60,86,258,448,1,237,876330.8,13150790,3197714.5,10225378656256.0,1.4,"404,199934,13150790,12952309,38608,37989,477,2148,62571,64954,1016,38807,38093,501,2594,66803,69615,1179,39541,39110,979,2406,62938,65497,773,40198,39480,237,5592,67477,73236",40,63.4,126,32.8,1072.6,4.8,"46,42,46,126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46","10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0","4.419025898,4.733946800,4.327484608,5.558483124,4.685968399,4.584184170,5.505953312,4.634183884,4.677468777,5.588438511,4.370963573,4.685968399,4.634183884,5.505952835,4.684184074,4.768377304,5.572565556,4.414441586,4.729446411,4.684184074,5.525953770,4.684184074,4.722923279,5.559791088,4.414441586,4.685968399,4.684184074,5.545953751,4.684184074,4.768377304,5.558483124,4.370963097",MQTT,222,0,Acceptable,RPC,6,DPI,"5" +1,ip4,192.168.56.101,192.168.56.1,tcp,17501,53524,finished,18,14,1455907271483430,1455907271957948,1455907271958031,0,0,86,60,446,320,1,156,30616.7,73508,26730.8,714536192.0,4.3,"1998,38598,37069,480,2447,62266,64859,841,38683,38127,461,2290,67273,69748,665,39428,39498,931,2251,63248,65640,1623,40275,38699,156,6124,67250,73508,2463,42357,39863",40,65.0,126,33.2,1105.2,4.8,"126,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100,40,44,126,46,46,40,100","13,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1","5.604311466,4.599011421,4.615311623,5.545953751,4.615311623,4.705766201,5.566574574,4.311074257,4.626079559,4.615311623,5.484536648,4.511769295,4.624093056,5.568364620,4.303872585,4.627490997,4.684184074,5.518404961,4.615311623,4.649170399,5.582447052,4.370963097,4.669558048,4.634183884,5.525953770,4.684184074,4.768377304,5.588438511,4.370963097,4.555533409,4.684184074,5.520660400",MQTT,222,0,Acceptable,RPC,6,DPI,"5" +1,ip4,192.168.56.1,192.168.56.101,udp,50311,17500,finished,16,16,1455907271481938,1455907273126173,1455907273127913,94,0,101,24,1538,306,0,1824,106135.8,117757,19323.7,373406144.0,4.9,"1824,103882,104036,108951,108450,105413,105949,113800,113717,106838,107131,109410,109028,108906,115953,117757,112312,110612,110806,109887,107946,108022,108009,113116,114023,110812,110429,107359,111248,109470,105114",45,85.6,129,38.6,1486.7,4.8,"124,47,123,46,122,45,129,52,125,48,122,45,124,47,124,47,126,49,123,46,124,47,123,46,123,46,123,46,129,52,122,45","0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.543972015,5.027887821,5.510700703,5.088779926,5.530181885,5.047409534,5.667361259,5.185924053,5.578914642,5.069235325,5.512969971,5.047409534,5.559295654,5.027887344,5.530185699,4.958842754,5.597733021,5.084096432,5.503751278,5.045301914,5.504820824,5.027887821,5.497614384,5.045301437,5.497614384,5.088779926,5.490664959,5.088779926,5.682090759,5.315825462,5.555962563,5.047409534",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.56.1,192.168.56.101,udp,50318,17500,finished,16,16,1455907272856457,1455907274582746,1455907274587363,95,0,100,23,1552,320,0,2441,111522.4,127663,20842.5,434411712.0,4.9,"2441,112948,114313,107773,108080,108005,107995,109511,111427,119112,118338,116979,117004,127663,125063,114041,112993,120228,120931,111475,111310,105608,107791,113820,112048,122618,125498,112978,109966,123530,125708",46,86.5,128,38.5,1485.6,4.9,"123,46,127,50,126,49,128,51,123,46,125,48,126,49,125,48,123,46,124,47,128,51,126,49,123,46,123,46,123,46,127,50","0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.503751755,5.045301437,5.557007790,5.123855114,5.607614994,5.043280125,5.664313793,5.241052628,5.514686108,4.950420856,5.534836769,5.027568340,5.639360428,5.084096432,5.610115051,5.084961891,5.505375385,5.088779926,5.607682705,5.070440769,5.642791271,5.133018017,5.545912743,4.930835724,5.488303185,5.088779926,5.491476536,5.045301437,5.523996830,5.088779926,5.658226490,5.203855038",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.56.1,192.168.56.101,udp,50312,17500,finished,16,16,1455907274088318,1455907275896569,1455907275902611,95,0,101,24,1564,332,0,1319,116856.3,131359,22365.2,500202464.0,4.9,"1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537",46,87.2,129,38.5,1485.3,4.9,"125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49","0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.56.1,192.168.56.101,udp,50319,17500,finished,16,16,1455907275690777,1455907277661201,1455907277663998,94,0,101,24,1561,329,0,5091,127214.4,172321,26264.3,689812928.0,4.9,"5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564",45,87.1,129,38.6,1487.1,4.9,"127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51","0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" diff --git a/test/results/flow-analyse/collectd.pcap.out b/test/results/flow-analyse/collectd.pcap.out new file mode 100644 index 000000000..6d576cb72 --- /dev/null +++ b/test/results/flow-analyse/collectd.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,127.0.0.1,127.0.0.1,udp,35988,25826,finished,32,0,1655315313991539,1655315583990823,1655315313991539,1311,0,1346,0,42548,0,0,417,8709655.0,10000474,3352121.2,11236716576768.0,4.8,"9999043,10000474,9999533,9999908,9999948,529,9999990,10000110,9999700,10000036,9999885,10000020,417,9999778,9999931,10000097,9999852,9999817,10000085,761,9999588,9999630,10000163,10000066,9999926,9999713,640,10000064,9999244,10000446,9999890",1339,1357.6,1374,10.8,116.6,5.0,"1371,1351,1357,1347,1351,1341,1355,1374,1365,1371,1372,1366,1372,1354,1361,1362,1339,1357,1354,1339,1351,1350,1353,1356,1370,1347,1367,1369,1374,1341,1345,1362","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,26,4,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.538798809,4.626172066,4.590242386,4.677317142,4.469442844,4.469480515,4.436117172,4.566956997,4.640308857,4.622093678,4.647140026,4.535036087,4.461278439,4.484570026,4.575104237,4.554965019,4.643092632,4.568192482,4.547473907,4.509483337,4.405175686,4.572257042,4.526435375,4.590792656,4.609064102,4.615740299,4.564195156,4.457546711,4.629378319,4.606139183,4.648756027,4.580255032",collectd,298,0,Acceptable,System,6,DPI,"" diff --git a/test/results/flow-analyse/corba.pcap.out b/test/results/flow-analyse/corba.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/corba.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/cpha.pcap.out b/test/results/flow-analyse/cpha.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/cpha.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/crynet.pcap.out b/test/results/flow-analyse/crynet.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/crynet.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dazn.pcapng.out b/test/results/flow-analyse/dazn.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dazn.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dcerpc.pcap.out b/test/results/flow-analyse/dcerpc.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dcerpc.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dhcp-fuzz.pcapng.out b/test/results/flow-analyse/dhcp-fuzz.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dhcp-fuzz.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/diameter.pcap.out b/test/results/flow-analyse/diameter.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/diameter.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/discord.pcap.out b/test/results/flow-analyse/discord.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/discord.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dlt_ppp.pcap.out b/test/results/flow-analyse/dlt_ppp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dlt_ppp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dnp3.pcap.out b/test/results/flow-analyse/dnp3.pcap.out new file mode 100644 index 000000000..8989b172e --- /dev/null +++ b/test/results/flow-analyse/dnp3.pcap.out @@ -0,0 +1,8 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.0.8,10.0.0.3,tcp,2789,20000,finished,20,12,1097501938503079,1097502061905496,1097501941569134,0,0,25,17,168,102,0,0,4079628.2,120145678,21203112.0,449571977166848.0,0.4,"0,0,201,0,0,411,0,0,1564,0,0,151649,0,0,2891882,0,0,795,0,0,3043080,0,0,21210,0,0,212002,0,0,120145678,0",46,52.2,65,6.8,46.8,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64","20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0","4.259637833,4.259637833,4.259637833,4.683206558,4.683206558,4.683206558,4.102729797,4.102729797,4.102729797,4.867636204,4.867636204,4.867636204,4.146208286,4.146208286,4.146208286,4.803641796,4.803641796,4.803641796,5.091148376,5.091148376,5.091148376,4.146208286,4.146208286,4.146208286,4.750165939,4.750165939,4.750165939,4.146208286,4.146208286,4.146208286,4.932524681,4.932524681",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" +1,ip4,10.0.0.8,10.0.0.3,tcp,2803,20000,finished,18,14,1097502623045756,1097502648521527,1097502648521681,0,0,24,17,144,51,0,0,1643603.1,17487311,4346023.5,18887919796224.0,2.2,"0,0,174,0,0,378,0,0,1487,0,0,181225,0,0,17203302,0,0,17487311,0,0,4814054,0,0,4907006,0,0,3276812,0,0,3079947,0",46,50.8,64,7.1,50.0,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1","4.259637833,4.259637833,4.259637833,4.599873543,4.599873543,4.599873543,4.032184124,4.032184124,4.032184124,4.588809967,4.588809967,4.588809967,4.075662136,4.075662136,4.075662136,4.807524681,4.807524681,4.807524681,4.075662136,4.075662136,4.075662136,4.889479637,4.889479637,4.889479637,4.102729797,4.102729797,4.102729797,4.146208286,4.146208286,4.146208286,4.146208286,4.146208286",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" +1,ip4,10.0.0.8,10.0.0.3,tcp,2828,20000,finished,20,12,1097504102255746,1097504186592304,1097504103409070,0,0,25,17,168,102,0,0,2757738.0,82989444,14650606.0,214640269197312.0,0.2,"0,0,167,0,0,372,0,0,1487,0,0,144969,0,0,996855,0,0,774,0,0,1141407,0,0,10263,0,0,204144,0,0,82989444,0",46,52.2,65,6.8,46.8,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,65,65,65,46,46,46,57,57,57,46,46,46,64,64","20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0","4.233697891,4.233697891,4.233697891,4.698933601,4.698933601,4.698933601,4.075662136,4.075662136,4.075662136,4.854392529,4.854392529,4.854392529,4.119140625,4.119140625,4.119140625,4.817366600,4.817366600,4.817366600,5.114375591,5.114375591,5.114375591,4.162618637,4.162618637,4.162618637,4.765161514,4.765161514,4.765161514,4.075662136,4.075662136,4.075662136,4.901274681,4.901274681",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" +1,ip4,10.0.0.9,10.0.0.3,tcp,1080,20000,finished,18,14,1097505644006837,1097505754575976,1097505754654239,0,0,18,23,99,205,0,0,7136017.5,75076356,19839044.0,393587648888832.0,1.9,"0,0,172,0,0,422,0,0,75028631,0,0,75076356,0,0,533,0,0,48219,0,0,553,0,0,153041,0,0,35338826,0,0,35569788,0",46,52.7,63,5.9,34.5,5.0,"48,48,48,48,48,48,46,46,46,55,55,55,57,57,57,57,57,57,46,46,46,63,63,63,46,46,46,58,58,58,57,57","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1","4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.162618637,4.162618637,4.162618637,4.907654285,4.907654285,4.907654285,4.659897804,4.659897804,4.659897804,4.765161991,4.765161991,4.765161991,4.162618637,4.162618637,4.162618637,4.927980900,4.927980900,4.927980900,4.162619114,4.162619114,4.162619114,4.909368515,4.909368515,4.909368515,4.673142433,4.673142433",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" +1,ip4,10.0.0.8,10.0.0.3,tcp,1086,20000,finished,20,12,1097507785883614,1097507788771853,1097507788624309,0,0,25,17,167,102,0,0,181578.5,2639445,625878.8,391724269568.0,1.5,"0,0,139,0,0,330,0,0,1310,0,0,168563,0,0,2471106,0,0,796,0,0,2639445,0,0,99801,0,0,232167,0,0,15277,0",46,52.2,65,6.8,46.1,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,55,55,55,64,64,64,46,46,46,57,57,57,46,46,46,65,65","20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0","4.202244282,4.202244282,4.202244282,4.683207035,4.683207035,4.683207035,4.119140148,4.119140148,4.119140148,4.854392529,4.854392529,4.854392529,4.162619114,4.162619114,4.162619114,4.767277718,4.767277718,4.767277718,4.850569725,4.850569725,4.850569725,4.119140625,4.119140625,4.119140625,4.806060791,4.806060791,4.806060791,4.206097126,4.206097126,4.206097126,5.071992874,5.071992874",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" +1,ip4,10.0.0.8,10.0.0.3,tcp,1184,20000,finished,20,12,1097512255234470,1097512267645965,1097512267537969,0,0,24,17,144,153,0,0,797257.9,9487840,2344670.8,5497481068544.0,1.9,"0,0,157,0,0,360,0,0,1427,0,0,192830,0,0,9226978,0,0,9487840,0,0,187102,0,0,2636386,0,0,2814075,0,0,167839,0",46,52.8,64,7.0,48.7,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,57,57,57,46,46,46,64,64,64,57,57,57,46,46","20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0","4.217971325,4.217971325,4.217971325,4.641540051,4.641540051,4.641540051,4.032184124,4.032184124,4.032184124,4.784216881,4.784216881,4.784216881,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.906424999,4.906424999,4.906424999,4.075662136,4.075662136,4.075662136,4.924864769,4.924864769,4.924864769,4.858093739,4.858093739,4.858093739,4.075662136,4.075662136",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" +1,ip4,10.0.0.9,10.0.0.3,tcp,1084,20000,finished,18,14,1097513177295531,1097513185001370,1097513185001533,0,0,24,17,144,51,0,0,497156.2,3963212,1082464.4,1171729022976.0,2.5,"0,0,199,0,0,410,0,0,1542,0,0,125290,0,0,3672101,0,0,3963212,0,0,1744251,0,0,1702440,0,0,2163787,0,0,2038609,0",46,50.8,64,7.1,50.0,5.0,"48,48,48,48,48,48,46,46,46,57,57,57,46,46,46,64,64,64,46,46,46,64,64,64,46,46,46,46,46,46,46,46","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1","4.202244282,4.202244282,4.202244282,4.641540051,4.641540051,4.641540051,4.075662136,4.075662136,4.075662136,4.893180847,4.893180847,4.893180847,4.119140148,4.119140148,4.119140148,4.926108360,4.926108360,4.926108360,4.162619114,4.162619114,4.162619114,4.957358360,4.957358360,4.957358360,4.075662613,4.075662613,4.075662613,4.119140625,4.119140625,4.119140625,4.162619114,4.162619114",DNP3,244,0,Acceptable,IoT-Scada,6,DPI,"" diff --git a/test/results/flow-analyse/dns-invalid-chars.pcap.out b/test/results/flow-analyse/dns-invalid-chars.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dns-invalid-chars.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dns-tunnel-iodine.pcap.out b/test/results/flow-analyse/dns-tunnel-iodine.pcap.out new file mode 100644 index 000000000..58e0aaf88 --- /dev/null +++ b/test/results/flow-analyse/dns-tunnel-iodine.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.2.30,10.0.2.20,udp,44639,53,finished,19,13,1282356640051082,1282356645071860,1282356640060900,40,0,281,1434,2968,3580,0,93,162277.3,1002966,368318.9,135658823680.0,2.4,"93,897,1083,5795,5715,411,342,245,227,219,217,216,215,213,212,209,230,282,586,445,177,314,494,447,227,245,1001664,1002291,1001465,1002966,1002454",68,232.6,1462,286.6,82112.7,4.4,"68,89,89,130,74,123,109,152,118,170,124,182,104,142,120,174,74,82,74,81,74,79,309,1078,309,1462,309,309,309,309,309,309","0,6,4,1,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,4,1,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,0,0,0","4.192683220,4.481659889,4.827383041,4.928776741,4.048753262,5.135797501,4.621113777,4.797404289,4.689741611,4.823459148,5.501323700,5.868503571,5.093356609,5.373332500,5.574461937,5.911468983,4.085981369,4.376136780,4.058953762,4.299961090,4.038551807,4.297753811,4.143254280,7.508830547,3.346999884,7.575299263,4.126974583,4.140811443,4.147284031,4.120341778,4.126974583,4.140811920",DNS,5,0,Acceptable,Network,6,DPI,"23" diff --git a/test/results/flow-analyse/dns_ambiguous_names.pcap.out b/test/results/flow-analyse/dns_ambiguous_names.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dns_ambiguous_names.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dns_doh.pcap.out b/test/results/flow-analyse/dns_doh.pcap.out new file mode 100644 index 000000000..63ca14564 --- /dev/null +++ b/test/results/flow-analyse/dns_doh.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,172.20.10.4,104.16.248.249,tcp,49877,443,finished,18,14,1571089200789290,1571089201723583,1571089201764372,0,0,517,1300,1424,4202,0,0,61592.7,535341,130172.4,16944855040.0,3.0,"87116,87208,1808,92218,5,2,90426,511,1485,930,26074,858,110,91,102733,7825,6,1,83431,1,0,17900,147557,535341,708,88830,66,525420,6,10702,6",40,216.9,1340,327.3,107137.2,3.9,"64,52,40,557,40,1340,1340,40,40,489,40,104,210,283,119,40,577,390,71,40,40,40,71,40,102,133,102,143,40,40,244,71","9,2,3,1,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1","4.441382408,4.801308632,4.503056526,5.369568825,4.730641365,7.827131748,7.862888336,4.630641460,4.453056335,7.522860050,4.630641460,5.744826317,6.939166546,7.200489998,6.276752949,4.730641365,7.589616776,7.428659439,5.699038506,4.730641365,4.730641365,4.680641174,5.688406467,4.780641556,6.111449242,6.391828060,6.039783001,6.407779217,4.780641556,4.730641365,7.064774990,5.558194637",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/dns_dot.pcap.out b/test/results/flow-analyse/dns_dot.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dns_dot.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dns_exfiltration.pcap.out b/test/results/flow-analyse/dns_exfiltration.pcap.out new file mode 100644 index 000000000..a0382f7b2 --- /dev/null +++ b/test/results/flow-analyse/dns_exfiltration.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.220.56,192.168.203.167,udp,56373,53,finished,16,16,1580978146717893,1580978160880828,1580978160882236,59,0,173,344,1158,2183,0,3976,913783.2,1035526,281798.4,79410348032.0,4.8,"170631,1035526,866477,1015270,1015599,4647,3976,1009971,1010376,1009201,1009121,1008475,1008435,1009499,1009380,1008042,1008120,1008655,1008570,1009773,1009797,1009990,1010112,1008960,1008939,1008465,1008353,1007666,1007763,1008795,1008694",87,132.4,372,59.1,3497.9,4.9,"201,372,152,272,122,179,87,134,87,134,87,142,87,134,87,144,87,144,87,142,87,134,87,144,87,144,87,144,87,134,87,134","0,13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,13,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.667089462,4.689397812,4.760825157,4.825231075,4.676949501,4.874624252,4.717905998,4.933177948,4.565960884,4.809306622,4.614233017,4.906701565,4.640079498,4.841056824,4.601366520,4.896399975,4.614233017,4.837578773,4.621761799,4.830716610,4.594102859,4.805916786,4.652946472,4.869677067,4.607450485,4.854219437,4.621762276,4.930173397,4.677563667,4.830170631,4.546681404,4.850760937",DNS,5,0,Acceptable,Network,6,DPI,"16,27" diff --git a/test/results/flow-analyse/dns_fragmented.pcap.out b/test/results/flow-analyse/dns_fragmented.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dns_fragmented.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dns_invert_query.pcapng.out b/test/results/flow-analyse/dns_invert_query.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dns_invert_query.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dns_long_domainname.pcap.out b/test/results/flow-analyse/dns_long_domainname.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dns_long_domainname.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dnscrypt-v1-and-resolver-pings.pcap.out b/test/results/flow-analyse/dnscrypt-v1-and-resolver-pings.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dnscrypt-v1-and-resolver-pings.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dnscrypt-v2-doh.pcap.out b/test/results/flow-analyse/dnscrypt-v2-doh.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dnscrypt-v2-doh.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dnscrypt-v2.pcap.out b/test/results/flow-analyse/dnscrypt-v2.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dnscrypt-v2.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dnscrypt_skype_false_positive.pcapng.out b/test/results/flow-analyse/dnscrypt_skype_false_positive.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dnscrypt_skype_false_positive.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/doq.pcapng.out b/test/results/flow-analyse/doq.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/doq.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/doq_adguard.pcapng.out b/test/results/flow-analyse/doq_adguard.pcapng.out new file mode 100644 index 000000000..1c0e790cb --- /dev/null +++ b/test/results/flow-analyse/doq_adguard.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.169,94.140.14.14,udp,41070,784,finished,16,16,1608278425043144,1608278427520204,1608278427556259,31,0,1232,1252,3388,9887,0,12,160973.4,1885270,453072.4,205274628096.0,2.4,"36477,41681,43201,66,19,41861,6662,38406,6603,58707,16,206479,12,419140,55,727,29151,153173,67,8229,73,10468,39556,83,37026,44980,51489,1830423,63,12,1885270",59,442.8,1280,522.9,273444.5,4.1,"1260,168,1260,1280,1280,1270,83,84,184,81,1270,1270,1270,1270,255,59,83,84,69,292,140,86,59,69,423,59,70,59,87,89,89,69","4,8,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0","0,5,0,0,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,2,0,0,0,0,0,0,0,0","0,1,0,1,1,1,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1","7.847249508,6.664321423,7.854867935,7.829421520,7.845530033,7.828608036,5.784439087,5.698686600,6.822151661,5.751563549,7.848925114,7.841618061,7.849283695,7.840007782,7.166291237,5.550272942,5.778533459,5.825033665,5.698887825,7.230185032,6.684528351,6.026679039,5.577555180,5.650410652,7.431746960,5.496964455,5.706285954,5.435783863,6.043458462,6.076747894,6.093711376,5.553960800",QUIC.DoH_DoT,188.196,1,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/dos_win98_smb_netbeui.pcap.out b/test/results/flow-analyse/dos_win98_smb_netbeui.pcap.out new file mode 100644 index 000000000..389bbaddf --- /dev/null +++ b/test/results/flow-analyse/dos_win98_smb_netbeui.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.239.129,192.168.239.255,udp,137,137,finished,32,0,1576409800543745,1576409931837438,1576409800543745,68,0,68,0,2176,0,0,43,4235280.5,96434388,17261798.0,297969697947648.0,1.5,"471,72,38984,710235,79,43,39467,709823,84,47,40333,710082,133,63,40024,760697,749893,749148,750102,96434388,763919,759984,756024,755162,752213,756593,760022,22000853,749883,749867,755005",96,96.0,96,0.0,0.0,5.0,"96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96,96","0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.156764984,4.210426807,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.176768780,4.177598476,4.193659782,4.197602749,4.176768780,4.197602749,4.231260300,4.177598476,4.155935764,4.289934158,4.323737621,4.323737621,4.323737621,4.282100201,4.282100201,4.282100201,4.248297215,4.376053333,4.376053333,4.376053333,4.355220318,4.281060219,4.286166668,4.277262688,4.307000160",NetBIOS,10,0,Acceptable,System,6,DPI,"" diff --git a/test/results/flow-analyse/drda_db2.pcap.out b/test/results/flow-analyse/drda_db2.pcap.out new file mode 100644 index 000000000..3a6778052 --- /dev/null +++ b/test/results/flow-analyse/drda_db2.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.106.1,192.168.106.128,tcp,4847,50000,finished,17,15,1175543772220609,1175543792690997,1175543792523346,0,0,663,630,2071,2488,0,489,1315262.1,17986057,4366159.0,19063346561024.0,1.8,"489,527,117332,117692,728,9146,43443,966142,1129664,349281,477633,7546,71563,64394,182669,413229,622408,30275,5528,2591,521,1606,2014,1552,1127,154254,17828332,17986057,9928,7015,168439",40,183.0,703,190.6,36335.2,4.3,"48,48,40,215,40,147,304,40,281,40,703,40,510,50,94,40,282,670,130,51,50,94,308,441,50,94,40,369,452,50,94,40","10,0,1,0,0,1,0,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,4,0,1,0,0,0,1,0,0,0,0,2,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0","4.443420410,4.743162632,4.731687069,5.602320194,4.712815285,5.534297943,5.451408386,4.643942833,5.407389164,4.731687069,5.469695568,4.712814808,4.427623272,4.828757286,5.028375626,4.781687260,5.564469814,5.097215652,4.705523014,4.912525654,4.828757286,5.049652100,5.369750977,4.250173569,4.773659706,5.041621685,4.681686878,5.027119160,4.343546391,4.828757286,5.070929050,4.615311623",DRDA,227,0,Acceptable,Database,6,DPI,"" diff --git a/test/results/flow-analyse/dropbox.pcap.out b/test/results/flow-analyse/dropbox.pcap.out new file mode 100644 index 000000000..9d96b6416 --- /dev/null +++ b/test/results/flow-analyse/dropbox.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.56.1,192.168.56.101,udp,50311,17500,finished,16,16,1455907271481938,1455907273126173,1455907273127913,94,0,101,24,1538,306,0,1824,106135.8,117757,19323.7,373406144.0,4.9,"1824,103882,104036,108951,108450,105413,105949,113800,113717,106838,107131,109410,109028,108906,115953,117757,112312,110612,110806,109887,107946,108022,108009,113116,114023,110812,110429,107359,111248,109470,105114",45,85.6,129,38.6,1486.7,4.8,"124,47,123,46,122,45,129,52,125,48,122,45,124,47,124,47,126,49,123,46,124,47,123,46,123,46,123,46,129,52,122,45","0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.543972015,5.027887821,5.510700703,5.088779926,5.530181885,5.047409534,5.667361259,5.185924053,5.578914642,5.069235325,5.512969971,5.047409534,5.559295654,5.027887344,5.530185699,4.958842754,5.597733021,5.084096432,5.503751278,5.045301914,5.504820824,5.027887821,5.497614384,5.045301437,5.497614384,5.088779926,5.490664959,5.088779926,5.682090759,5.315825462,5.555962563,5.047409534",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.56.1,192.168.56.101,udp,50318,17500,finished,16,16,1455907272856457,1455907274582746,1455907274587363,95,0,100,23,1552,320,0,2441,111522.4,127663,20842.5,434411712.0,4.9,"2441,112948,114313,107773,108080,108005,107995,109511,111427,119112,118338,116979,117004,127663,125063,114041,112993,120228,120931,111475,111310,105608,107791,113820,112048,122618,125498,112978,109966,123530,125708",46,86.5,128,38.5,1485.6,4.9,"123,46,127,50,126,49,128,51,123,46,125,48,126,49,125,48,123,46,124,47,128,51,126,49,123,46,123,46,123,46,127,50","0,0,6,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.503751755,5.045301437,5.557007790,5.123855114,5.607614994,5.043280125,5.664313793,5.241052628,5.514686108,4.950420856,5.534836769,5.027568340,5.639360428,5.084096432,5.610115051,5.084961891,5.505375385,5.088779926,5.607682705,5.070440769,5.642791271,5.133018017,5.545912743,4.930835724,5.488303185,5.088779926,5.491476536,5.045301437,5.523996830,5.088779926,5.658226490,5.203855038",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.56.1,192.168.56.101,udp,50312,17500,finished,16,16,1455907274088318,1455907275896569,1455907275902611,95,0,101,24,1564,332,0,1319,116856.3,131359,22365.2,500202464.0,4.9,"1319,105009,107122,122637,124565,114853,120385,119749,111541,123867,122956,105381,109394,122887,120099,118036,119438,130107,131359,131277,128951,120148,121275,112275,114829,128910,125477,127969,127046,125146,128537",46,87.2,129,38.5,1485.3,4.9,"125,48,129,52,125,48,126,49,126,49,123,46,123,46,123,46,128,51,126,49,127,50,125,48,125,48,128,51,127,50,126,49","0,0,3,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.540076256,5.126628399,5.646005154,5.238902569,5.556076050,5.011841774,5.645351887,5.124912739,5.661224842,5.124912739,5.536271572,5.045301914,5.526149273,5.010309696,5.552532196,5.088779926,5.645638943,5.155473709,5.623487949,5.027874470,5.658226013,5.203855038,5.594115257,5.084961414,5.581238747,5.084961414,5.642791271,5.201836586,5.575829029,5.148757458,5.623488426,5.043280125",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.56.1,192.168.56.101,udp,50319,17500,finished,16,16,1455907275690777,1455907277661201,1455907277663998,94,0,101,24,1561,329,0,5091,127214.4,172321,26264.3,689812928.0,4.9,"5091,140506,139383,127325,129287,138036,134456,137698,141222,137865,138593,132603,133311,132101,136834,172321,164608,137809,136671,122327,121648,117128,118696,128848,133217,115516,110107,123592,124533,106749,105564",45,87.1,129,38.6,1487.1,4.9,"127,50,128,51,123,46,123,46,126,49,123,46,122,45,127,50,125,48,129,52,126,49,124,47,125,48,129,52,124,47,128,51","0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.584132195,5.148756981,5.612321377,5.123405457,5.484527588,5.088779926,5.497614384,5.088779926,5.597732544,5.084096432,5.526148796,5.088780403,5.523175716,5.047409534,5.616926193,5.163855076,5.550037384,5.084961891,5.666587353,5.277364254,5.567777157,5.068690777,5.565383434,5.070440769,5.542193413,5.084961414,5.626701832,5.238902569,5.490826130,4.985334873,5.638961315,5.241052151",Dropbox,121,0,Acceptable,Cloud,6,DPI,"" diff --git a/test/results/flow-analyse/dtls.pcap.out b/test/results/flow-analyse/dtls.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dtls.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dtls2.pcap.out b/test/results/flow-analyse/dtls2.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dtls2.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dtls_certificate.pcapng.out b/test/results/flow-analyse/dtls_certificate.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dtls_certificate.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dtls_certificate_fragments.pcap.out b/test/results/flow-analyse/dtls_certificate_fragments.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dtls_certificate_fragments.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dtls_mid_sessions.pcapng.out b/test/results/flow-analyse/dtls_mid_sessions.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dtls_mid_sessions.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dtls_old_version.pcapng.out b/test/results/flow-analyse/dtls_old_version.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dtls_old_version.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/dtls_session_id_and_coockie_both.pcap.out b/test/results/flow-analyse/dtls_session_id_and_coockie_both.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/dtls_session_id_and_coockie_both.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/elasticsearch.pcap.out b/test/results/flow-analyse/elasticsearch.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/elasticsearch.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/emotet.pcap.out b/test/results/flow-analyse/emotet.pcap.out new file mode 100644 index 000000000..355e19230 --- /dev/null +++ b/test/results/flow-analyse/emotet.pcap.out @@ -0,0 +1,6 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.2.25.102,193.252.22.84,tcp,57309,587,finished,13,19,1645830066121611,1645830074471734,1645830074471604,0,0,698,160,898,391,0,254,538713.4,3056402,774055.0,599161176064.0,3.7,"749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254",40,80.8,738,121.9,14849.5,4.3,"52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738","8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0","4.644789696,4.953416348,4.981687069,5.477373600,5.387795925,4.784183979,5.738989830,5.361793995,4.834184170,5.487123966,5.654376030,4.784183979,4.955064297,4.734184265,5.288679600,5.421465874,4.784183979,4.859826565,4.784183979,5.343945503,5.557319641,4.765312195,5.392617702,5.626545429,4.834184170,5.525993347,5.097266674,4.834184170,5.095175266,5.329178810,4.784184456,5.639209747",SMTP,3,0,Acceptable,Email,6,DPI,"" +1,ip4,10.3.29.101,104.161.127.22,tcp,56309,80,finished,12,20,1648563468993352,1648563469442201,1648563469442152,0,0,446,1361,446,24498,0,77,28956.4,204389,59845.4,3581476608.0,2.7,"115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690",40,820.0,1401,663.1,439751.8,4.4,"52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40","11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.710365295,4.913976669,4.680641174,5.777981758,4.621928692,7.446667671,7.722211838,4.711769104,7.820096016,7.819649696,4.730641365,7.834948540,7.865209579,4.730641365,7.838735580,7.852061272,4.780641079,7.835340023,7.853207111,4.711769104,7.851351738,7.847233772,4.780641079,7.872184753,7.855648994,4.780641079,7.879763126,7.844507217,4.680641174,7.843948364,7.837398529,4.780641079",HTTP,7,0,Acceptable,Web,6,DPI,"" +1,ip4,10.4.20.102,107.161.178.210,tcp,54319,80,finished,17,15,1650490398530577,1650490399009658,1650490399009514,0,0,225,1388,225,19432,0,40,30903.8,260940,65726.9,4320020480.0,3.0,"97254,97549,387,260940,260431,3204,3158,9543,9466,6236,69,6255,124,124,128,201,123,50,174,174,40,2646,2680,60630,60713,9884,9822,15114,15099,12868,12932",46,657.7,1428,680.4,462891.9,4.1,"52,48,46,265,1428,46,1428,46,1428,46,1428,1428,46,1428,46,1428,46,1428,46,1428,46,46,1428,46,1428,46,1428,46,1428,46,1428,46","16,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0","0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0","4.633441925,5.001628399,4.330939770,5.702507019,4.791214466,4.390829086,5.521807671,4.303872585,6.000949860,4.347350597,5.983242989,6.243623734,4.347351074,5.943493843,4.390829086,4.384503365,4.390829086,4.537651062,4.347351074,4.500005245,4.390829086,4.390829086,4.575252056,4.390829086,4.522280216,4.390829086,4.470242500,4.347350597,4.561497688,4.347350597,4.580824375,4.390829086",HTTP,7,0,Acceptable,Web,6,DPI,"4" +1,ip4,10.4.25.101,77.105.36.156,tcp,49797,80,finished,10,22,1650905413858492,1650905414512477,1650905414512421,0,0,152,1388,152,26616,0,56,42190.8,292217,79641.8,6342810624.0,2.9,"184236,184528,232,171817,120639,81,116,292217,2662,111,117,90,2892,2739,117,70,3040,164670,68,120,164820,2817,118,71,3042,2918,68,119,165,3158,56",46,878.9,1428,652.6,425943.0,4.5,"52,52,46,192,46,612,1428,1428,46,1428,1428,1428,1100,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,46,1428,1428,1428,1428,46,46","9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,18,0,0,0,0","0,1,0,0,1,1,1,1,0,1,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0","4.671903610,4.849197388,4.501398563,5.653024197,4.390829563,5.577536106,4.013392448,5.117209911,4.501398563,5.103430748,5.009723663,5.324585438,5.512314796,4.457919598,5.070570469,5.174447536,5.467666149,4.457920074,5.218022346,5.067547321,5.343363285,4.501398087,5.389601707,5.123095036,5.071803093,4.354552746,5.203499794,5.430387497,5.394243717,4.889959335,4.501398563,4.390829086",HTTP,7,0,Acceptable,Download,6,DPI,"4,11" +1,ip4,10.4.25.101,138.197.147.101,tcp,49803,443,info,14,18,1650905467542773,1650905469294827,1650905469297748,0,0,480,1388,722,19664,0,0,113130.0,1262510,287859.5,82863079424.0,2.7,"109372,109625,14139,123772,13228,122858,52674,132935,80275,6518,151937,1117119,71,165,1262510,58,2900,71,3072,96890,117,96947,3054,71,165,71,3262,0,116,2919,118",46,682.0,1428,663.2,439900.2,4.2,"52,52,46,189,46,1418,46,133,282,46,520,46,1428,1428,1428,46,46,1428,1428,52,1428,1428,60,1428,1428,1428,1428,60,60,60,1428,1428","11,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,1,1,0,0,0,1,1","4.661227226,4.908878326,4.501398087,5.357971191,4.609350681,7.499943256,4.609350204,5.862740993,7.080684185,4.501398087,7.521671295,4.522393703,7.860427856,7.879212856,7.876828194,4.501398087,4.501398087,7.862761021,7.872880459,4.974009037,7.863744259,7.867939472,5.142321110,7.869549751,7.874364853,7.859346390,7.876013756,5.142321110,5.142321110,5.142320633,7.842814445,7.873933792",,,,,,,,"" diff --git a/test/results/flow-analyse/encrypted_sni.pcap.out b/test/results/flow-analyse/encrypted_sni.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/encrypted_sni.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/esp.pcapng.out b/test/results/flow-analyse/esp.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/esp.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ethereum.pcap.out b/test/results/flow-analyse/ethereum.pcap.out new file mode 100644 index 000000000..76b8a2c8c --- /dev/null +++ b/test/results/flow-analyse/ethereum.pcap.out @@ -0,0 +1,34 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.184,35.158.244.151,tcp,56615,30303,finished,21,11,1578508364522958,1578508364631940,1578508364658815,0,0,495,448,735,512,0,3,7898.0,63466,18325.6,335828128.0,2.4,"42899,42982,2208,63466,818,46,62123,6,373,313,356,354,126,10,127,6,123,159,339,3,86,17,41,85,11,59,21,32,10,27626,14",46,91.2,547,114.1,13011.4,4.4,"64,60,52,547,52,500,84,52,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.453177452,5.333454132,5.000318527,7.620707512,5.195351601,7.612061024,5.903985500,5.077241421,5.077241421,5.270098686,5.077241421,5.305542469,5.077241421,5.535423279,5.653491497,5.077241421,5.077241421,5.233812809,5.077241421,5.807060242,5.154217243,6.729629993,5.192151070,5.452736855,5.949917316,5.154217243,5.191807747,5.493040085,5.493248940,5.077241421,3.725504398,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,178.128.195.220,tcp,56626,30303,finished,20,12,1578508364523356,1578508364663606,1578508364664348,0,0,546,404,1106,612,0,1,9072.3,62996,18852.3,355411104.0,2.7,"42941,42985,1880,62851,2026,2,12,7,1,62996,2,23,5,115,83,3,1324,29,68,8,50,438,29,39,9,101,32217,29,13,30178,778",52,107.8,598,122.8,15078.8,4.4,"64,60,52,598,52,456,84,53,208,55,52,52,52,52,68,52,52,84,53,176,55,68,84,53,100,67,68,64,64,64,324,64","14,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1","4.408572197,5.379368782,5.077241421,7.669267178,5.156889439,7.526873589,5.951604366,5.156891346,6.891885281,5.267454624,5.077241421,5.038779736,5.000318050,5.038779736,5.524744987,5.038779736,5.000318050,5.872653008,5.041009903,6.756078243,5.155787468,5.423323631,5.920271873,5.041009903,6.031247139,5.403306961,5.416114807,5.165874004,5.197124004,5.228374004,7.334465981,5.165874004",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,34.255.23.113,tcp,56627,30303,finished,21,11,1578508364523418,1578508364659019,1578508364721593,0,0,512,402,752,466,0,2,10767.0,70198,24163.0,583848512.0,2.4,"70028,70198,1425,62112,2103,2,2,32,23,22,62731,3,15,11,2,8,85,118,636,45,106,25,18,64,32,95,10,50,9,63729,37",46,90.3,564,111.3,12394.7,4.4,"64,60,52,564,52,454,84,53,54,65,68,52,52,52,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.441382408,5.346035480,5.024262905,7.573521614,5.233813286,7.579136848,5.880175591,5.270098686,5.268505573,5.525989532,5.642391205,5.062724590,5.024262905,5.024262905,5.024262905,5.062724590,5.062724590,5.272274494,5.062724590,5.967890739,5.154217243,6.729060650,5.228514671,5.477021694,5.839856625,5.078744888,5.191807270,5.462270737,5.610895157,5.115703106,3.600984097,3.600984097",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,51.38.60.79,tcp,56629,30303,finished,19,13,1578508364632239,1578508364714483,1578508364786943,0,0,421,340,661,404,0,1,7643.5,72892,17918.8,321082976.0,2.4,"36441,36500,1495,43967,497,46,63,13,18,43065,4,1,1,17,703,21,64,47,32,88,50,77,17,30,32,72892,13,7,734,1,12",46,85.0,473,93.3,8701.2,4.5,"64,60,52,473,52,392,84,53,54,81,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46","15,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1","4.421927452,5.379368782,5.115703106,7.505434513,5.310736179,7.434167385,5.999223709,5.232362747,5.342579842,5.892141342,5.115703106,5.115703106,5.115703106,5.024262905,5.115703106,5.869502068,5.116480827,6.709120274,5.214789391,5.552071571,5.902298450,5.154217243,5.228844643,5.462270737,5.552072525,5.115703106,5.310736179,3.969498873,3.926020622,3.969498873,3.969498873,3.969498873",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,51.38.81.180,tcp,56632,30303,finished,21,11,1578508364682687,1578508364832409,1578508364898847,0,0,479,439,719,503,0,1,11802.6,78584,26563.9,705640768.0,2.4,"68454,68561,1411,78125,1877,68,78584,38,219,12,4,177,15,1,106,11,115,2,426,13,74,15,66,39,30,87,16,26,26,67245,39",46,90.4,531,111.1,12335.6,4.4,"64,60,52,531,52,491,84,52,52,53,54,65,52,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.397368431,5.306893826,4.993616104,7.595185280,5.233812809,7.573578358,5.960590839,5.154164791,5.077241421,5.270098686,5.268505573,5.587528229,5.115703106,5.115703106,5.115703106,5.554157257,5.310736179,5.115703106,5.115703106,5.935094357,5.154217243,6.817276955,5.264878273,5.581483841,5.878489017,5.078744411,5.228844166,5.493040085,5.610895157,5.115703106,3.909610271,3.866132259",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,82.145.220.249,tcp,56633,30303,finished,17,15,1578508364714836,1578508364867557,1578508364919424,0,0,442,422,682,486,0,2,11526.1,77251,26248.2,688970368.0,2.4,"74179,74294,1198,77251,76054,663,12,594,2,179,16,57,19,60,67,15,72,28,42,24,51962,31,247,15,13,11,81,2,10,6,105",46,87.1,494,105.3,11090.0,4.4,"64,60,52,494,474,52,84,84,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1","4.441382408,5.381731033,5.115703106,7.596201897,7.501367569,5.115703106,5.935592651,5.974224567,5.115703106,5.115703106,5.982713223,5.154216766,6.770318985,5.264878273,5.610895157,5.743154526,5.041008472,5.154769897,5.523809433,5.581483841,5.115703106,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549,3.701528549",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,3.209.45.79,tcp,56628,30303,finished,21,11,1578508364523420,1578508364824407,1578508364936429,0,0,395,470,635,534,0,2,23032.1,164457,52707.1,2778034688.0,2.4,"134408,134510,2041,164457,730,163149,164,16,91,13,125,16,10,133,2,2,198,213,439,13,62,28,71,55,19,91,9,24,22,112857,28",46,89.0,522,105.0,11031.5,4.5,"64,60,52,447,52,522,52,84,53,52,52,54,65,68,52,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.441382408,5.266787052,4.985801220,7.462465286,5.103911400,7.567200184,4.947339535,5.975413799,5.232362270,4.985801220,4.985801220,5.268505096,5.587528229,5.642391205,4.985801220,4.985801220,4.947339535,5.118428230,4.985801220,5.926107883,5.116480827,6.775084019,5.192151546,5.511558533,5.887475491,5.078744888,5.094675064,5.481426716,5.452735901,5.000318050,5.118428230,3.682026386",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,209.250.240.205,tcp,56638,30303,finished,20,12,1578508364924936,1578508365038162,1578508365038195,0,0,415,494,975,686,0,3,7306.0,43142,14269.1,203606176.0,2.8,"32588,32677,1133,41248,3045,43142,1077,15,57,29,33,2220,3,33,1051,3,12,110,51,429,10,11,17,141,33844,34,22,20,33327,11,92",52,106.0,546,112.4,12624.2,4.5,"64,60,52,467,52,546,52,84,53,176,55,68,84,53,195,52,52,52,68,52,84,53,100,67,68,64,64,64,64,212,164,52","13,3,0,2,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1","4.515677452,5.379368782,5.115703106,7.628110409,5.233812809,7.621943474,5.000318050,5.854679585,5.026765347,6.739012241,5.155788422,5.511559486,6.055828571,5.194625378,6.831315041,5.038779736,5.077241421,5.077241421,5.642391205,5.077241421,5.911284924,5.154216290,6.092246532,5.582411766,5.463837624,5.146419048,5.146419048,5.177669048,5.146419048,6.910353184,6.676519394,5.156889439",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,40.67.144.128,tcp,56630,30303,finished,18,14,1578508364659294,1578508364932664,1578508365043187,0,0,431,423,671,487,0,1,21202.0,158141,48725.8,2374199552.0,2.4,"158073,158141,1927,112688,964,45,111769,2,97,24,66,10,893,34,92,13,26,143,3,148,30,48,25,111098,32,825,2,26,2,1,16",46,87.3,483,103.8,10779.3,4.4,"64,60,52,483,52,475,84,52,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.484427452,5.346035480,5.077241421,7.564687252,5.233812809,7.546903610,5.936781406,5.115703106,5.154164791,5.653491974,5.612979889,5.077241421,5.154164314,5.811898232,5.109905720,6.736226082,5.149451256,5.359375000,5.770115376,5.072169781,5.074242115,5.414525986,5.488122940,5.032077789,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308,3.622137308",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,104.42.217.25,tcp,56611,30303,finished,21,11,1578508364522827,1578508364921758,1578508365096545,0,0,490,467,730,531,0,2,31375.8,202293,71334.6,5088628224.0,2.4,"194951,195066,1242,202293,279,25,201303,2,92,53,99,12,102,9,99,103,126,125,566,17,55,13,75,43,16,62,14,42,23,175388,354",46,91.8,542,115.5,13350.2,4.4,"64,60,52,542,52,519,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.421927452,5.333454132,5.038780212,7.555685520,5.246409416,7.620338917,5.920769691,5.115702629,5.154164314,5.282457829,5.154164314,5.280635834,5.493683815,5.154164314,5.154164314,5.622612953,5.154164314,5.246409416,5.154164314,5.716195107,5.109905720,6.683475971,5.149451256,5.517535210,5.772800446,5.034432888,5.111279488,5.487678528,5.447609901,5.070538998,5.207947731,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,159.203.84.31,tcp,56634,30303,finished,21,11,1578508364824682,1578508365044863,1578508365151822,0,0,571,513,811,577,0,2,17655.5,109385,39696.4,1575808128.0,2.4,"107626,107678,1475,109033,1825,109385,687,13,52,13,68,1028,198,109,79,136,133,112,7,116,2,80,130,42,5,71,30,33,21,107121,13",46,95.6,623,130.9,17130.1,4.3,"64,60,52,623,52,565,52,84,53,176,55,68,84,52,53,52,54,52,65,68,52,52,84,52,53,52,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,0,1,1,0,0,0,1,0,0,0,0,0,0,1,1","4.484427452,5.379368782,5.115703583,7.654181480,5.195351601,7.665644169,5.154164791,5.911284924,5.191953182,6.883150101,5.155787945,5.581483364,5.880175591,5.115703106,5.194626331,5.115703106,5.305542946,5.115703106,5.587528229,5.730626106,5.101186275,5.091758728,5.816046715,5.156889915,5.154217243,5.062724590,5.052737236,5.322218418,5.581483364,5.139647484,3.969499111,4.012977600",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,178.62.29.183,tcp,56643,30303,finished,20,12,1578508365029590,1578508365168387,1578508365168448,0,0,469,318,757,531,0,2,8956.6,48881,17793.5,316609056.0,2.7,"44428,44545,1146,47405,2629,34,48881,2,106,60,120,15,121,3,107,116,574,31,61,16,57,386,11,31,13,50,43304,549,42693,151,10",52,92.9,521,97.8,9570.5,4.5,"64,60,52,521,52,370,84,52,52,53,52,177,54,52,52,68,52,84,53,176,55,68,84,53,100,67,68,52,84,52,53,56","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,1","4.453177452,5.412702084,5.077241421,7.576026917,5.094483852,7.477237225,5.936781406,5.038779736,5.038779736,5.194627285,5.077241421,6.737099171,5.342579842,5.038780212,5.038780212,5.701214790,5.077241421,5.863666058,5.154217243,6.725339890,5.192151546,5.463837624,5.839856625,5.116481781,6.092247009,5.492858887,5.610895157,5.142373085,5.945767879,5.038779736,5.232362270,5.409769058",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,185.219.133.62,tcp,56645,30303,finished,20,12,1578508365045064,1578508365193903,1578508365193933,0,0,410,382,698,623,0,1,9603.5,51634,18821.1,354234048.0,2.8,"47219,47359,1594,49528,3728,51634,828,16,1020,92,14,1,37,127,71,134,135,105,102,138,138,353,12,12,16,83,45623,1100,32,46342,115",52,93.9,462,97.7,9536.3,4.5,"64,60,52,462,52,434,52,84,53,84,176,52,55,68,53,52,208,52,55,52,68,52,84,53,100,67,68,52,52,84,52,53","15,3,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,1,0,0,0,0,1,0,1,0,1,0,1,0,0,0,0,0,0,1,1,1,0,1","4.453177452,5.346035004,5.115703106,7.515024185,5.233812809,7.417223930,4.993616104,5.784938335,5.072169304,5.912971973,6.701569080,5.101185799,5.178425789,5.447610855,5.218119621,5.101185799,6.890011311,5.062724113,5.253729820,5.062724113,5.434425354,5.062724113,5.620957375,5.057926178,6.028760910,5.398105145,5.477022171,5.180834770,5.180834770,5.823570728,5.062724113,5.218119144",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,52.231.165.108,tcp,56618,30303,finished,21,11,1578508364523039,1578508365008936,1578508365219392,0,0,450,453,690,517,0,3,38137.1,261804,87113.6,7588779008.0,2.3,"261712,261804,1508,222767,73,3,23,221290,9,6,194,11,189,20,102,10,88,9,563,27,71,35,50,54,29,73,9,29,34,211443,15",46,90.2,505,109.1,11904.3,4.4,"64,60,52,502,52,505,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.472632408,5.279368401,4.971284389,7.593235970,5.176993370,7.560348034,5.783750057,5.246605873,5.115703106,5.115703106,5.077241421,5.287864685,5.597605228,5.115703106,5.077241421,5.652023315,5.209868431,5.115703106,5.115703106,5.731483459,5.109905720,6.885459900,5.149450779,5.450927734,5.835707664,5.147641182,5.185353279,5.518447876,5.509750366,5.032077789,5.246409416,3.768982887",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,191.234.162.198,tcp,56620,30303,finished,21,11,1578508364523109,1578508365009640,1578508365221428,0,0,512,459,752,523,0,2,38221.0,263164,87319.6,7624720896.0,2.3,"263094,263164,1256,221848,245,3,9,220800,8,13,125,15,115,10,130,9,138,8,711,8,50,43,2,70,7,75,9,33,11,212620,221",46,92.1,564,117.4,13788.7,4.4,"64,60,52,564,52,511,84,53,52,52,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.421927452,5.346035480,4.947339535,7.600792408,5.169486523,7.523147583,5.992197990,5.169249058,5.077241421,5.077241421,5.077241421,5.243598461,5.597605228,5.077241421,5.077241421,5.582098961,5.169486046,5.077241421,5.077241421,5.874339581,4.996697903,6.697847366,5.062998295,5.410989761,5.779101849,5.034433842,5.037205219,5.383756638,5.546946526,4.955154419,3.682026148,3.682026148",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,138.201.12.87,tcp,56651,30303,finished,18,14,1578508365154075,1578508365225822,1578508365257069,0,0,417,327,657,391,0,2,5636.8,36541,12197.5,148778048.0,2.6,"32598,32641,1212,33881,3882,36541,367,364,134,135,131,136,417,10,43,12,102,2,13,40,18,46,15,31120,114,13,120,11,562,50,11",46,84.1,469,91.5,8376.2,4.5,"64,60,52,469,52,379,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.515677452,5.379368782,5.077241421,7.567195415,5.310736179,7.401209831,5.115703106,5.951604366,5.115703106,5.671802521,5.154164791,5.701214790,5.115703583,5.958903790,5.229689121,6.830620766,5.251152992,5.581483841,5.896461964,5.191953182,5.265881062,5.554578781,5.581483841,5.192626476,5.310736179,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148,3.682026148",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,172.105.94.62,tcp,56646,30303,finished,20,12,1578508365079165,1578508365271500,1578508365271455,0,0,474,332,810,780,0,5,12407.3,116020,26211.9,687065472.0,2.9,"25501,25603,1194,25860,91412,116020,834,13,59,13,31,24470,23554,429,12,15,16,655,121,709,21,11,5,23284,18,24097,248,344,46,20,10",52,102.3,526,108.5,11769.5,4.5,"64,60,52,526,52,384,52,84,53,176,55,68,292,52,84,53,100,67,52,68,52,52,52,52,260,52,52,84,52,53,55,64","14,4,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,1,1,1,1,1,1,0,0,1,0,0,0","4.441382408,5.289900780,4.976373672,7.566489220,5.131024361,7.376211166,5.053297043,5.896462440,5.130724430,6.832929611,5.096785545,5.533761978,7.210265636,5.053297043,5.805871487,5.055253029,5.924697399,5.492858887,5.246409416,5.480678558,5.246409416,5.169486046,5.246409416,5.246409416,7.089441776,5.193430901,4.976373672,5.702836037,5.193430901,5.130724430,5.205876350,5.255445480",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,176.9.136.209,tcp,56652,30303,finished,18,14,1578508365169225,1578508365239481,1578508365271811,0,0,531,428,771,492,0,1,5575.5,34994,12229.4,149558160.0,2.5,"32769,32829,1344,33937,2357,34994,270,193,122,12,123,10,417,12,70,10,89,1,14,53,11,44,42,32625,14,112,124,133,12,7,92",46,90.6,583,116.9,13676.1,4.4,"64,60,52,583,52,480,52,84,52,68,68,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.453177452,5.379369259,5.115703106,7.627379894,5.272274971,7.546579361,5.077241421,5.936781406,5.077241421,5.701214314,5.701214314,5.115703106,5.115703106,5.911284924,5.154217243,6.794458389,5.228514671,5.699130058,5.935094357,5.191953182,5.228844166,5.493040085,5.581483841,5.154164791,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,162.228.29.160,tcp,56635,30303,finished,21,11,1578508364832618,1578508365154217,1578508365304459,0,0,413,405,653,469,0,1,25594.8,159357,56992.8,3248178688.0,2.5,"157669,157791,1578,152892,8130,159357,1177,13,61,20,78,1877,13,527,1,123,12,130,3,101,114,166,3,78,34,46,32,749,390,149661,614",46,87.5,465,99.1,9815.1,4.5,"64,60,52,465,52,457,52,84,53,176,55,68,84,53,52,52,54,65,52,52,68,52,84,53,54,65,68,52,52,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,0,0,1,0,0,0,0,0,0,0,1,0,1,1","4.421927452,5.346035480,5.077241421,7.486079693,5.156889439,7.536809444,5.038779736,5.887475491,5.154217243,6.869001865,5.192151070,5.540970802,5.945767879,5.232362270,5.038779736,5.077241421,5.268505096,5.556758881,5.077241421,5.038780212,5.612979889,5.038780212,5.673190117,5.078745365,5.080696106,5.322218418,5.522660255,5.077241421,5.156889915,5.077241421,5.233813286,3.768982887",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,18.219.167.159,tcp,56639,30303,finished,20,12,1578508364932939,1578508365188877,1578508365309479,0,0,521,490,761,554,0,7,20402.5,130950,46194.5,2133934848.0,2.4,"130846,130950,1277,122765,1253,122671,155,10,149,9,88,86,123,126,124,123,256,9,49,17,28,59,7,51,29,22,20,121098,33,23,22",46,93.0,573,122.2,14931.5,4.3,"64,60,52,573,52,542,52,84,53,52,52,67,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46","16,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1","4.484427452,5.300120831,5.038779736,7.626091480,5.156889439,7.533421516,5.077241898,5.942617416,5.156890869,5.038780212,5.038780212,5.524824619,5.077241898,5.583567619,5.077241898,5.156889439,5.038780212,5.902298450,5.116480827,6.768815994,5.105699062,5.552071571,5.744618893,5.116480827,5.117732525,5.395370483,5.552071571,5.077241421,3.926020861,3.969499111,3.969499111,3.969499111",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,35.228.250.140,tcp,56650,30303,finished,20,12,1578508365153718,1578508365327684,1578508365329449,0,0,462,442,750,778,0,2,11280.5,57129,22219.5,493705824.0,2.8,"56823,56925,1602,56390,2342,57129,531,462,124,8,117,8,162,10,51,23,20,1132,926,430,2,33,26,92,56511,32,22,55939,9,1784,32",52,100.4,514,109.7,12030.8,4.5,"64,60,52,514,52,494,52,84,52,195,53,52,52,84,53,176,55,68,68,52,84,53,100,67,68,52,84,134,52,52,82,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,1,1","4.515677452,5.240226269,5.115703106,7.534019470,5.233812809,7.516967297,5.154164791,5.847379684,5.115703106,6.830158234,5.194627285,5.024262905,5.038780212,5.926107883,5.078744888,6.739013672,5.192151070,5.482147217,5.671802521,5.115703106,5.887475491,5.191953182,6.048761845,5.522709846,5.522660255,5.233812809,5.894998550,6.621984482,5.115703106,5.062724590,5.776439667,5.272274494",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,18.138.108.67,tcp,56622,30303,finished,21,11,1578508364523182,1578508365078877,1578508365330913,0,0,531,318,771,382,0,7,43981.5,300415,100376.1,10075352064.0,2.3,"300373,300415,1705,253379,743,11,252408,10,126,124,122,12,120,7,112,11,115,13,362,33,90,11,17,64,29,59,24,45,44,252812,30",46,88.3,583,106.2,11275.5,4.4,"64,60,52,583,52,370,84,52,52,53,52,54,65,52,52,68,52,52,52,84,53,176,55,68,84,53,54,65,68,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.428027153,5.279368877,5.038780212,7.657849789,5.131024361,7.439465523,5.864164352,5.000318527,5.000318050,5.244720936,5.038779736,5.317672253,5.536067009,5.000318050,5.000318050,5.563788414,5.169486046,5.000318050,5.000318050,5.759441853,4.989030361,6.735422134,5.192151546,5.357292175,5.816047192,5.041008472,5.154769897,5.339193821,5.410754204,5.038779736,3.682026386,3.682026386",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,18.138.81.28,tcp,56623,30303,finished,21,11,1578508364523185,1578508365096272,1578508365350710,0,0,471,422,711,486,0,8,45181.0,308079,102626.0,10532101120.0,2.4,"308002,308079,2079,260252,1619,259755,495,482,122,10,122,8,118,9,119,17,140,15,66,21,45,75,23,49,39,20,18,2347,1915,254515,36",46,89.8,523,108.1,11684.8,4.4,"64,60,52,523,52,474,52,84,52,53,54,52,52,65,68,52,52,84,53,176,55,68,84,53,54,65,68,52,52,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1","4.515677452,5.379368782,5.115703106,7.587895393,5.233812809,7.532115936,5.077241421,5.898149014,5.038779736,5.232362747,5.231468678,5.000318050,5.038779736,5.618297577,5.642390728,5.038779736,5.000318050,5.825033665,5.041009426,6.724864960,5.192151070,5.429300308,5.854679585,5.078745842,5.117733479,5.462270737,5.482147217,5.038779736,5.195351601,5.077241421,5.195351601,3.768982887",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,165.22.107.33,tcp,56610,30303,finished,21,11,1578508364522826,1578508365153717,1578508365439333,0,0,574,396,814,460,0,2,49916.1,339297,113624.6,12910541824.0,2.4,"339196,339297,1296,287250,2535,288430,1006,11,1005,14,2,8,122,6,111,4,2,12,35,118,61,115,34,101,31,26,56,616,251,285614,33",46,92.1,626,119.2,14212.1,4.4,"64,60,52,626,52,448,52,84,53,52,52,84,53,54,65,176,52,55,52,68,68,52,84,53,54,65,68,52,52,52,46,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,1,1","4.453177452,5.379368782,5.038780212,7.608707905,5.000318050,7.463840485,5.077241421,5.793924809,5.119154453,5.000318050,5.038779736,5.816047192,5.041009426,5.103753567,5.464450836,6.749572277,5.000318050,5.155787945,5.000318050,5.441635132,5.524744034,5.038779736,5.878488541,5.041008949,5.117733002,5.431501389,5.552072525,5.115703106,5.156889439,5.115703106,3.725504398,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,52.187.207.27,tcp,56621,30303,finished,21,11,1578508364523145,1578508365197191,1578508365510722,0,0,525,451,765,515,0,7,53600.7,354597,122026.8,14890529792.0,2.4,"354503,354597,1517,316901,1340,316735,173,101,119,114,122,127,128,12,120,9,115,122,283,10,68,11,22,44,44,48,7,18,49,313859,305",46,92.4,577,118.1,13953.7,4.4,"64,60,52,577,52,503,52,84,52,53,52,54,52,65,68,52,52,52,52,84,53,176,55,68,84,53,54,65,68,52,52,46","17,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1","4.515677452,5.379368782,5.077241898,7.643549442,5.207947731,7.572619438,5.077241898,5.878986835,5.077241421,5.282456875,5.077241421,5.280635357,5.077241421,5.480534077,5.670333862,5.038779736,5.077241421,5.131024361,5.038779736,5.665890694,5.034432411,6.857876301,5.113088131,5.388787270,5.793924809,5.034432888,5.037204742,5.395370483,5.418199539,4.955154419,5.131024361,3.682026386",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,51.161.23.12,tcp,56660,30303,finished,20,12,1578508365271977,1578508365699150,1578508365699343,0,0,573,421,861,662,0,2,27565.8,147323,54220.4,2939852800.0,2.8,"139345,139431,1667,141731,7248,147323,778,15,57,13,65,6714,5782,300,242,748,13,7,750,26,2,438,13,27,43,49,129951,188,824,130452,297",52,100.2,625,122.1,14898.1,4.4,"64,60,52,625,52,473,52,84,53,176,55,68,84,52,53,52,202,61,68,52,52,52,84,53,100,67,68,52,52,84,52,53","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1","4.453177452,5.273559570,4.976373672,7.683106422,5.094483852,7.563943863,5.053297043,5.816047192,5.055253029,6.738208294,5.205876350,5.563172817,5.912971973,5.115703106,5.307834625,5.115703106,6.880195141,5.500168800,5.701214790,5.077241421,5.077241421,5.038779736,5.830870152,5.003273487,6.124698639,5.451741219,5.522660255,5.094483376,5.132945061,5.969577789,5.000318527,5.246605873",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,86.107.243.62,tcp,56671,30303,finished,24,8,1578508365592330,1578508365741203,1578508365740945,0,0,540,364,929,812,0,6,9596.4,39189,16023.4,256750832.0,3.1,"39074,39189,1465,38437,362,37288,763,13,47,10,88,39176,38284,307,256,561,11,34,20,89,30734,30582,269,187,28,20,37,34,54,6,63",52,107.0,592,118.7,14100.3,4.4,"64,60,52,592,52,416,52,84,53,176,55,68,292,52,52,52,84,53,100,67,68,260,52,52,84,53,55,64,68,84,53,56","17,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0","4.484427452,5.346035480,5.077241421,7.656184673,5.233812809,7.517492771,5.077241898,5.839856625,5.102238178,6.715719223,5.192151070,5.552071571,7.256381512,5.038780212,5.118427753,5.195351124,5.807060242,5.116481304,6.072246075,5.481591702,5.581483841,7.116200924,5.038780212,5.233812809,5.744618893,5.154217243,5.228514671,5.419355392,5.552072048,5.863666058,5.154217243,5.264381886",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,157.230.152.87,tcp,56658,30303,finished,20,12,1578508365239758,1578508365782730,1578508365782698,0,0,583,391,871,648,0,8,35029.4,184362,71024.3,5044451840.0,2.6,"179302,179369,1797,184362,177,182759,106,62,111,97,367,12,367,8,114,117,157,11,64,17,19,306,10,10,14,156,176481,904,995,9,177632",52,100.1,635,121.0,14650.9,4.4,"64,60,52,635,52,443,52,84,52,53,52,213,66,52,52,68,52,84,53,176,55,68,84,53,111,56,68,52,52,84,53,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0","4.515677452,5.346035480,5.038780212,7.678948879,5.233812809,7.426693916,5.115703106,5.903985023,5.115703106,5.307834625,5.115703106,7.013820648,5.585841656,5.077241421,5.077241421,5.642391205,5.038780212,5.798073769,5.116480827,6.750286102,5.119424820,5.423324585,5.821883202,5.116480827,6.247833252,5.085811138,5.423323631,5.142372608,5.156889439,5.894998550,5.270098209,5.038779736",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,139.162.255.210,tcp,56672,30303,finished,18,14,1578508365701530,1578508365787932,1578508365828317,0,0,386,356,626,420,0,8,6877.1,42383,15108.4,228262896.0,2.6,"41413,41460,1312,42383,1046,42119,204,192,363,356,369,368,205,23,58,13,64,62,24,80,8,25,33,39148,1363,11,132,116,14,104,121",46,84.0,438,90.7,8221.2,4.5,"64,60,52,438,52,408,52,84,52,68,52,68,52,84,53,176,55,68,84,53,54,65,68,52,52,46,46,46,46,46,46,46","14,2,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.472632408,5.366787434,5.077241898,7.477252960,5.094483376,7.506056309,5.032077789,5.945768356,5.032077789,5.682903290,5.032077789,5.594669342,5.032077789,5.686549187,5.109905720,6.751657963,5.222177982,5.381002426,5.835707664,5.072169304,5.148315907,5.414526463,5.517535210,5.070539474,5.209868431,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637,3.725504637",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,52.9.128.68,tcp,56661,30303,finished,20,12,1578508365279592,1578508365851788,1578508365851734,0,0,472,428,760,764,0,9,36914.1,194120,74421.4,5538540544.0,2.7,"179215,179258,1530,193512,372,17,192344,9,225,230,714,12,52,18,61,2845,2062,406,9,21,19,104,193755,151,777,194120,128,66,1119,26,1161",52,100.2,524,109.0,11872.9,4.5,"64,60,52,524,52,480,84,52,52,184,52,84,53,176,55,68,80,52,84,53,100,67,68,52,52,84,52,133,52,83,52,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,1,0,1,1,0","4.453177452,5.348397732,4.961856365,7.599962234,4.933627129,7.510960579,5.832557201,4.932822704,4.932822704,6.835141659,4.894361019,5.783250809,5.064501762,6.716285229,5.069335938,5.335089684,5.759187222,4.947339535,5.789087296,5.078744888,6.152247906,5.259534836,5.434425354,4.972088337,5.025067329,5.878987312,5.038779736,6.474194050,4.961856842,5.903718472,5.154969215,4.961856842",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,94.68.55.162,tcp,56674,30303,finished,20,12,1578508365741903,1578508365961141,1578508365961206,0,0,547,504,835,840,0,7,14146.5,75129,28349.9,803714368.0,2.7,"71269,71376,1312,75129,983,32,74778,28,135,90,486,477,192,27,65,15,66,252,9,12,16,87,69614,777,19,69699,729,15,730,7,115",52,105.0,599,126.8,16079.3,4.4,"64,60,52,599,52,556,84,52,52,195,52,69,52,84,53,176,55,68,84,53,100,67,68,52,52,84,52,134,82,52,52,52","15,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1","4.428027153,5.333454132,5.014835358,7.631373405,5.195351601,7.586966038,5.775951385,5.038780212,5.000318050,6.896724224,5.000318527,5.543021202,5.038780212,5.697000027,5.116480827,6.792954922,5.069334984,5.517535210,5.883326530,5.154216766,6.099795818,5.552560806,5.458711624,5.156889439,5.195351124,5.775951862,5.038780212,6.440905094,5.855588436,5.038779736,5.038779736,5.118428230",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,138.75.171.190,tcp,56657,30303,finished,17,15,1578508365226088,1578508365751522,1578508366012044,0,0,539,459,779,523,0,8,42302.9,263115,95827.5,9182917632.0,2.4,"259670,259779,1313,261414,3049,263115,462,422,253,247,161,10,63,22,41,100,13,84,18,22,24,260103,45,20,93,122,13,668,28,8,8",46,91.4,591,121.5,14755.2,4.3,"64,60,52,591,52,511,52,84,52,84,52,84,53,176,55,68,84,53,54,65,68,52,46,46,46,46,46,46,46,46,46,46","13,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1","4.484427452,5.266787052,5.014835358,7.622575283,5.176993370,7.537411690,4.937911987,5.836015701,4.937911987,5.821192741,4.937912464,5.839856625,5.055252075,6.730566502,5.133149624,5.533761024,5.816047192,4.979780197,5.094675064,5.473884583,5.364500046,5.014835358,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398,3.725504398",Mining,42,0,Unsafe,Mining,6,DPI,"22" +1,ip4,192.168.1.184,78.47.147.155,tcp,56673,30303,finished,23,9,1578508365712625,1578508366123630,1578508366123331,0,0,567,347,951,859,0,12,26506.8,285939,65286.3,4262303488.0,2.6,"40373,40438,1542,40906,246535,285939,40615,40605,699,30,144,12,23,360,16,18,29,110,39411,235,883,650,39691,157,36,21,17,63,1098,839,216",52,109.6,619,120.4,14503.6,4.5,"64,60,52,619,52,292,64,399,52,84,53,176,55,68,84,53,100,67,68,52,52,52,116,52,84,53,55,64,68,260,52,84","16,5,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,1,0,0","4.453177452,5.346035480,5.077241421,7.661995411,5.233812809,7.235357285,5.194910049,7.441572666,5.062724113,5.854679585,5.191952705,6.817754745,5.228514671,5.610895157,5.854679585,5.229689121,6.152247906,5.547358990,5.581482887,5.272274494,5.272274494,5.272274494,6.375947475,5.115703106,5.887475491,5.154217243,5.264878273,5.481855392,5.592584610,7.149727345,5.077241421,5.878489017",Mining,42,0,Unsafe,Mining,6,DPI,"22" diff --git a/test/results/flow-analyse/ethernetIP.pcap.out b/test/results/flow-analyse/ethernetIP.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ethernetIP.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/exe_download.pcap.out b/test/results/flow-analyse/exe_download.pcap.out new file mode 100644 index 000000000..aa98fa3a4 --- /dev/null +++ b/test/results/flow-analyse/exe_download.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.9.25.101,144.91.69.195,tcp,49165,80,finished,11,21,1569434051004796,1569434051966172,1569434051966041,0,0,153,1460,153,25896,0,7,62020.0,319527,115050.4,13236601856.0,3.0,"319320,319527,656,1120,298136,10,298579,1555,147,1842,2428,2695,9,4969,246,28639,114,28917,100748,305805,34,11,94,205204,207,207,651,10,7,7,727",40,854.5,1500,668.4,446708.3,4.4,"52,44,40,193,40,1500,1308,40,1404,1404,40,1404,1500,1288,40,1404,1404,1404,40,40,1500,1500,1212,1404,40,1404,40,1500,1500,1500,1116,40","10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,2,0,0,8,0,0,7,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,1,1,0","4.385625362,4.876442909,4.621928215,5.761415958,4.730640888,3.668365002,0.301540941,4.621928692,0.282004327,4.382377148,4.571928501,5.688343048,5.482964993,5.437496185,4.521928310,5.899663925,5.776542664,5.685672760,4.571928501,4.571928501,5.409879208,5.378962994,5.436534882,5.744604588,4.571928978,5.603744507,4.521928787,5.738482952,5.793150902,5.592350006,5.696241856,4.571928978",HTTP,7,0,Acceptable,Download,6,DPI,"4,11,12" diff --git a/test/results/flow-analyse/exe_download_as_png.pcap.out b/test/results/flow-analyse/exe_download_as_png.pcap.out new file mode 100644 index 000000000..7131beddf --- /dev/null +++ b/test/results/flow-analyse/exe_download_as_png.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.9.25.101,185.98.87.185,tcp,49197,80,finished,11,21,1569434903040298,1569434904481632,1569434904508320,0,0,149,1460,149,25916,0,12,93850.2,613012,192589.9,37090865152.0,2.7,"400153,400486,228,717,612677,12,613012,424,482,834,426,507,936,1134,423,1552,361,732,1082,417726,1390,103,419479,654,405,941,2596,154,2784,26602,344",40,855.0,1500,664.6,441668.3,4.4,"52,44,40,189,40,1500,1308,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404,1404,40,1404,1404,40,1404,1404,40,1404,1404","10,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,17,0,0,1,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,0,1,1,0,1,1,0,1,1","4.593450069,4.921897411,4.734183788,5.453228951,4.630641460,3.420540333,0.300011843,4.784183979,0.284853339,4.608477116,4.784183979,4.479417324,3.353007078,4.684184074,3.253508806,3.476947546,4.734183788,4.057516575,5.282192707,4.734183788,5.523138046,4.632616997,4.955163479,4.715311527,4.361701965,2.729017735,4.734184265,6.268059254,4.366500378,4.734183788,4.014078617,2.777677774",HTTP,7,0,Acceptable,Web,6,DPI,"4,12" diff --git a/test/results/flow-analyse/facebook.pcap.out b/test/results/flow-analyse/facebook.pcap.out new file mode 100644 index 000000000..75e0d09fc --- /dev/null +++ b/test/results/flow-analyse/facebook.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.43.18,31.13.86.36,tcp,44614,443,finished,14,18,1472393123550766,1472393124118414,1472393124118402,0,0,517,1388,992,15090,0,193,36622.1,154982,57898.8,3352273664.0,3.3,"132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444",52,555.1,1440,613.3,376153.1,4.1,"60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52","10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0","0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.760014057,5.194312096,5.053297043,6.165235996,5.091758251,6.462422371,5.053297043,5.523866653,7.463335991,6.461145878,5.587870598,5.919519901,5.958845615,5.014835358,7.843218803,7.552490711,5.025067806,7.863905430,7.631061554,5.025067329,7.860723495,7.881686687,5.063529015,7.870133877,7.854965687,5.063529015,7.867281437,7.861505032,5.025067329,7.849763870,7.860621929,5.025067329",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"" diff --git a/test/results/flow-analyse/fastcgi.pcap.out b/test/results/flow-analyse/fastcgi.pcap.out new file mode 100644 index 000000000..3f718f6b1 --- /dev/null +++ b/test/results/flow-analyse/fastcgi.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.0.9,10.0.0.11,tcp,38254,9000,finished,16,16,1280403893598699,1280403895619664,1280403895619673,0,0,1055,1448,1095,14480,0,12,130385.1,2020143,496240.3,246254469120.0,1.0,"169,226,42,67,15,217,77,12,83,12,48,16,2019881,2020143,186,63,52,55,94,90,42,33,32,28,26,27,50,53,34,34,32",52,539.2,1500,672.8,452637.9,3.9,"60,60,52,68,1107,60,52,60,60,52,52,52,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500,52,1500","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,0,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.423614979,4.926749229,4.700937271,4.233195782,6.033331394,4.550921917,4.686420441,4.550921917,4.550921917,4.686420441,4.624014378,4.686420441,4.724881649,7.641661644,4.854783535,7.763941288,4.854784012,7.761142254,4.777860165,7.844599247,4.891996861,7.826266289,4.815073490,7.841456413,4.815073490,7.847429752,4.815073490,7.852382183,4.891996861,7.847055912,4.815073490,7.805794239",FastCGI,310,0,Safe,Network,6,DPI,"" diff --git a/test/results/flow-analyse/firefox.pcap.out b/test/results/flow-analyse/firefox.pcap.out new file mode 100644 index 000000000..8377b570f --- /dev/null +++ b/test/results/flow-analyse/firefox.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.178,146.48.58.18,tcp,51577,443,finished,14,18,1620927997754367,1620927998776498,1620927998804931,0,0,517,1440,1348,15691,0,3,66861.1,576607,148076.5,21926651904.0,2.8,"26706,26798,1311,27344,5752,45,31822,499,455,210977,313,236002,29,1309,26,26092,3,575380,1218,576607,259,117,346,122,123,243,1357,145807,171406,2874,1353",52,585.1,1492,633.0,400627.7,4.1,"64,60,52,569,52,1492,1492,52,758,52,132,438,52,52,355,355,52,52,1492,1492,52,1492,1492,52,1492,1471,52,52,417,52,1492,1492","10,0,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,9,0,0","0,1,0,0,1,1,1,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,1,1","4.428027153,5.266787052,5.014835358,5.174138069,5.162476063,7.842608452,7.864985943,5.014834881,7.695538521,5.053296566,6.283938885,7.435882092,5.085552692,5.008629799,7.300004005,7.376957893,5.014835358,4.976373672,7.887156010,7.855851173,4.976373672,7.868392467,7.877747059,5.014835358,7.872129440,7.861151218,4.961856842,5.014835358,7.429141998,5.124014378,7.843397617,7.882917881",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,51583,443,finished,13,19,1620927998782772,1620927999138109,1620927999138090,0,0,680,1440,1491,17379,0,9,22924.4,231008,52648.8,2771896832.0,3.0,"34406,34489,3261,32258,1506,30479,4158,18595,31638,14,8894,18473,2988,120,21557,203508,231008,997,180,13,28684,187,199,924,71,1013,133,374,19,9,500",52,642.3,1492,649.7,422101.6,4.2,"64,60,52,732,52,312,52,132,402,52,355,52,52,1492,1028,52,433,52,1492,1492,1492,52,1492,52,1492,1492,52,1492,1492,1492,1492,52","9,0,1,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,0,1,0,1,1,0,1,1,1,1,0","4.459277153,5.233453751,5.014835358,7.202944279,5.085553169,7.007672310,4.961856842,6.264141560,7.328972340,5.032574654,7.353322983,5.014835358,5.124014854,7.879932404,7.808946609,4.961856365,7.467625618,5.047091484,7.873059750,7.873151302,7.887775421,4.976373672,7.877523422,5.014835358,7.875070572,7.887982368,4.976373672,7.869130135,7.859514236,7.867089272,7.877560139,5.014835358",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,51588,443,info,14,18,1620927998806443,1620927999167352,1620927999167300,0,0,680,1440,1497,16303,0,19,23282.8,221390,50495.5,2549799168.0,3.1,"27372,27441,16192,42139,1225,27152,10064,34749,19,24715,195798,221390,1843,27432,3443,28677,1090,241,26560,1009,109,1111,130,120,236,127,123,253,261,233,512",52,608.9,1492,649.7,422127.9,4.1,"64,60,52,732,52,312,52,132,52,355,52,419,52,1392,52,422,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52","10,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,10,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.459277153,5.146034718,4.976373672,7.228655815,5.010550499,6.920869827,4.976373672,6.311110497,5.008629799,7.354775429,4.976373672,7.419640064,4.972088814,7.854094028,4.860989094,7.443080425,5.008629799,7.863340855,7.851551056,4.976373672,7.864044666,7.884602547,4.976373672,7.881500721,7.891372204,4.976373672,7.871342182,7.873107433,4.976373672,7.874297619,7.860782623,4.976373672",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,51600,443,info,15,17,1620927999111334,1620927999226479,1620927999226567,0,0,680,1440,1130,16403,0,2,7431.5,29597,10227.7,104605344.0,3.7,"26761,26832,3278,29208,2415,28362,2863,12850,29597,2,13859,11433,1695,114,13236,128,293,994,822,122,164,127,63,168,80,256,81,263,11998,12186,128",52,600.5,1492,660.2,435829.6,4.1,"64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,1492,1492,52,52,1492,1492,52,1492","12,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,0,1","4.377322197,5.220872402,5.014835358,7.213215351,5.008629799,6.968000412,5.014835358,6.313750267,7.425912857,5.085553169,7.267926216,5.014835358,5.008629799,7.858884811,7.871315002,4.976373672,7.877995014,4.931210041,7.875296116,5.053297043,7.839466572,4.931210041,7.867573261,4.976373672,7.859172344,7.851386070,5.014835358,4.892748356,7.876949787,7.858725071,4.976373672,7.891367435",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,51599,443,info,15,17,1620927999109976,1620927999243663,1620927999243600,0,0,680,1440,1130,15696,0,26,8622.9,45603,12422.0,154305440.0,3.6,"28117,28187,5501,31657,1076,27239,20259,3957,45603,1275,22621,2846,3133,147,6125,104,193,162,80,94,95,129,121,148,217,366,254,1527,18636,26,17416",52,578.4,1492,641.5,411570.0,4.1,"64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,1492,1492,52,1492,52,1492,785,52","12,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0","4.428027153,5.200119972,4.976374149,7.195712090,5.085553169,6.972116470,5.014835835,6.221041679,7.470200539,5.008629799,7.370405674,5.014835358,5.124014854,7.847041607,7.873993397,4.976373672,7.857460022,4.854287148,7.870365620,5.053297043,7.837957382,4.931210041,7.879583359,5.053297043,7.881470203,7.859474659,5.014835358,7.886620045,4.892748356,7.869515896,7.724751472,5.014835358",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,51601,443,info,15,17,1620927999112216,1620927999264777,1620927999264937,0,0,680,1440,1509,13869,0,2,9847.8,37388,13420.2,180101408.0,3.6,"28631,28716,7742,37388,1480,31124,2184,12981,31005,84,15910,15394,488,119,15971,252,383,635,139,236,17,375,2,151,475,36484,124,120,36112,183,377",52,533.2,1492,619.5,383804.7,4.0,"64,60,52,732,52,312,52,132,422,52,355,52,52,1492,1492,52,1492,1492,52,1492,1492,398,52,52,52,431,52,1492,1492,52,52,1492","11,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,1,1,0,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0,0,1","4.459277153,5.220872402,5.014835358,7.209626675,5.085553169,7.008624077,5.014835358,6.200282097,7.566779613,5.085553646,7.353106976,5.014835358,5.124014854,7.878056049,7.889544964,5.014835358,7.892714977,7.877523899,5.014835358,7.856287479,7.859073639,7.445496559,4.961856842,4.945419312,4.892748833,7.390010357,5.047091484,7.860656738,7.870811462,5.014835358,4.892748833,7.870283127",,,,,,,,"" diff --git a/test/results/flow-analyse/fix.pcap.out b/test/results/flow-analyse/fix.pcap.out new file mode 100644 index 000000000..80e1de139 --- /dev/null +++ b/test/results/flow-analyse/fix.pcap.out @@ -0,0 +1,6 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,208.245.107.3,192.168.0.20,tcp,4000,45578,finished,16,16,1493755109301176,1493755110311293,1493755110311459,0,0,457,86,1522,86,1,170,65174.2,314954,68088.5,4636038656.0,4.4,"170,209,52428,3585,93980,87569,49399,50741,50707,52796,52875,49653,49630,49737,49707,49456,49402,49750,49791,49981,50005,49926,49930,49589,49596,49797,49760,50218,50168,314891,314954",40,93.1,497,87.5,7658.2,4.6,"79,46,126,155,40,46,497,46,216,46,219,46,129,46,96,46,171,46,98,46,67,46,92,46,67,46,75,46,94,46,67,46","4,6,1,1,1,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.154581547,4.414441109,6.395655632,5.091774940,4.780641556,4.457919598,5.201892376,4.414441109,4.962749958,4.457919598,5.236365318,4.414441109,5.106607437,4.457919598,5.098806381,4.457919598,5.104629040,4.398030281,5.136437416,4.347350597,5.144082069,4.457919598,4.962267876,4.414441109,5.073113441,4.370962620,5.166584492,4.457919598,4.922869682,4.457919598,5.102964401,4.370963097",FIX,230,0,Safe,RPC,6,DPI,"" +1,ip4,8.17.22.31,192.168.0.20,tcp,4000,47968,finished,16,16,1493755109264927,1493755110667807,1493755110668000,0,0,69,87,553,87,1,25,90514.6,300186,84141.6,7079807488.0,4.2,"147,100141,123,100163,124,100018,123,100053,25,99913,99995,100225,100166,100788,100836,300170,29,300186,26,222,17881,82390,142005,200503,158539,99966,99944,398,386,200212,200256",52,72.0,139,23.6,558.3,4.9,"82,52,87,78,52,52,87,86,52,52,78,52,121,52,77,52,91,121,52,52,139,52,91,52,87,52,87,52,76,52,84,52","6,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1","5.351819992,5.248330116,5.436416626,5.363250256,5.103910923,5.156889915,5.413428307,5.384781837,5.115703106,5.168681622,5.321646214,5.132944584,5.563299656,5.209868431,5.466999531,5.248330116,5.438351631,5.219768047,5.118427753,5.132945061,6.504659653,5.091758728,5.478478432,5.209868431,5.454665184,5.171406746,5.204155445,5.209868431,5.232492447,5.209868431,5.401538372,5.132945061",FIX,230,0,Safe,RPC,6,DPI,"" +1,ip4,8.17.22.31,192.168.0.20,tcp,4000,43594,finished,16,16,1493755109242949,1493755111999185,1493755111999341,0,0,188,85,1313,85,1,24,177826.7,291268,112931.7,12753577984.0,4.5,"209,293,265,250589,114,250615,24,223,18233,232135,291268,250073,208970,250691,250733,250586,250560,250658,250654,250671,250658,250632,30,250660,26,251471,251453,249735,249759,250325,250315",52,95.7,240,52.0,2700.5,4.8,"138,52,77,52,91,138,52,52,137,52,155,52,155,52,172,52,155,52,155,52,104,52,240,99,52,52,121,52,189,52,104,52","2,4,3,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1","5.494600296,5.156889439,5.286477566,5.118427753,5.354906082,5.367415428,5.156889915,5.118428230,6.408948421,5.130219936,5.439220428,5.209867954,5.526780605,5.248329639,5.560081959,5.171406746,5.428024292,5.209867954,5.492540359,5.209868431,5.433600426,5.171406746,5.581422329,5.564811230,5.171406746,5.209867954,5.463109970,5.209867954,5.382565022,5.209867954,5.537013054,5.209868431",FIX,230,0,Safe,RPC,6,DPI,"" +1,ip4,208.245.107.3,192.168.0.20,tcp,4000,45584,finished,16,16,1493755109440420,1493755120254899,1493755120295550,0,0,39,87,498,173,1,168,699019.6,5507323,1280900.8,1640706605056.0,3.7,"168,500717,500699,200419,200471,184,89723,210661,340264,500679,460548,5507291,5507323,600979,600971,400442,400455,700964,700990,400404,400386,600557,600559,400806,400807,600830,600822,215,54314,45693,140268",40,63.6,127,21.9,481.2,4.9,"75,46,75,46,79,46,127,40,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,75,46,79,46,126,40,75,46","2,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1","4.945594788,4.398030758,5.188046455,4.398030758,5.199008465,4.457919598,6.476713657,4.730641365,4.962196827,4.457919598,5.241379738,4.501398087,5.161379337,4.501398087,5.025595188,4.457919598,5.052261829,4.457919598,5.214713573,4.457919598,5.224778175,4.501398087,5.241379738,4.457919598,5.025595188,4.501398087,5.249641418,4.501398087,6.379781723,4.730641365,4.998929024,4.457919598",FIX,230,0,Safe,RPC,6,DPI,"" +1,ip4,8.17.22.31,192.168.0.20,tcp,4000,40918,finished,16,16,1493755110328857,1493755130974521,1493755130974683,0,0,81,85,651,170,1,110,1331983.5,4175061,1132458.4,1282462056448.0,4.4,"110,1093319,1093395,599016,598995,1546128,1546141,239,22763,2072709,2137804,913298,870712,442005,442027,3366066,3366054,1195438,1195405,437653,437695,1550229,1550211,211,22417,1711389,1774342,1498173,1457475,4175061,4175010",52,77.7,137,28.5,811.2,4.9,"91,52,112,52,91,52,91,52,137,52,91,52,91,52,112,52,91,52,112,52,91,52,91,52,137,52,91,52,133,52,91,52","2,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1","5.567693233,5.103910923,5.539355278,5.053297043,5.492160797,5.118427753,5.446647644,5.118427753,6.341468334,5.115703106,5.351537228,5.171406269,5.539231300,5.171406746,5.445882797,5.171406746,5.442563534,5.118428230,5.588550091,5.209868431,5.417931080,5.209867954,5.425766945,5.132945061,6.498472691,5.168681622,5.496372223,5.094483376,5.470992565,5.171406269,5.501759529,5.171406746",FIX,230,0,Safe,RPC,6,DPI,"" diff --git a/test/results/flow-analyse/fix2.pcap.out b/test/results/flow-analyse/fix2.pcap.out new file mode 100644 index 000000000..bde7533ad --- /dev/null +++ b/test/results/flow-analyse/fix2.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.101.0.2,10.102.0.2,tcp,34962,1024,finished,14,18,1614758889588862,1614758889589960,1614758889589962,0,0,106,120,669,911,0,0,70.9,652,159.2,25335.5,3.1,"641,652,12,92,71,9,33,29,203,208,31,32,5,2,23,28,2,2,8,8,11,13,25,23,5,0,4,9,5,7,5",46,92.6,160,46.7,2179.9,4.8,"48,48,46,125,48,46,133,130,46,138,130,138,132,46,46,133,46,46,46,138,46,160,143,160,46,46,46,46,143,133,146,138","7,0,4,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,3,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,1,1,0,1,0,1,1,1,0,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1","3.876627445,4.502165794,3.795586109,5.147858620,4.543832302,3.752108097,5.214525223,5.327383041,4.032184124,5.397408485,5.326416016,5.390491009,5.234700680,4.032184124,4.032184124,5.214525223,3.795585871,4.032184601,3.795585871,5.411900997,3.795585871,5.292957783,5.260262489,5.336493969,3.795586109,4.032184124,3.988706112,4.032184124,5.260262489,5.196290016,5.370437145,5.404983521",FIX,230,0,Safe,RPC,6,DPI,"" +1,ip4,10.101.0.2,10.102.0.9,tcp,34963,1024,finished,14,18,1614758889589020,1614758889590049,1614758889590048,0,0,106,120,762,801,0,0,66.4,570,137.8,18986.0,3.3,"568,570,2,146,145,106,1,105,2,16,6,26,48,7,14,19,2,2,18,19,48,49,27,0,12,37,4,6,27,0,25",46,92.0,160,46.1,2122.5,4.8,"48,48,46,125,133,130,138,48,46,130,46,46,138,132,46,133,46,138,46,160,143,133,146,46,46,46,146,148,130,46,46,46","6,0,5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,3,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,0,1,1,1,0,1,1,0,1,0,1,0,1,0,1,1,1,0,1,0,1,1,0","3.944233894,4.517892838,3.795586348,5.115859032,5.169412613,5.333189964,5.351288795,4.517892838,3.795586109,5.341800690,4.032184601,4.032184124,5.369617462,5.205471516,4.075662613,5.190125942,3.839064360,5.365781307,3.839064360,5.331775665,5.255437374,5.190015793,5.411532879,4.075662613,4.075662613,4.075662613,5.397834301,5.453368664,5.342391014,4.075662136,4.075662613,3.839064121",FIX,230,0,Safe,RPC,6,DPI,"" diff --git a/test/results/flow-analyse/forticlient.pcap.out b/test/results/flow-analyse/forticlient.pcap.out new file mode 100644 index 000000000..99ab4ddb6 --- /dev/null +++ b/test/results/flow-analyse/forticlient.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.178,82.81.46.13,tcp,61820,10443,finished,19,13,1621067209199710,1621067210297694,1621067210301240,0,0,530,1440,1845,4568,0,39,70952.1,495036,111597.5,12454002688.0,3.7,"62553,62662,2345,64550,19935,1929,84016,11197,85323,74192,429584,495036,65428,84550,160241,75696,71555,6274,142878,591,65604,251,221,2934,4011,39,64164,57249,427,3990,89",52,253.0,1492,343.0,117623.0,4.1,"64,60,52,365,52,1492,1033,52,210,294,52,582,827,52,348,923,52,343,99,52,99,52,99,52,99,117,103,99,52,99,111,111","9,4,1,0,1,0,0,0,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,0,0,0,1,0,0,1,1","4.410132408,5.346732616,5.038779736,6.080028534,5.156889915,7.061070919,7.727006912,5.115703106,6.685589790,7.192217827,5.038779736,7.622327805,7.737955093,5.115703106,7.355971813,7.761943817,5.077241421,7.386271954,5.969920158,5.233812809,6.092373371,5.154164791,6.132777691,5.070539474,6.022900581,6.156826973,6.011271954,6.160604477,5.115703106,6.070930004,6.207380772,6.322289944",TLS.FortiClient,91.259,1,Safe,VPN,5,DPI (cache),"5,15" diff --git a/test/results/flow-analyse/ftp-start-tls.pcap.out b/test/results/flow-analyse/ftp-start-tls.pcap.out new file mode 100644 index 000000000..2e194d592 --- /dev/null +++ b/test/results/flow-analyse/ftp-start-tls.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.238.26.36,10.220.50.76,tcp,62092,21,info,9,23,1383123629078448,1383123629152654,1383123629153383,0,0,330,512,609,3206,0,2,4811.0,40376,9556.7,91331016.0,3.2,"415,134,1253,15030,72,17807,3947,60,788,5,4347,3279,113,1027,2,8,2,118,3,2582,8520,40376,68,34737,4456,749,2222,1775,305,2738,2203",46,160.9,552,164.2,26956.4,4.4,"46,46,46,46,113,113,50,46,46,71,71,190,46,46,552,552,255,552,552,255,46,370,91,91,77,122,122,77,122,122,85,130","4,3,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,7,0,0,0,2,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,1,0,1,1,1,1,0,1,1,1,1,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1","4.174477577,4.816402912,4.816402912,4.390829086,5.377844810,5.377844810,4.955727100,4.347350597,4.347350597,5.319664001,5.319664001,5.167058468,4.434307098,4.434307098,6.822389126,7.154568672,6.962697506,6.822389126,7.151652813,6.962697029,4.544876099,7.242094517,5.879006863,5.879006863,5.747309208,6.191079140,6.207472801,5.766408920,6.279234409,6.279234409,5.962334156,6.287871361",,,,,,,,"" diff --git a/test/results/flow-analyse/ftp.pcap.out b/test/results/flow-analyse/ftp.pcap.out new file mode 100644 index 000000000..7fa5ffb12 --- /dev/null +++ b/test/results/flow-analyse/ftp.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.212,90.130.70.73,tcp,50694,21,finished,18,14,1552590234892296,1552590235175924,1552590235202548,0,0,30,241,86,532,0,6,19157.4,90047,20644.4,426190272.0,4.1,"27412,27520,29008,29012,526,27660,315,27401,217,69061,21193,90047,306,27070,21,26780,133,26972,64,26857,6,275,27478,27261,90,29,651,27147,26517,90,26761",52,71.9,293,42.7,1824.0,4.8,"64,60,52,72,52,68,52,86,52,65,52,75,52,57,52,86,52,58,67,117,52,52,63,96,52,293,52,82,74,52,57,86","18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,4,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1","4.219557285,5.306893826,4.854784012,5.580945969,4.891996861,5.392103672,5.192626476,5.723867416,4.853535175,5.160228252,5.115703106,5.653334618,4.853535175,5.038432598,5.038779736,5.595732212,4.829590797,5.029721737,5.522709370,5.304079056,4.891996861,4.891996861,5.214752197,5.731670380,4.891996861,5.029207230,4.891996861,5.558178902,5.555310249,4.891996861,5.073520184,5.687595367",FTP_CONTROL,1,0,Unsafe,Download,6,DPI,"22" +1,ip4,192.168.1.212,90.130.70.73,tcp,50696,24523,info,13,19,1552590241545143,1552590241637688,1552590241639633,0,0,0,1440,0,24480,0,2,6033.4,29579,11108.9,123407192.0,3.1,"28770,28814,29579,29566,281,284,597,608,340,458,790,363,375,64,327,2,379,43,300,27513,27767,195,211,1702,115,4,1805,1866,1903,218,1796",52,818.0,1492,717.5,514855.0,4.3,"64,60,52,1492,64,1492,52,1492,52,1492,1492,52,1492,52,1492,1492,1492,52,52,1492,1492,52,1492,52,1492,1492,52,52,1492,52,1492,1492","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0","0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,1,1,1,0,1,0,1,1","4.309056282,5.300120831,4.882569313,0.368800014,5.022979736,0.368800014,4.955154896,0.368800014,4.829590797,0.368800014,0.368800014,4.916693211,0.368800014,4.829590797,0.368800014,0.368800014,0.367459536,4.916693211,4.829590797,0.367459506,0.360797286,4.878231525,0.368800014,4.829590797,0.367459536,0.367459536,5.171406746,4.955154896,0.367459536,4.829590797,0.367459536,0.368800014",,,,,,,,"" diff --git a/test/results/flow-analyse/ftp_failed.pcap.out b/test/results/flow-analyse/ftp_failed.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ftp_failed.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/fuzz-2006-06-26-2594.pcap.out b/test/results/flow-analyse/fuzz-2006-06-26-2594.pcap.out new file mode 100644 index 000000000..72e07973f --- /dev/null +++ b/test/results/flow-analyse/fuzz-2006-06-26-2594.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.2,192.168.1.255,udp,137,137,finished,32,0,1120469540839312,1120470161396896,1120469540839312,42,0,50,0,1592,0,0,741823,20017986.0,47494748,22627942.0,512023754440704.0,3.9,"746308,47494748,744583,751092,46512252,745680,46548540,1500555,45837567,749435,751083,46756478,741823,751085,45987992,749213,47479804,47268139,749384,47257959,751080,46297871,749788,46627979,750158,751078,45907667,749430,751084,46347688,750041",78,78.0,78,0.0,0.0,5.0,"78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.275660515,4.184385777,4.229382992,4.337641239,4.229382992,4.245346546,4.229382992,4.275660515,4.299727440,4.275660515,4.292109013,4.275660515,4.337901115,4.229382992,4.229382992,4.203742027,4.250019550,4.178100586,4.229382992,4.255024433,4.194064140,4.238767147,4.229382992,4.325850487,4.194064140,4.194064140,4.264408588,4.321938515,4.255024433,4.256044388,4.229382992,3.185813189",NetBIOS,10,0,Acceptable,System,6,DPI,"" +1,ip4,212.242.33.35,192.168.1.2,udp,5060,5060,finished,10,22,1120469572981006,1120470268128176,1120470473529233,306,0,593,1076,4595,6254,0,25935,51474044.0,279041814,59389388.0,3527099352612864.0,4.2,"17474795,107207461,89874891,17280679,167478647,167525220,17335822,73902652,91241081,17333170,25935,17724998,29031776,29092737,68237242,29272359,29031830,29031631,29031476,18604480,279041814,227102,15287489,17115049,32679444,257340,76383084,29031077,58063525,24495477,17375114",33,367.0,1104,296.2,87757.2,4.4,"514,374,495,514,708,514,708,519,514,708,334,498,33,33,33,33,33,33,33,33,853,621,368,33,1104,473,363,33,33,33,466,701","0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,0,0,0,2,0,0,1,1,0,0,0,0,0,0,4,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,0,1,0,0,1,0,0,1,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1","5.828991890,5.782027245,5.782989502,5.772095203,5.761000156,1.504078388,3.362369776,2.947608709,5.765282631,4.114200115,5.769235611,3.191431999,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,5.808829308,5.790666103,5.744666100,4.098355293,1.549071550,5.804477692,4.601107121,4.098355293,4.037749290,4.098355293,3.348246098,2.334293365",SIP,100,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/fuzz-2006-09-29-28586.pcap.out b/test/results/flow-analyse/fuzz-2006-09-29-28586.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/fuzz-2006-09-29-28586.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/fuzz-2020-02-16-11740.pcap.out b/test/results/flow-analyse/fuzz-2020-02-16-11740.pcap.out new file mode 100644 index 000000000..f5598e1b2 --- /dev/null +++ b/test/results/flow-analyse/fuzz-2020-02-16-11740.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.12.64.30,198.226.25.53,udp,29200,1812,finished,18,14,1528996068129675,1528997019398709,1528997011828903,655,0,703,276,12258,2595,0,155168,61128012.0,612411195,140850256.0,19838793242640384.0,2.7,"155168,452627740,595449,114837328,612411195,44261470,205164,4046522,4037802,201918,4553249,187053,43562433,202627,48502104,3244519,3442366,3335821,3536360,209147,201397,255983176,256164296,599645,6262990,492548,7309633,8000538,8015324,522347,7260933",165,492.2,731,248.2,61618.1,4.8,"683,243,225,304,225,731,165,683,165,683,192,731,683,731,683,192,165,683,731,165,683,192,731,225,711,731,711,304,731,225,711,731","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,4,3,5,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,1,0,1,0,0","6.047428131,2.762376308,6.336006641,6.922207832,6.356189251,5.597228050,5.971614838,6.076896191,5.962701321,0.885235786,6.148619175,6.046576977,6.067515373,2.928206921,4.093657970,6.062733173,5.981721401,6.049886227,6.077444077,5.974218369,5.025151253,6.080809116,6.063514709,6.407587528,5.992080212,6.077442646,5.517450333,6.840845585,6.115455151,6.520883560,5.811926842,4.154052258",Radius,146,0,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/fuzz-2021-06-07-c6c72a0a56.pcap.out b/test/results/flow-analyse/fuzz-2021-06-07-c6c72a0a56.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/fuzz-2021-06-07-c6c72a0a56.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/fuzz-2021-10-13.pcap.out b/test/results/flow-analyse/fuzz-2021-10-13.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/fuzz-2021-10-13.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/genshin-impact.pcap.out b/test/results/flow-analyse/genshin-impact.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/genshin-impact.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/git.pcap.out b/test/results/flow-analyse/git.pcap.out new file mode 100644 index 000000000..59318415a --- /dev/null +++ b/test/results/flow-analyse/git.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.77,5.153.231.21,tcp,47991,9418,finished,13,19,1460821630164056,1460821630544728,1460821630545903,0,0,527,2880,605,19825,0,29,24597.4,99851,28614.0,818762240.0,3.8,"57902,57964,60,56073,43848,99851,54739,54730,537,49455,48900,45519,29,17836,63404,1849,203,2031,860,202,1063,209,208,710,439,1139,50571,205,50785,547,651",52,690.9,2932,773.9,598945.8,4.1,"60,60,52,121,52,253,52,948,52,579,52,61,52,60,1492,52,1492,1492,52,1492,1492,52,2932,52,1492,1492,52,1492,1492,52,1492,1492","11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,1","0,1,0,0,1,1,0,1,0,0,1,0,1,1,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1","4.739262104,5.279368877,5.115703106,5.628006458,5.195351124,5.731617451,5.115702629,4.962421417,5.154164791,5.045848370,5.195351601,5.288749218,5.233812809,5.389901161,4.890160084,5.154164791,6.262699604,7.849300385,5.154164791,7.861139297,7.866855145,5.154164791,7.887691021,5.024262905,7.851975918,7.853373528,5.154164791,7.871936798,7.800623894,5.115703106,7.834641933,7.837094784",Git,226,0,Safe,Collaborative,6,DPI,"" diff --git a/test/results/flow-analyse/gnutella.pcap.out b/test/results/flow-analyse/gnutella.pcap.out new file mode 100644 index 000000000..90e367ca7 --- /dev/null +++ b/test/results/flow-analyse/gnutella.pcap.out @@ -0,0 +1,9 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.2.15,75.133.101.93,tcp,50285,52367,finished,13,19,88704875,100541304,100658601,0,0,599,1460,1036,10762,0,68,767424.4,8796467,2113226.8,4465727373312.0,2.6,"111774,112031,223,580,122233,123811,1735,510239,510348,125373,7027,133055,508500,509079,643423,701863,8737919,8796467,643884,78,644721,118605,2969,121592,121581,84,121516,120907,68,120959,117511",40,409.2,1500,491.7,241767.6,4.1,"52,44,40,639,40,652,90,40,353,40,182,423,40,68,40,449,40,86,40,1500,1052,40,640,1488,40,1500,628,40,1500,628,40,640","9,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1","4.585552692,4.823068142,4.680641651,5.822128773,4.621928692,5.725380421,5.587119579,4.671928883,7.096185207,4.621928692,6.667861462,7.368043423,4.680641651,5.340273857,4.621928692,7.401152134,4.780641556,5.582901478,4.621928692,7.849462032,7.784356117,4.730641365,7.643722534,7.861162663,4.730641365,7.864004135,7.644542217,4.680641174,7.856564045,7.631118298,4.680641174,7.673601151",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" +1,ip4,10.0.2.15,104.156.226.72,tcp,50284,53258,finished,16,16,88704150,101062565,101062734,0,0,600,1024,1062,6684,0,1,797322.6,8218469,1970792.9,3884024594432.0,2.9,"128313,128710,372,938,178629,178799,1,501219,501471,98390,140683,469376,511641,1190983,1233531,8175797,8218469,772334,828075,95677,89547,96875,110099,405396,409608,95445,89124,2830,63380,645,642",40,282.6,1064,381.8,145784.6,3.9,"52,44,40,640,40,668,90,40,353,40,574,40,68,40,442,40,86,40,1064,40,1064,40,1064,40,1064,40,1064,40,55,40,50,40","12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,0,1,0,1","4.662476063,4.732159138,4.630641460,5.806861401,4.521928787,5.724582195,5.627513409,4.621928692,7.193869114,4.621928692,7.467946053,4.730641842,5.399097443,4.571928978,7.330091953,4.730641365,5.719189644,4.621928692,7.801183701,4.730641365,7.783223152,4.680641174,7.789729118,4.730641365,7.787688255,4.730641365,7.814134598,4.680641651,4.944017887,4.621928692,4.859469414,4.621928692",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" +1,ip4,10.0.2.15,104.238.172.250,tcp,50312,23548,finished,16,16,90745963,101065402,101065057,0,0,601,628,1115,1487,0,346,665759.1,8692014,2110974.0,4456211546112.0,1.9,"30928,31210,439,818,29157,31647,2471,501745,502012,17074,17362,35097,479690,480352,544167,592641,8643736,8692014,619,570,563,598,427,387,461,428,346,360,379,396,439",40,121.8,668,170.0,28912.7,4.1,"52,44,40,641,40,668,90,40,353,40,182,370,40,67,40,427,40,94,40,50,40,50,40,50,40,50,40,50,40,50,40,50","12,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,1,0,0,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.492582321,4.720129013,4.521928787,5.809185505,4.508695602,5.773917675,5.619303703,4.558695793,7.143177032,4.389823914,6.687948704,7.327623844,4.671928406,5.289166927,4.558695793,7.411965370,4.621928692,5.812307358,4.489823818,4.722780704,4.489823818,4.682780743,4.489823818,4.722780704,4.489823818,4.722780704,4.439823627,4.722780704,4.489823818,4.722780704,4.489823818,4.642780781",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" +1,ip4,10.0.2.15,69.118.162.229,tcp,50327,46906,finished,10,22,114930255,119175893,120208521,0,0,533,1460,533,25332,0,19,307222.7,1138736,463516.9,214847930368.0,3.3,"108990,109470,822,1560,1123233,14904,1138736,509,4088,37,4418,993404,175,19,291,993807,142,988894,159,41,989074,4759,4845,1004141,96,26,62,1004324,1027632,5162,84",40,848.8,1500,665.4,442787.6,4.4,"52,44,40,573,40,834,1500,40,1500,1500,104,40,1500,1500,1500,898,40,40,1500,1500,1500,40,898,40,1500,1500,1500,898,40,1500,1500,1500","9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,1,1,0,1,1,1,0,1,1,1,1,0,0,1,1,1,0,1,0,1,1,1,1,0,1,1,1","4.609497547,4.578639030,4.630641460,5.871806145,4.521928787,5.952865124,0.550871491,4.780641079,0.258170635,0.344010741,2.390491486,4.730641365,0.581234336,0.509969771,0.584714293,5.567255974,4.730641365,4.780641079,7.829332829,7.753004074,7.739068508,4.630640984,7.696638107,4.680641174,7.725103855,7.755664349,7.761345387,7.697982311,4.780641079,7.769303799,7.739727497,7.769325733",HTTP.Gnutella,7.35,0,Potentially Dangerous,Media,6,DPI,"5,12,22" +1,ip4,10.0.2.15,188.61.52.183,tcp,50300,11852,finished,16,16,90742816,121143186,117002254,0,0,599,1460,1696,3374,0,49,1827735.8,13801588,3934254.5,15478358540288.0,2.8,"17190,17418,3506,3946,14197,14999,687,2797,2855,25798,49,26144,8990,9323,15893,71757,495574,483536,221196,265159,15579,77266,487598,467678,9468962,9510672,13760964,13801588,1593559,1633954,4140974",40,198.9,1500,294.0,86413.1,4.0,"52,44,40,639,40,699,111,40,304,40,1500,180,40,166,40,91,40,219,40,404,40,387,40,507,40,115,40,111,40,176,40,101","8,1,2,1,1,0,0,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,1,0,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0","4.624014378,4.823068142,4.780641079,5.806199551,4.621928692,5.719610691,5.576837540,4.671928883,5.283092022,4.671928883,7.655467510,6.721651554,4.721928596,6.328861237,4.558695793,5.166602612,4.830641270,6.855683327,4.780641556,7.482919216,4.671928883,7.395811558,4.730640888,7.500388622,4.830641270,5.985765934,4.621928692,5.830484867,4.830641270,6.691635132,4.621928692,5.872485161",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" +1,ip4,10.0.2.15,189.147.72.83,tcp,50328,26108,finished,11,21,114930776,123432179,124445371,0,0,538,1460,538,22968,0,42,581161.2,1214808,505873.5,255907954688.0,4.2,"193649,195345,1788,3675,1208824,5559,69,1214808,993314,122,993548,1040345,116,1040488,1001310,128,1001514,998194,120,998177,1008259,218,1008532,1046807,141,1046873,1000209,118,1000330,1013376,42",40,775.1,1500,623.9,389219.0,4.4,"52,44,40,578,40,846,1500,326,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132,40,1500,1132","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1","4.624014378,4.777613640,4.730640888,5.858736038,4.571928978,5.938837528,7.826196671,7.250766277,4.730641365,7.843273640,7.780950546,4.780641079,7.843047142,7.798923969,4.780641079,7.867131710,7.830142498,4.671928406,7.858473778,7.796208858,4.780641079,7.826694965,7.757758141,4.730641365,7.853250504,7.817744732,4.780641079,7.872528076,7.809401989,4.780641079,7.820863247,7.791663170",HTTP.Gnutella,7.35,0,Potentially Dangerous,Media,6,DPI,"5,12,22" +1,ip4,10.0.2.15,109.214.154.216,tcp,50248,6346,finished,14,18,71205274,117002547,132821508,0,0,304,1024,705,2420,0,1091,3464951.8,22684647,6255594.5,39132462055424.0,3.3,"399865,400165,2576,3065,879170,880284,1091,343284,15848,359592,3003,2180,5087,145122,145627,10048654,10048652,469496,2676,472723,3557750,3604090,6175326,6222212,413766,464528,22633783,22684647,605343,604983,15818919",40,138.2,1064,217.4,47264.8,4.0,"52,44,40,344,40,323,143,40,118,762,40,53,58,40,149,40,104,40,1064,45,40,122,40,70,40,213,40,52,40,123,40,62","9,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,2,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,1,1,0,0,1,0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1","4.638531685,4.760457039,4.611769199,5.768550396,4.503056526,5.575543404,5.615631580,4.553056717,5.640929699,7.709812641,4.680641174,4.708038807,4.874885082,4.592897415,6.317804813,4.453056812,5.923436165,4.453056812,7.776337624,4.335103989,4.830641270,6.163827896,4.780641556,5.454720020,4.621928692,6.573338509,4.730640888,4.776329994,4.621928692,6.159438610,4.571928978,4.925578117",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" +1,ip4,10.0.2.15,86.208.180.181,tcp,50249,45883,finished,16,16,71205609,187576304,187064352,0,0,303,1065,713,3012,0,276,7491272.5,55455380,14262251.0,203411798622208.0,3.2,"106993,107336,276,805,178388,179820,1439,41004,98031,375723,432936,10046845,10046768,42293,94463,6595038,6594815,3591919,3643921,39217,93460,24009088,24063297,605105,604823,14641110,23768,14665256,55396943,55455380,453178",40,156.9,1105,244.6,59812.5,4.0,"52,44,40,343,40,323,143,40,912,40,149,40,104,40,1105,40,200,40,70,40,189,40,52,40,123,40,64,489,40,50,40,49","11,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,1,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,0,0","4.624014378,4.624093533,4.730641365,5.758390427,4.553056717,5.558244705,5.696007252,4.621928692,7.730160713,4.830641270,6.349717140,4.521929264,5.981128693,4.571928978,7.767892838,4.780641556,6.727245331,4.730641365,5.454720020,4.603056908,6.642654419,4.780641079,4.853253365,4.671928883,6.256999493,4.671928883,5.061660290,7.508594036,4.830641270,4.642780781,4.780641556,4.618614674",Gnutella,35,0,Potentially Dangerous,Download,6,DPI,"22" diff --git a/test/results/flow-analyse/google_ssl.pcap.out b/test/results/flow-analyse/google_ssl.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/google_ssl.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/googledns_android10.pcap.out b/test/results/flow-analyse/googledns_android10.pcap.out new file mode 100644 index 000000000..dc1eb4a21 --- /dev/null +++ b/test/results/flow-analyse/googledns_android10.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.159,8.8.4.4,tcp,48048,853,finished,16,16,1592552826036505,1592552827147738,1592552827146388,0,0,159,1418,1042,5862,0,99,71648.9,447414,121761.7,14825912320.0,3.5,"12824,14641,349,14827,16165,1147,99,31089,1039,512,12517,28602,36858,41216,19219,12546,6221,5033,24265,307087,326211,13788,74283,386701,447414,5048,23824,155667,173706,5036,23182",52,268.2,1470,356.7,127227.7,4.1,"60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,211,551,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52","9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,0,1,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0","4.326680183,5.023234367,4.955651283,5.448351860,4.985801220,7.066713810,7.519642353,7.136388302,5.063529015,5.025067329,5.063529015,6.146316528,7.108041286,6.700643539,4.985801220,6.774869442,7.568095207,4.947339535,7.581867695,5.078046322,6.760867119,5.062724590,7.546683311,5.078046322,6.761339188,4.972088814,7.559946537,5.078046322,6.814634323,4.964581966,7.566140175,5.078046322",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"15" +1,ip4,192.168.1.159,8.8.4.4,tcp,48098,853,finished,16,16,1592552878549677,1592552881411235,1592552881429656,0,0,517,499,1522,3141,0,79,185210.9,1253719,341703.1,116761001984.0,3.2,"12746,14119,899,14919,79,14194,1137,19603,19131,13753,1318,58447,651251,714961,3808,23304,1234142,1253719,12532,32716,484043,503710,3783,30780,265369,292430,20267,12603,11759,7400,12615",52,198.2,569,197.9,39161.3,4.4,"60,60,52,569,52,199,52,103,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,551,52,211,52,211,551,52,52,551","8,1,0,0,6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,1,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,1","4.235814571,4.852156162,4.801308155,6.238618374,4.739399433,6.089945793,4.839769840,5.473562241,4.801805496,6.831297874,4.671903133,7.530720711,4.839769840,6.775491714,4.763343334,7.509344101,4.801308155,6.680355549,4.891996861,7.580490112,4.947339535,6.744199276,4.770353794,7.577538013,4.860989094,6.758264065,4.878231525,6.768933296,7.616032600,4.884933472,4.916693211,7.554844856",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"15" +1,ip4,192.168.1.159,8.8.4.4,tcp,48210,853,finished,16,16,1592553007037028,1592553013061132,1592553013091250,0,0,159,1418,1042,5862,0,78,389623.4,5703762,1387530.2,1925240193024.0,1.5,"14386,41870,9180,49912,17551,119,78,32502,535,103,15369,30822,15661,19948,22571,85476,5640736,5703762,20528,7552,6167,13685,17563,31103,85377,103703,33240,18803,6257,16181,17586",52,268.2,1470,356.7,127227.7,4.1,"60,60,52,206,52,1470,1470,291,52,52,52,145,344,211,52,551,52,211,52,211,551,52,52,551,52,211,52,211,551,52,52,551","9,0,1,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,1,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,1","4.338340282,5.027645111,4.884933472,5.431665897,4.776611805,7.047077656,7.517809868,7.078123569,4.923395157,4.961856842,4.884933472,5.934261322,7.043113232,6.764406681,4.891996861,7.507923126,5.000318527,6.783365250,4.853535175,6.745207787,7.564836025,4.961856842,4.815073490,7.579652309,4.808010578,6.780797958,4.587473392,6.752651691,7.539085865,4.961856842,4.878231525,7.529703617",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"15" diff --git a/test/results/flow-analyse/gquic.pcap.out b/test/results/flow-analyse/gquic.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/gquic.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/gre_no_options.pcapng.out b/test/results/flow-analyse/gre_no_options.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/gre_no_options.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/gtp_c.pcap.out b/test/results/flow-analyse/gtp_c.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/gtp_c.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/gtp_false_positive.pcapng.out b/test/results/flow-analyse/gtp_false_positive.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/gtp_false_positive.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/gtp_prime.pcapng.out b/test/results/flow-analyse/gtp_prime.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/gtp_prime.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/h323-overflow.pcap.out b/test/results/flow-analyse/h323-overflow.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/h323-overflow.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/h323.pcap.out b/test/results/flow-analyse/h323.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/h323.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/hangout.pcap.out b/test/results/flow-analyse/hangout.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/hangout.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/hpvirtgrp.pcap.out b/test/results/flow-analyse/hpvirtgrp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/hpvirtgrp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/hsrp0.pcap.out b/test/results/flow-analyse/hsrp0.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/hsrp0.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/hsrp2.pcap.out b/test/results/flow-analyse/hsrp2.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/hsrp2.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/hsrp2_ipv6.pcapng.out b/test/results/flow-analyse/hsrp2_ipv6.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/hsrp2_ipv6.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/http-crash-content-disposition.pcap.out b/test/results/flow-analyse/http-crash-content-disposition.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/http-crash-content-disposition.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/http-lines-split.pcap.out b/test/results/flow-analyse/http-lines-split.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/http-lines-split.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/http-manipulated.pcap.out b/test/results/flow-analyse/http-manipulated.pcap.out new file mode 100644 index 000000000..73600a96d --- /dev/null +++ b/test/results/flow-analyse/http-manipulated.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.20,192.168.0.7,tcp,33684,8080,finished,16,16,946729142063151,946729142137590,946729142137635,0,0,386,5840,721,44377,0,7,4804.0,73065,17898.4,320351264.0,1.2,"227,236,111,336,193,414,72850,73065,187,402,51,53,13,9,38,39,116,116,52,52,10,8,43,47,49,47,9,7,46,48,49",40,1450.4,5880,1938.5,3757919.5,3.7,"52,52,40,426,46,617,40,375,46,2960,40,4420,40,2960,40,4420,40,1500,40,4420,40,2960,40,4420,40,1500,40,5880,40,5880,40,2960","14,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,10","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.593450069,4.752667427,4.730641365,5.668842793,4.347350597,5.745784283,4.730641365,5.579823494,4.347351074,7.830016136,4.680641174,7.888666153,4.730641365,7.823786259,4.621928692,7.852690220,4.680641174,7.708244801,4.730641842,7.858263493,4.730641365,7.790898323,4.730641842,7.845959663,4.630641460,7.734711647,4.630641460,7.881909370,4.680641651,7.903243542,4.680641174,7.864356995",HTTP,7,0,Acceptable,Web,6,DPI,"5" diff --git a/test/results/flow-analyse/http-proxy.pcapng.out b/test/results/flow-analyse/http-proxy.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/http-proxy.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/http_auth.pcap.out b/test/results/flow-analyse/http_auth.pcap.out new file mode 100644 index 000000000..272fa8914 --- /dev/null +++ b/test/results/flow-analyse/http_auth.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.4,192.254.189.169,tcp,54337,80,finished,14,18,1381844050222515,1381844057134728,1381844055865656,0,0,739,1448,739,17637,0,139,405011.4,4861829,1193509.9,1424465723392.0,2.2,"180032,180140,139,193993,206403,1322,401505,596,594,735,724,4027,4555,8666,4603,3019,7560,3303,5323,8621,158972,3971,162953,3627,4243,7859,2612,2607,4861805,4861829,1269016",52,626.9,1500,665.6,443042.2,4.1,"64,60,52,791,52,1500,537,52,131,52,274,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,1500,1500,52,975,52,52,52,52","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,1,0,0","4.441382408,5.118823051,5.130219936,5.854406357,5.046594620,5.442737579,5.621041775,5.077241421,5.402398586,5.024262905,5.623777390,5.077241421,5.441255569,5.120078564,4.955154419,5.048518181,5.069016457,5.130219936,5.089414597,5.056834221,5.053296566,5.097548008,5.174168587,5.115702629,5.356103420,5.382487297,5.046594620,5.653643131,5.038779736,5.046595097,5.130219936,5.085056305",HTTP,7,0,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/http_connect.pcap.out b/test/results/flow-analyse/http_connect.pcap.out new file mode 100644 index 000000000..3544d53ab --- /dev/null +++ b/test/results/flow-analyse/http_connect.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.146,151.101.2.132,tcp,35968,443,finished,16,16,1631454722867862,1631454722915624,1631454722915766,0,0,517,1384,1070,14818,0,14,3086.0,16011,4867.3,23690602.0,3.4,"8850,8886,2829,11347,7507,16011,65,50,21,19,18,33,7291,458,15010,14,4004,11279,678,666,42,41,26,25,27,27,115,115,31,32,149",52,549.0,1436,627.7,394029.6,4.0,"60,60,52,569,52,1436,52,1436,52,1436,52,971,52,116,541,52,52,111,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436,52,1436","13,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.679967880,5.108291149,5.100070000,5.268876553,5.138531685,7.847479820,5.061608315,7.859804630,5.061608315,7.874018669,5.061608315,7.772319317,5.061608315,6.130341530,7.577058315,5.047091484,5.047091484,6.133301258,5.100070000,7.864048481,5.100070000,7.878256798,5.100070000,7.852052212,5.061608315,7.879714489,5.100070000,7.869248867,5.023146629,7.862973690,5.100070000,7.856719017",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.103,192.168.1.146,tcp,1714,8080,finished,14,18,1631454722864133,1631454722971434,1631454722971505,0,0,517,5536,1512,22723,0,4,6924.9,53379,12836.3,164771856.0,3.4,"32,2664,352,3052,9578,12352,2730,16207,17263,6110,7163,474,478,42,22,11387,743,133,163,12593,29,193,4,101,98,705,4022,50186,53379,1210,1208",40,799.0,5576,1594.6,2542806.0,3.2,"52,52,46,243,40,116,557,40,5111,46,104,40,210,40,359,40,99,5576,2808,1424,71,46,40,46,5576,1424,949,46,173,40,115,40","7,0,2,0,1,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,4","0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1","4.439885139,4.777055740,4.478915215,5.741591930,4.562815189,5.677224636,5.225388527,4.612814903,7.961506844,4.522394180,6.123366356,4.662815094,7.000855446,4.662815094,7.384087086,4.612815380,5.976536274,7.968001366,7.926353455,7.858606339,5.619441509,4.435437202,4.593943596,4.462504864,7.966147423,7.859233379,7.772559643,4.522394180,6.695012093,4.662815094,6.320215225,4.662815094",HTTP_Connect,130,0,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/http_guessed_host_and_guessed.pcapng.out b/test/results/flow-analyse/http_guessed_host_and_guessed.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/http_guessed_host_and_guessed.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/http_ipv6.pcap.out b/test/results/flow-analyse/http_ipv6.pcap.out new file mode 100644 index 000000000..8479c67b1 --- /dev/null +++ b/test/results/flow-analyse/http_ipv6.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip6,2a00:d40:1:3:7aac:c0ff:fea7:d4c,2a00:1450:4001:803::1017,udp,45931,443,finished,17,15,1448269127400446,1448269137275811,1448269136257808,37,0,1350,1350,4058,4856,0,1512,604281.6,6008829,1486148.8,2208638173184.0,2.8,"25363,26190,172445,219452,15689,87208,38758,110203,47003,1512,26672,45844,1752482,1778725,6798,78256,246614,318052,6008829,6008710,4760,76866,102599,174483,2367,73860,70885,142482,2922,74310,992388",77,326.6,1398,376.2,141514.9,4.3,"1398,1398,85,1202,80,660,88,238,80,88,567,88,77,243,80,623,91,88,80,248,77,575,91,249,80,572,88,250,80,547,88,251","0,9,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0","2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0","4.737460136,7.856492996,5.340356827,7.783504963,5.237494946,7.640817642,5.426836967,6.897242546,5.228057861,5.435415268,7.531185150,5.426837444,4.923079967,6.917997837,5.187493324,7.660722733,5.627426147,5.458142281,5.212494373,6.952660084,4.934730053,7.572426796,5.495558739,6.882013798,5.262493610,7.594254971,5.480869293,6.910377979,5.237494469,7.573482990,5.374089718,6.950065613",QUIC.Google,188.126,1,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/http_on_sip_port.pcap.out b/test/results/flow-analyse/http_on_sip_port.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/http_on_sip_port.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/i3d.pcap.out b/test/results/flow-analyse/i3d.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/i3d.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/iax.pcap.out b/test/results/flow-analyse/iax.pcap.out new file mode 100644 index 000000000..7604afaee --- /dev/null +++ b/test/results/flow-analyse/iax.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,82.110.36.84,192.168.2.120,udp,4569,4566,finished,27,5,1123840005963862,1123840006456930,1123840006059195,12,0,172,172,3882,372,0,948,18980.7,51403,10969.1,120322248.0,4.7,"2173,5097,7653,24399,24352,24724,16912,51403,9638,12261,14097,6869,22758,16765,31325,17887,20048,11489,43190,21320,13940,17067,22553,948,20517,34133,6854,21003,19904,17982,29140",40,161.5,200,59.5,3538.2,4.9,"94,40,40,46,40,46,192,200,200,46,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192,192","3,0,1,0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.666565895,4.339823723,4.439823151,4.354552269,4.384184837,4.354552269,1.312757373,1.546443224,1.322564363,4.327484608,1.142194629,1.312757373,1.944322586,1.302340746,1.312757373,1.312757373,1.312757373,1.302340746,1.312757373,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.335405827,1.321057439,1.335405827,1.335405827,1.335405827,1.335405827",IAX,95,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/icmp-tunnel.pcap.out b/test/results/flow-analyse/icmp-tunnel.pcap.out new file mode 100644 index 000000000..7a37d7ad8 --- /dev/null +++ b/test/results/flow-analyse/icmp-tunnel.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.154.131,192.168.154.132,icmp,,,finished,23,9,1360227866459330,1360227888466859,1360227888466987,92,0,92,92,2116,828,0,998770,1419844.6,13999352,2296693.5,5274800750592.0,4.2,"998770,1000036,1000056,999983,1000051,1000074,1000009,1000032,1000047,1000127,999991,999982,1000043,999922,13999352,1001250,1001214,1000977,1001002,1001107,1001081,1000973,1000923,1000944,1000921,1001115,1001144,1001036,1001015,1001004,1001005",112,112.0,112,0.0,0.0,5.0,"112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112,112","0,0,23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.610230446,5.622818947,5.669650555,5.651793003,5.651793003,5.604961395,5.645053387,5.630681515,5.633935928,5.622818947,5.633935928,5.669650555,5.651793480,5.645053387,5.669650555,5.683875084,5.669650555,5.701732159,5.633935928,5.666017056,5.633935928,5.666017056,5.645053387,5.677134514,5.637421608,5.672758102,5.602598667,5.623562336,5.651793003,5.683875084,5.669650555,5.701732159",ICMP,81,0,Acceptable,Network,6,DPI,"17" diff --git a/test/results/flow-analyse/iec60780-5-104.pcap.out b/test/results/flow-analyse/iec60780-5-104.pcap.out new file mode 100644 index 000000000..370a8cd02 --- /dev/null +++ b/test/results/flow-analyse/iec60780-5-104.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,172.27.248.109,172.27.248.79,tcp,1578,2404,finished,19,13,1219992819942883,1219992991664467,1219992991860370,0,0,16,64,94,207,0,133,11085131.0,32516052,10877058.0,118310385483776.0,4.1,"133,283,1182,4289,153898,32516052,32485009,17329020,17462619,171223,19844571,20033163,171510,19860294,20118307,25436246,25352045,204330,19828922,20215237,5341755,5765246,10455867,10671339,13934,15202,139861,131307,218735,19641453,20056039",40,51.6,104,11.5,132.4,5.0,"48,48,46,46,46,46,56,46,56,104,46,46,56,46,46,40,56,62,46,46,40,56,46,56,62,56,62,46,63,46,46,40","19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1","4.558206558,4.926427364,4.435436726,4.740953922,4.740953445,4.478915215,4.605515957,4.522393703,4.811381817,4.822690010,4.522393703,4.922443390,4.864342690,4.462504864,4.862554550,4.781687260,5.115302563,5.039213181,4.478915215,4.878964901,4.781687260,4.824862003,4.478915215,5.079588413,4.986872673,4.972445488,4.999047756,4.478915215,4.964986324,4.478915215,4.922443390,4.781687260",IEC60870,245,0,Acceptable,IoT-Scada,6,DPI,"" diff --git a/test/results/flow-analyse/imap-starttls.pcap.out b/test/results/flow-analyse/imap-starttls.pcap.out new file mode 100644 index 000000000..4cdc35999 --- /dev/null +++ b/test/results/flow-analyse/imap-starttls.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.17.53,212.227.17.186,tcp,49640,143,info,18,14,1437584567812552,1437584570639554,1437584570828629,0,0,318,1460,540,5653,0,1,188486.4,1677753,378167.8,143010873344.0,3.3,"189790,189950,188317,188305,133,192463,259,192553,155,186504,9,186418,431,197380,166,197053,2043,207,2163,90,3747,191586,187876,1486951,1677753,168,190848,49,279,1,189432",40,235.2,1500,424.6,180326.2,3.6,"64,52,40,311,40,54,46,267,40,52,72,46,40,358,1500,1500,40,1500,622,40,40,166,91,40,79,119,71,40,40,71,40,46","15,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1","4.577819824,4.737868309,4.461769104,5.374657631,4.734183788,5.080696583,4.457919598,5.160151482,4.684183598,5.024262428,5.301461220,4.501398087,4.784183979,5.382153988,6.856912613,7.178915024,4.665312290,7.104553223,7.666580677,4.403056622,4.684184551,6.516188145,5.466528416,4.684184074,5.702392578,6.104408741,5.134844303,4.665312290,4.734184265,5.452422619,4.492897511,3.926021099",,,,,,,,"" diff --git a/test/results/flow-analyse/imap.pcap.out b/test/results/flow-analyse/imap.pcap.out new file mode 100644 index 000000000..71ff89547 --- /dev/null +++ b/test/results/flow-analyse/imap.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.40.4.2,10.40.3.2,tcp,46045,143,finished,19,13,1213095262213846,1213095266780228,1213095266780369,0,0,73,696,179,1401,0,88,294609.8,4331408,1060070.4,1123749068800.0,1.4,"126,150,12887,12906,231,444,36852,36794,135,4330018,4331408,1394,16846,17272,39867,39540,93,199,596,39710,39393,88,905,1344,39009,38693,107,104,10836,47768,37190",52,101.9,748,125.9,15857.5,4.4,"60,60,52,94,52,71,117,52,84,52,78,79,52,72,73,52,109,52,72,73,52,109,52,73,64,52,311,52,125,164,52,748","18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,4,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1,0,1","4.466519356,4.994044781,4.884933472,5.545080185,4.923395157,5.188045025,5.565508366,4.846471786,5.532327652,4.923395157,5.445330620,5.491897583,4.961857319,5.242550373,5.321550369,4.892440796,5.645212650,4.899451256,5.225256920,5.331891060,4.961856842,5.594664574,4.961857319,5.357347012,5.240169048,4.961857319,5.602889538,4.923395157,5.631970406,5.824433327,4.923395157,5.541430473",IMAP,4,0,Unsafe,Email,6,DPI,"22" diff --git a/test/results/flow-analyse/imaps.pcap.out b/test/results/flow-analyse/imaps.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/imaps.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/imo.pcap.out b/test/results/flow-analyse/imo.pcap.out new file mode 100644 index 000000000..a937108b1 --- /dev/null +++ b/test/results/flow-analyse/imo.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.169,93.33.47.58,udp,49207,57604,finished,16,16,1646579366870607,1646579367998159,1646579367589404,1,0,100,107,241,239,0,22,59559.6,463846,120414.4,14499615744.0,3.2,"36207,20915,69195,11193,10953,10897,11928,60266,17574,7210,47,9880,379036,463846,100219,9477,9867,20901,22,106515,270,209,156,89,19549,7836,19677,23241,7950,3744,407480",29,43.0,135,23.0,529.8,4.9,"29,29,135,38,38,38,38,38,38,38,38,38,38,29,128,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38,38","15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0","4.444189072,4.513154984,6.563591003,4.339262962,4.286631107,4.266765594,4.339262962,4.339262962,4.444526196,4.391894341,4.372028828,4.444526196,4.444526196,4.444189072,6.433364868,4.458455563,4.458455563,4.511087418,4.511087418,4.511087418,4.405824184,4.405824184,4.405824184,4.458455563,4.458455563,4.511087418,4.353192329,4.511087418,4.385958672,4.458455563,4.458455563,4.266765594",IMO,216,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.12.169,185.155.137.30,udp,49207,36535,finished,17,15,1646579366752245,1646579368878172,1646579368918568,182,0,1224,224,11806,720,0,24,138459.7,1002796,305661.1,93428727808.0,2.8,"396,41304,49,43405,10843,2151,275,10533,8077,9421,9986,55709,51,24,9743,18469,13472,314,9827,9743,9558,13513,46,69283,127192,99850,16582,835382,861703,1002796,1002553",38,419.4,1252,488.9,239046.1,4.1,"228,357,39,146,1252,1252,210,228,1252,1252,1252,1252,108,252,39,1252,38,1252,228,38,38,38,38,39,212,125,347,124,228,39,228,39","0,0,0,0,0,2,5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0","10,0,1,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1","6.951599121,7.408638477,4.155817986,6.605685711,7.827155590,7.851851463,6.958688259,6.942827225,7.823550224,7.844932079,7.851901054,7.830797195,6.188582897,7.144678593,4.053254128,7.818601608,4.339262486,7.858332157,6.930744171,4.391894341,4.391894341,4.391894341,4.391894341,4.155817986,6.930866241,6.293650627,7.455466747,6.412575722,6.928594112,4.207099915,6.941227913,4.207099915",IMO,216,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/instagram.pcap.out b/test/results/flow-analyse/instagram.pcap.out new file mode 100644 index 000000000..26e147b5a --- /dev/null +++ b/test/results/flow-analyse/instagram.pcap.out @@ -0,0 +1,15 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.103,31.13.93.52,tcp,33936,443,info,16,16,1436720898386781,1436720900498659,1436720900498598,0,0,1365,1398,2362,17365,1,61,136248.2,1572479,382122.6,146017665024.0,2.2,"88898,75897,164978,1522736,1572479,340302,390014,2197,2137,122,91,92,92,91,91,61,61,92,92,61,91,91,61,92,92,29907,29999,733,671,702,672",52,668.5,1450,663.9,440818.0,4.2,"1417,52,665,52,1049,52,1450,52,195,52,1450,52,1283,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52,1450,52","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,11,0,0,0,0","0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","7.861261845,5.070539474,7.656534195,5.014835358,7.778872013,5.017560959,7.868881702,5.053297043,6.745593071,5.053297043,7.855556488,5.091758728,7.839184761,5.091758728,7.864506721,5.038780212,7.844711781,5.115703106,7.864735603,5.077241421,7.847777367,5.077241898,7.868622303,5.077241421,7.866432190,5.115703106,7.875942230,5.115703106,7.870041847,5.115703106,7.866209507,5.077241421",,,,,,,,"" +1,ip4,192.168.0.103,46.33.70.160,tcp,38816,80,finished,6,26,1436720900684083,1436720900734468,1436720900734651,0,0,260,1418,260,36868,1,30,3256.5,33112,8022.9,64366212.0,2.9,"32685,33112,763,702,1770,2075,61,30,336,366,672,610,610,611,610,641,610,611,10956,1922,1953,366,305,794,1068,458,457,428,824,4059,488",52,1212.2,1470,538.2,289645.8,4.8,"312,1470,52,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,1470,52,1470,52,1470,52,1470,1470,1470,1470,1470,1470,52,1470","5,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0","0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,0,1,1,1,1,1,1,0,1","5.898158073,7.321296692,5.085056305,7.712381363,7.732598782,7.839711666,7.840396881,7.816926956,7.824441910,7.832503319,7.834330559,7.838201523,7.842141628,7.832640171,7.857853413,7.693085670,7.721205235,7.765996933,7.720492840,5.123517990,7.778287411,5.085056305,7.565217018,5.123517990,7.755377769,7.760787010,7.733772278,7.715420246,7.768604279,7.540043831,5.123517990,7.831338882",HTTP.Instagram,7.211,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.0.103,82.85.26.162,tcp,57936,80,finished,15,17,1436720900687959,1436720900865663,1436720900865785,0,0,253,1418,253,22769,1,30,11468.7,111969,29722.3,883413632.0,2.3,"56793,57068,1160,977,610,610,428,397,457,457,672,702,1281,1282,1160,1160,488,457,428,458,111480,31,111969,336,1343,61,30,1038,885,793,519",52,771.4,1470,697.7,486813.2,4.3,"305,1470,52,1431,52,1470,52,1470,52,1470,52,1470,52,172,52,1470,52,1470,52,1470,52,1470,1470,52,52,1470,1470,1470,52,1470,52,1470","14,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,15,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,1,1,0,1,0,1","5.838165760,6.902098656,5.046594620,7.571764946,5.046594620,7.804839134,5.046594620,7.765610695,5.046594620,7.812949181,5.085056305,7.799284935,5.032077789,6.483376980,5.046594620,6.923000336,4.993616104,7.515916824,5.008132935,7.819376469,5.046594620,7.844942093,7.811455250,5.123517990,5.085056305,7.765757561,7.802289486,7.797224998,5.123517990,7.813294411,5.123517990,7.806335449",HTTP.Instagram,7.211,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.0.103,82.85.26.186,tcp,44379,80,finished,15,17,1436720900690339,1436720901257356,1436720901259248,0,0,259,1418,518,24096,1,61,36642.8,372071,92640.3,8582226944.0,2.3,"185486,185853,397,519,640,61,1434,61,1404,61,580,733,1434,61,310272,372071,63232,2166,2198,336,305,549,427,733,793,580,519,519,519,1007,976",52,826.4,1470,686.9,471900.1,4.4,"311,1470,80,1470,1470,80,80,1470,1470,80,80,1470,80,1470,1470,311,1470,52,1470,52,1460,52,1470,52,1470,52,1470,52,1470,52,1470,1470","13,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0","0,1,0,1,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1","5.875868797,7.799760818,5.230642319,7.805149555,7.815236568,5.230642319,5.255642891,7.775027752,7.764830589,5.255642891,5.255642891,7.786373615,5.230642796,7.780581951,7.802150726,5.830727100,7.246917725,4.955154419,7.568865299,4.969671726,7.664569378,5.008132935,7.792304993,4.959492207,7.832537174,5.008132935,7.790991306,5.008132935,7.830072880,5.046594620,7.783673286,7.843332291",HTTP.Instagram,7.211,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.0.103,77.67.29.17,tcp,33976,80,info,13,19,1436720901182283,1436720908522279,1436720901200136,0,0,0,1418,0,26795,1,31,237350.0,7321503,1293384.0,1672842313728.0,0.1,"183,854,1526,2655,488,367,335,397,1495,519,1160,1800,61,31,2258,92,3204,427,3571,1038,549,367,1953,885,885,671,3632,61,4699,183,7321503",52,889.3,1470,693.1,480370.2,4.4,"52,52,1470,1470,52,1470,1470,1470,1470,52,52,1470,1470,1470,1470,52,52,1470,1470,52,1470,1470,1470,52,1470,52,1470,1470,1323,52,52,52","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,18,0,0,0","0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,0,0","5.046594620,5.046594620,7.807667255,7.804625511,5.046594620,7.835396767,7.830054760,7.827408791,7.815585136,4.955154419,5.085056305,7.818941593,7.842073441,7.811964035,7.825482368,5.085056305,5.046594620,7.838124752,7.812465668,5.046594620,7.832524300,7.839126110,7.830482006,5.085056305,7.832290173,5.046594620,7.787267685,7.789937973,7.772590160,5.123517990,5.123517990,5.085056305",,,,,,,,"" +1,ip4,192.168.0.103,82.85.26.162,tcp,58052,80,finished,15,17,1436720942530885,1436720942601472,1436720942602785,0,0,260,1418,260,23009,1,30,4596.4,62164,15022.2,225667616.0,2.0,"61310,214,427,62164,336,336,1434,671,916,885,1556,61,61,1618,61,61,1312,92,30,1312,61,92,31,61,519,549,2411,2441,1373,61,31",52,779.2,1470,693.8,481326.3,4.3,"312,1470,1470,1461,52,52,52,1470,52,1470,52,1470,1470,1470,52,52,52,1470,1470,1470,52,52,1470,52,52,1470,52,1470,52,382,1470,1470","14,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0","0,1,1,1,0,0,0,1,0,1,0,1,1,1,0,0,0,1,1,1,0,0,1,0,0,1,0,1,0,1,1,1","5.872007370,7.407559395,7.844656944,7.852430344,4.993615627,5.046594620,5.008132935,7.842045307,5.046594620,7.880799770,5.008132935,7.822133541,7.825195312,7.841379166,5.046594620,5.008132935,4.969671249,7.828572273,7.860865593,7.842309952,5.046594620,5.008132935,7.841728687,5.046594620,4.969671249,7.704082012,5.046594620,7.760354519,5.046594620,7.391226292,7.738003731,7.744394302",HTTP.Instagram,7.211,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,31.13.86.52,192.168.0.103,tcp,80,58216,info,21,11,1436720950909974,1436720950923433,1436720950922975,1398,0,1398,0,29358,0,1,30,853.5,2198,594.0,352792.4,4.6,"367,1465,1587,519,458,824,1465,61,30,1648,2198,2075,366,213,641,367,1312,1678,488,214,610,641,1037,1679,336,488,915,794,335,977,672",52,969.4,1450,664.0,440886.1,4.5,"1450,52,1450,52,1450,1450,52,1450,1450,1450,52,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450,1450,52,1450","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,21,0,0,0,0","11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0","7.845948219,5.046595097,7.540397644,4.969671726,7.871668816,7.850661755,5.008133411,7.849848747,7.439690590,7.543411732,5.008133411,7.855735302,5.008133411,7.820466042,7.850073814,4.969671726,7.838098049,7.834076881,5.046594620,7.213315964,7.751162052,5.046594620,7.844347477,7.850857258,5.008132935,7.825020313,7.824017048,5.046594620,7.437387466,7.851827145,5.046594620,7.850535870",,,,,,,,"" +1,ip4,2.22.236.51,192.168.0.103,tcp,80,44151,info,17,15,1436720952553865,1436720952574830,1436720952572908,1418,0,1418,0,24106,0,1,31,1290.6,3846,1167.1,1362190.6,4.3,"122,2106,427,3387,31,3174,2289,427,946,1892,213,2563,1831,3785,61,3846,183,1342,1312,367,183,213,275,519,519,885,854,2075,2106,2014,61",52,805.3,1470,707.6,500717.4,4.3,"1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,1470,52,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,52,1470,1470","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0","7.838996410,5.123517990,7.796014309,7.834145069,5.123517990,5.085056305,7.799090385,5.085056305,7.778009892,7.746161938,5.046594620,5.085056305,7.694964409,5.085056305,7.722822666,7.781306744,5.161979675,5.109000683,7.744096756,5.161979675,7.786537647,5.161979675,7.830977440,5.161979675,7.801307678,5.123517990,7.796917439,5.123517990,7.805510998,5.123517990,7.825653553,7.826405048",,,,,,,,"" +1,ip4,192.168.2.17,31.13.86.52,tcp,49355,443,finished,14,18,1568796253770116,1568796253821857,1568796253819210,0,0,498,1388,784,17805,0,7,3252.7,16760,5626.7,31659210.0,3.3,"12399,14597,58,14624,1725,26,7,16760,58,2044,498,16542,723,227,12497,604,464,936,285,275,177,245,128,170,272,201,2390,75,1564,117,147",52,633.5,1440,640.4,410152.9,4.2,"64,60,52,274,52,1440,1440,355,52,52,116,550,245,682,75,52,1440,1440,52,1440,1440,1440,1440,1440,1440,1440,1440,52,52,52,52,52","11,0,1,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0","4.303027153,5.094311714,4.831954956,6.418707371,4.961856842,7.850357056,7.872403145,7.366671085,4.947339535,4.947339535,5.857741833,7.586094856,7.121934414,7.678453922,5.461499214,5.000318050,7.859985828,7.855003357,4.955154419,7.881975174,7.852957726,7.858335018,7.869473934,7.875190735,7.849181652,7.858565331,7.871207237,5.000318050,4.916692734,5.038779736,4.916692734,4.947339058",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.2.17,31.13.86.52,tcp,49359,443,finished,15,17,1568796254524506,1568796254710630,1568796254725634,0,0,571,1388,1587,13458,0,5,12492.0,158859,36696.7,1346645888.0,2.3,"12015,14119,556,167,14869,68,308,601,354,271,107,13997,388,138,112,165,226,1385,108,1160,122,114,5,489,10627,8948,1625,2191,142763,158859,395",52,522.8,1440,570.2,325102.6,4.1,"64,60,52,471,565,52,52,274,685,1440,1440,1440,52,1440,1440,1440,706,1440,136,52,52,52,52,52,52,86,52,230,52,623,685,1440","11,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,0,1,1,1,1,1,1,1,0,1,1,1,1,1,0,0,0,0,0,0,0,1,0,1,0,0,1,1","4.346072197,5.035815716,4.870416641,6.991298199,7.577324390,5.038779736,5.038779736,6.829315662,7.680058956,7.881175995,7.859010696,7.855990410,4.831954956,7.860237122,7.871424198,7.861568928,7.676653862,7.867210865,6.338829517,5.000318527,4.878231525,4.923395157,4.825253010,4.961856365,4.839769840,5.854624271,4.961856842,7.028743744,4.961856842,7.587353230,7.689682484,7.874731064",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.2.17,31.13.86.52,tcp,49358,443,finished,14,18,1568796254515573,1568796254765378,1568796254925955,0,0,588,1388,2208,12690,0,7,21296.4,156515,45250.9,2047640320.0,2.9,"11078,12229,3431,138,15990,219,497,12957,479,11770,12042,155644,475,129,254,92,123,275,7,156515,111,123,122,255,2699,48704,55896,8249,149165,503,16",52,518.2,1440,557.6,310915.1,4.2,"64,60,52,471,581,52,52,274,52,136,230,52,826,1440,1440,1440,1440,1043,1440,86,52,52,52,52,52,640,640,52,52,827,1440,1440","9,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0","0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1","4.346072197,5.127645016,4.961856365,6.968073845,7.557704926,5.014835358,5.000318050,6.747485161,4.894361019,6.339305878,6.972853184,4.923395157,7.735570908,7.861948490,7.862287998,7.850868702,7.873754501,7.803619862,7.845140934,5.812837601,5.000318050,5.038779736,5.000318050,5.000318050,5.000318050,7.587841034,7.587659836,5.038779736,4.985801220,7.746087074,7.844884872,7.864926338",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.2.17,31.13.86.52,tcp,49360,443,finished,12,20,1568796265146962,1568796265180861,1568796265192260,0,0,526,1388,1014,20310,0,13,2554.7,16353,4723.5,22311642.0,3.2,"11840,12942,2760,70,16353,27,401,1108,14120,264,633,553,236,305,380,53,1148,300,94,1743,117,248,13,105,10046,132,1375,75,1411,144,201",52,719.0,1440,652.7,426025.8,4.3,"64,60,52,456,578,52,52,274,685,52,75,136,1440,1440,1440,1440,1440,52,1440,1440,52,52,52,52,52,1440,1440,1440,1440,1440,1440,1440","9,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0,0","0,1,0,0,0,1,1,1,1,0,1,0,1,1,1,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1","4.314822197,5.127645493,4.839769840,6.925364971,7.610651493,4.993616104,4.955154419,6.841492653,7.701351166,4.870416641,5.685419083,6.370187283,7.864970684,7.852431297,7.854520321,7.870986938,7.857660770,4.961856842,7.885574341,7.873176098,4.961856842,4.839769840,4.961856365,5.000318527,4.878231049,7.857898235,7.858515739,7.865076542,7.865763187,7.848808289,7.881348610,7.866808891",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.2.17,31.13.86.52,tcp,49357,443,finished,15,17,1568796254514906,1568796265194500,1568796265280665,0,0,597,1388,2170,10887,0,6,691785.6,10469815,2560795.0,6557671096320.0,1.2,"11096,12433,1241,548,13252,614,103,14204,568,14367,12466,169576,258,200,98,307,55,169,229,6,169709,106,1819,218,113,542,10413415,52212,10469815,9752,75862",52,460.7,1440,528.6,279392.3,4.1,"64,60,52,471,649,52,52,274,52,136,230,52,825,1440,1440,1440,1440,1440,628,1440,86,52,52,52,52,52,52,587,587,52,52,828","10,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1","4.215376377,5.115063667,4.860988617,7.062851906,7.630533695,5.014835358,4.976373672,6.836615562,4.884933949,6.378606796,7.007258415,4.822527409,7.742178440,7.852344990,7.873802185,7.849394321,7.865141869,7.857724190,7.720446110,7.850056171,5.757548332,4.976373672,4.976373672,4.937912464,4.937911987,4.899450779,4.976373672,7.590856075,7.594714642,5.053297043,5.053297043,7.784784317",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.2.17,31.13.86.52,tcp,49361,443,finished,15,17,1568796265147078,1568796265327859,1568796265324773,0,0,526,1388,1014,15077,0,6,11563.7,131670,31792.0,1010731712.0,2.4,"12123,13295,2535,457,15987,6,842,13996,1396,14470,16133,131670,10,876,193,264,9,116,291,177,158,249,254,129919,113,139,2594,71,83,9,41",52,555.5,1440,619.5,383805.7,4.1,"64,60,52,456,578,52,52,274,52,136,230,52,826,75,1440,1440,1440,1440,1440,1440,1440,1440,1440,1440,52,52,52,52,52,52,52,52","12,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0","0,1,0,0,0,1,1,1,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0","4.346072197,5.127645016,4.923394680,7.025774479,7.548739910,4.961856365,4.961856842,6.762446880,4.908877850,6.376214027,6.979849815,4.884933472,7.738527298,5.578752518,7.854865074,7.854829311,7.858168602,7.848493099,7.843452930,7.870431900,7.877417564,7.866308212,7.865350246,7.841341019,4.961856365,4.961856365,4.908877850,4.923394680,4.801308155,4.860988617,4.738902092,4.923395157",TLS.Instagram,91.211,1,Fun,SocialNetwork,6,DPI,"" diff --git a/test/results/flow-analyse/ip_fragmented_garbage.pcap.out b/test/results/flow-analyse/ip_fragmented_garbage.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ip_fragmented_garbage.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/iphone.pcap.out b/test/results/flow-analyse/iphone.pcap.out new file mode 100644 index 000000000..0679df6cd --- /dev/null +++ b/test/results/flow-analyse/iphone.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.17,17.248.176.75,tcp,50580,443,finished,18,14,1582454598587648,1582454599931707,1582454599930073,0,0,1024,1440,2695,5563,0,6,86660.8,686219,170333.3,29013448704.0,3.1,"33952,135750,186,135485,2092,235,8690,6,162529,885,167358,319355,36,34737,102,651125,555,14,127,59,44,145,155,686219,30,1215,16,33741,32499,122595,156547",52,310.7,1492,443.9,197074.7,3.9,"64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1076,424,90,186,424,52,90,52,52,52,52,623,52","8,4,1,0,1,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,0","4.367087364,4.985490322,5.017560959,4.490139484,4.940637589,6.738035202,7.532607555,7.533798218,7.267988205,4.916693211,4.940638065,6.015305996,5.526464462,6.046408176,5.017560959,4.940637589,5.714282036,5.647850037,5.530496597,7.812578678,7.423500061,5.337946892,6.641199589,7.413410664,4.947340012,5.416154385,5.024262905,5.024262905,4.940637589,5.062724590,7.662645340,4.979099274",TLS.AppleiCloud,91.143,1,Acceptable,Web,6,DPI,"" +1,ip4,192.168.2.17,17.248.176.75,tcp,50584,443,finished,18,14,1582454599225110,1582454600252426,1582454600287478,0,0,1018,1440,2233,5676,0,6,67409.2,654765,146324.1,21410738176.0,2.9,"34116,36074,120,34743,1609,104,2287,55,140235,397,7279,143339,13,33865,58,1492,19,11,252,423,44,150,34850,6,1213,30,128241,155238,167955,510701,654765",40,299.4,1492,449.8,202280.4,3.8,"64,60,52,569,52,1492,1492,1492,566,52,52,145,103,121,52,52,105,102,94,1070,90,436,90,52,90,52,52,52,736,52,40,52","9,5,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1","4.410132408,5.160978794,5.101186275,4.520410061,5.142373085,6.747455597,7.544580936,7.534257412,7.316954136,4.932822704,5.009746075,6.044896126,5.671187878,6.038887501,4.985801220,5.024262905,5.722696304,5.781558990,5.543742657,7.804463387,5.504428864,7.447539806,5.482206821,4.932822704,5.457657814,4.988526344,4.974009514,4.894361019,7.697007179,5.009746075,4.521928787,5.089394093",TLS.AppleiCloud,91.143,1,Acceptable,Web,6,DPI,"" +1,ip4,192.168.2.17,92.123.77.26,tcp,50587,443,finished,18,14,1582454599934729,1582454600290030,1582454600371223,0,0,1440,1440,3458,5165,0,4,25541.8,147307,44603.2,1989448704.0,3.2,"33256,146084,75,147307,1403,159,73,18,38616,19,50,10855,46914,12516,120151,44,4,168,1146,109,1513,467,107361,13,1221,31041,492,3663,24,4467,82566",52,322.1,1492,461.1,212650.1,3.9,"64,60,52,569,52,1492,1492,1268,442,52,52,52,132,339,339,98,95,87,1492,552,818,52,52,52,122,52,52,83,52,87,52,52","10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","6,1,1,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,1,1,1,0,0,1,1,0,1","4.515677452,5.260978699,5.115703106,4.536097050,5.154164791,7.838258266,7.887313843,7.830554962,7.500537872,5.115703106,5.154164791,5.077241421,6.238309383,7.385308743,7.348131180,6.055991173,6.001430511,5.896850586,7.866535664,7.607725620,7.722208500,5.154164791,5.154164791,5.062724590,6.184679508,5.056022644,5.115703106,5.763531208,5.094483852,5.873862743,5.115703106,5.056022167",TLS.AppleiTunes,91.145,1,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.17,17.248.185.87,tcp,50581,443,info,20,12,1582454598721885,1582454600432880,1582454600398737,0,0,1440,1440,13211,8177,0,19,109285.4,803512,185220.7,34306707456.0,3.4,"145952,170980,359,171301,2704,133,11131,1277,11157,179655,19,50,112,15556,168247,146405,161443,749,308681,51490,198168,655712,185,186,293,803512,1267,180253,328,297,245",52,721.0,1492,667.3,445284.8,4.3,"64,60,52,569,52,1492,1492,1492,1492,1474,52,52,52,52,145,103,52,1169,344,52,996,52,1164,1492,1492,1492,52,52,1492,1492,1492,1492","8,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,7,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,4,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,1,1,0,0,0,0","4.378882408,5.048397064,4.855899334,4.669833183,5.026988029,6.153114796,4.607729912,7.088045597,7.461877346,7.528841019,4.947339535,4.870416164,4.908878326,4.825253010,6.027275085,5.625993729,4.985801220,7.818661690,7.150210857,5.103910923,7.800937653,4.908877850,7.820833683,7.850773335,7.853681087,7.878564835,4.985801220,4.959492207,7.858905315,7.865253448,7.862413406,7.846001625",,,,,,,,"" diff --git a/test/results/flow-analyse/ipp.pcap.out b/test/results/flow-analyse/ipp.pcap.out new file mode 100644 index 000000000..0f0ece312 --- /dev/null +++ b/test/results/flow-analyse/ipp.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.10.10.49,10.10.10.251,tcp,55342,631,finished,21,11,1210953938235230,1210953938290667,1210953938297849,0,0,2896,25,26572,25,0,5,3808.3,9119,3527.0,12440042.0,4.2,"709,735,61,34,3567,1615,5071,72,15,5799,5726,12,3653,3625,5,7253,7252,7,8848,8850,9,9119,9104,8,7245,7239,6,7601,7598,8,7210",52,883.7,2948,882.8,779357.9,4.2,"60,60,52,196,200,52,77,52,2948,1500,52,2948,1572,52,1428,1596,52,1404,1620,52,1380,1644,52,1356,1668,52,1332,1692,52,1308,1716,52","3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9","11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1","4.357651234,4.697803974,4.615702629,5.523350239,5.368941784,4.692625999,5.211149216,4.615702629,4.113531590,3.955130577,4.654164314,3.740996838,3.516076803,4.731087208,3.522020817,3.493224859,4.647461891,4.069941521,4.504707813,4.692625523,4.258998871,4.157813072,4.731087208,4.248043537,4.662984848,4.692625999,4.682926178,4.280339241,4.692625523,4.155966759,4.117242336,4.601185799",HTTP.IPP,7.6,0,Acceptable,System,6,DPI,"5,12" diff --git a/test/results/flow-analyse/ipsec_isakmp_esp.pcap.out b/test/results/flow-analyse/ipsec_isakmp_esp.pcap.out new file mode 100644 index 000000000..9cf821ebc --- /dev/null +++ b/test/results/flow-analyse/ipsec_isakmp_esp.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.100,109.237.187.193,udp,14500,4500,finished,16,16,946744635161000,946745723299000,946745723443000,96,0,1332,1028,12356,3648,0,0,70207096.0,662067000,185660096.0,34469670203424768.0,2.0,"122000,677000,771000,222000,34000,2372000,0,1000,23000,2387000,0,0,22000,24000,661960000,662067000,681000,743000,195000,34000,407000,0,0,421000,0,4000,138000,188000,12771000,421390000,408766000",108,528.1,1360,468.7,219671.5,4.5,"844,236,140,108,124,444,1360,1360,928,1360,160,160,160,928,160,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236","0,0,0,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0","0,0,3,0,7,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1","7.741627216,6.965078831,6.116603374,5.779674053,6.059063911,7.410885334,7.860165119,7.863566875,7.772638798,7.854592800,6.636003017,6.657938480,6.612657070,7.764769077,6.596687317,7.754736900,6.881987095,6.222157478,5.801217556,6.004589081,7.442288876,7.852550507,7.852631569,7.794322968,6.638905048,6.506283283,6.772091866,7.817639828,6.695438385,5.748310089,7.756398201,6.820323944",IPSec,79,1,Safe,VPN,6,DPI,"" +1,ip4,192.168.2.100,109.237.187.227,udp,14500,4500,finished,15,17,946763527783000,946763527783000,946763527783000,96,0,1332,1028,10256,4624,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",108,493.0,1360,453.9,206039.0,4.4,"844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236","0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0","0,0,4,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1","7.693149090,6.908532143,6.289921284,5.907789707,6.064967155,7.449052334,7.871124744,7.858648777,7.794081688,6.655786514,6.611001968,6.493160248,7.792814732,6.670437813,5.759838581,7.685832500,6.882148743,6.265015125,5.724118233,6.052976131,7.485020638,7.879636765,7.861135006,7.787482738,6.603220463,6.625156879,6.573005676,7.827785015,6.468286991,5.669764996,7.726345062,6.805452824",IPSec,79,1,Safe,VPN,6,DPI,"" +1,ip4,192.168.2.100,109.237.187.227,udp,10500,500,finished,16,16,946763527783000,946763527783000,946763527783000,776,0,800,288,12608,2720,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",80,507.0,828,320.2,102515.0,4.7,"804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316,804,80,828,316","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,8,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.943627357,4.600413322,5.035194874,6.560711384,4.957199574,4.634849548,5.032216549,6.619104385,4.913105965,4.609849930,4.993678570,6.435603142,4.935446262,4.594285965,5.011265278,6.551633835,4.906664848,4.582717896,4.951835632,6.504704952,4.882042408,4.594286442,4.970667839,6.575375080,4.923563004,4.694285870,5.003669262,6.614925861,4.935611725,4.644286156,5.001285553,6.506689072",IPSec,79,1,Safe,VPN,6,DPI,"" +1,ip4,192.168.2.100,109.237.187.130,udp,14500,4500,finished,13,19,946763527783000,946763527783000,946763527783000,96,0,1332,1332,7848,12096,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",108,651.2,1360,511.6,261688.4,4.5,"844,236,140,108,124,444,1360,1056,160,160,1056,160,1360,1360,1312,844,236,140,108,124,444,1360,1056,160,160,1056,160,1360,1360,1312,844,236","0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0","0,0,2,0,4,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,2,4,0,0,0,0,0,0","0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1,0,1,0,1,0,0,1,1,1,0,1,1,1,0,1","7.731180668,6.807529449,6.307871342,5.782698631,6.032709122,7.449109077,7.850845337,7.804824352,6.606283665,6.623502254,7.788777351,6.573501587,7.833298206,7.853844643,7.853167534,7.760776520,6.845402241,6.255957603,5.919319153,6.125529766,7.423834324,7.868905544,7.797307491,6.606283665,6.670437813,7.803458691,6.729874611,7.870663643,7.821934700,7.841155052,7.723438740,6.936455250",IPSec,79,1,Safe,VPN,6,DPI,"" +1,ip4,192.168.2.100,109.237.187.195,udp,14500,4500,finished,15,17,946763527783000,946763527783000,946763527783000,96,0,1332,1332,10224,7128,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",108,570.2,1360,486.8,236933.9,4.5,"844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236","0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0","0,0,2,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1","7.744743347,6.853363991,6.347064018,5.738097668,6.151700020,7.473697186,7.876097679,7.831090450,7.765502453,6.747092724,6.687656403,6.679874420,7.827803612,6.462619305,7.846179008,7.744938850,6.903948784,6.261349678,5.757190228,6.099359512,7.429207802,7.852733135,7.863712311,7.793406487,6.532532215,6.538568020,6.619940281,7.820692539,6.667374134,7.838056564,7.740211487,6.937667370",IPSec,79,1,Safe,VPN,6,DPI,"" +1,ip4,192.168.2.100,109.237.187.225,udp,14500,4500,finished,15,17,946763527783000,946763527783000,946763527783000,96,0,1332,1332,10240,5876,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",108,531.6,1360,472.2,222978.4,4.4,"844,236,140,108,124,444,1360,1360,928,160,160,160,1056,160,108,844,236,140,108,124,444,1360,1360,912,160,160,160,1056,160,1360,844,236","0,0,0,4,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0","0,0,3,0,6,0,3,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,1,0,0,0,1,1,1,1,0,1,0,1","7.735000610,6.885608673,6.313099861,5.849783897,6.173916817,7.464264393,7.831699848,7.833400249,7.798014164,6.661001682,6.578844547,6.648502350,7.808434486,6.640223026,5.685765266,7.751714706,6.969136238,6.248125076,5.863762856,6.151700020,7.458979130,7.869451523,7.855331421,7.760697842,6.747092247,6.645437717,6.637656689,7.804164410,6.573502064,7.848899364,7.732619762,6.921160221",IPSec,79,1,Safe,VPN,6,DPI,"" diff --git a/test/results/flow-analyse/ipv6_in_gtp.pcap.out b/test/results/flow-analyse/ipv6_in_gtp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ipv6_in_gtp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/irc.pcap.out b/test/results/flow-analyse/irc.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/irc.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ja3_lots_of_cipher_suites.pcap.out b/test/results/flow-analyse/ja3_lots_of_cipher_suites.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ja3_lots_of_cipher_suites.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ja3_lots_of_cipher_suites_2_anon.pcap.out b/test/results/flow-analyse/ja3_lots_of_cipher_suites_2_anon.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ja3_lots_of_cipher_suites_2_anon.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/jabber.pcap.out b/test/results/flow-analyse/jabber.pcap.out new file mode 100644 index 000000000..299373ec3 --- /dev/null +++ b/test/results/flow-analyse/jabber.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,172.16.0.62,172.16.1.138,tcp,57094,5222,finished,17,15,1502379723841804,1502379724444209,1502379724444121,0,0,338,379,929,1485,0,218,38862.0,337747,84176.8,7085729792.0,3.0,"444,511,417,828,400,374,12411,12818,2412,2410,348,1979,1627,218,40781,36965,77519,220,613,337303,337747,374,834,51093,51498,6383,6386,306,844,109053,109606",52,128.1,431,104.5,10930.1,4.6,"64,60,52,74,52,168,52,231,52,337,52,214,212,52,390,52,172,52,104,52,103,52,168,52,231,52,431,52,175,52,184,52","11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0","4.198073387,4.993659973,4.853535175,5.479191780,4.902175903,5.439201832,4.902175903,5.621643066,4.738150120,5.383924484,4.723633289,5.581990719,6.107189655,4.670654774,6.120055676,4.902175903,5.874162197,4.853535175,5.356550694,4.849197388,5.481268406,4.776612282,5.385900497,4.786790848,5.631215096,4.630272865,5.375878334,4.800556660,5.531776905,4.762094975,5.626255989,4.762094975",Jabber,67,0,Acceptable,Web,6,DPI,"" +1,ip4,172.16.0.62,172.16.1.138,tcp,57122,5222,finished,17,15,1502380175298881,1502380175888009,1502380175887945,0,0,338,379,929,1483,0,72,38006.2,336798,84915.4,7210629120.0,2.8,"690,749,72,451,362,328,190,509,138,134,177,1433,1288,169,39805,40983,80676,197,580,336438,336798,280,830,51170,51717,134,126,305,762,115132,115569",52,128.0,431,104.5,10917.3,4.6,"64,60,52,74,52,168,52,229,52,337,52,214,212,52,390,52,172,52,104,52,103,52,168,52,231,52,431,52,175,52,184,52","11,1,0,3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,1,1,3,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,1,0","4.266673088,5.131404400,4.776611805,5.441964149,4.902175903,5.444538593,4.825252533,5.585448742,4.738150120,5.405127525,4.776611805,5.600682259,6.105852604,4.815073490,6.126323223,4.863714218,5.952934742,4.675744057,5.351836681,4.801308155,5.387970448,4.584303856,5.442506313,4.863714218,5.598178864,4.776611805,5.389763355,4.671903133,5.446438789,4.762094498,5.526237488,4.685171604",Jabber,67,0,Acceptable,Web,6,DPI,"" +1,ip4,172.16.0.62,172.16.1.138,tcp,57149,5222,finished,18,14,1502380915481182,1502381566576939,1502381566616902,0,0,239,463,1086,2076,1,2,42007464.0,600487770,147104800.0,21639823353708544.0,1.4,"5033,2,5089,3,217021,217977,974,3684463,3688323,3876,600484177,600487770,3,3561,6,1107,1119,7791,47498,39730,447,62982,63440,253,504,186,80,2,90,46583978,46623992",52,150.8,515,117.9,13893.8,4.6,"291,460,172,52,52,234,515,52,234,179,52,202,256,158,106,52,272,52,100,52,100,52,274,52,100,153,52,52,157,52,187,52","9,4,0,0,2,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,5,0,0,3,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1","5.572191238,5.460877895,5.502878189,4.891996861,4.853535175,5.455323696,5.262341499,4.891996861,5.508277893,5.549472332,4.853535175,5.489766598,5.608968258,5.516506672,5.456765175,4.747577667,5.601363182,4.800556183,5.462725163,4.870416641,5.430274010,4.908877850,5.580210686,4.647958755,5.434380531,5.509377956,4.699688911,4.762538910,5.683691025,4.646709919,5.424290180,4.908878326",Jabber,67,0,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/kerberos-error.pcap.out b/test/results/flow-analyse/kerberos-error.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/kerberos-error.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/kerberos-login.pcap.out b/test/results/flow-analyse/kerberos-login.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/kerberos-login.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/kerberos.pcap.out b/test/results/flow-analyse/kerberos.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/kerberos.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/kerberos_fuzz.pcapng.out b/test/results/flow-analyse/kerberos_fuzz.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/kerberos_fuzz.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/kismet.pcap.out b/test/results/flow-analyse/kismet.pcap.out new file mode 100644 index 000000000..b3f236d55 --- /dev/null +++ b/test/results/flow-analyse/kismet.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,127.0.0.1,127.0.0.1,tcp,34065,2501,finished,16,16,1144004385285325,1144004397698680,1144004398798485,0,0,1045,199,1045,1777,0,28,836339.2,1099852,406205.2,165002641408.0,4.7,"28,42,208,235,399947,399927,615244,615286,399575,399620,1099784,1099782,1099835,1099834,1099815,1099816,1099834,1099831,1099838,1099839,1099849,1099852,1099837,1099839,1099821,1099818,1099833,1099833,1099842,1099843,1099828",40,128.9,1085,184.2,33913.2,4.2,"52,52,40,239,40,58,40,1085,40,115,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175,40,175","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,11,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.152935505,4.370187283,4.291446209,5.295236588,4.191446304,4.892910004,4.291446209,4.891900063,4.458695412,4.585392952,4.341446400,5.037372112,4.341446400,5.005887508,4.291446686,5.014514446,4.341446400,4.979419708,4.291446686,5.025943279,4.341446400,5.016745567,4.291446686,4.993078232,4.341446400,5.021629810,4.341446400,5.025943279,4.341446400,5.025943279,4.291446209,5.037371635",Kismet,309,0,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/kontiki.pcap.out b/test/results/flow-analyse/kontiki.pcap.out new file mode 100644 index 000000000..f8e100fae --- /dev/null +++ b/test/results/flow-analyse/kontiki.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.25.32.59,64.200.148.86,udp,19948,8888,finished,10,22,1213662198289578,1213662198988100,1213662198992190,4,0,217,1241,591,24254,0,13,45197.9,607738,118031.4,13931400192.0,2.6,"198615,212422,193796,607738,3074,5780,31191,29960,8831,9093,72,244,17,19380,18261,96,127,127,114,15289,14893,16,235,114,13,97,15924,15357,18,115,125",32,804.4,1269,568.0,322604.6,4.5,"32,32,32,48,56,245,499,232,204,118,1269,1269,1269,1269,44,1269,1269,1269,1269,1269,44,1269,1269,1269,1269,1269,1269,44,1269,1269,1269,1269","7,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,1,0,1,0,1,1,1,1,0,1,1,1,1,1,0,1,1,1,1,1,1,0,1,1,1,1","4.327819824,4.390319824,4.390319824,4.808207035,5.107008457,6.254767418,7.256530285,7.013645172,6.874151707,6.231850147,7.871051788,7.843012333,7.837141991,7.838663578,4.925117970,7.837912083,7.840578079,7.843400478,7.848168850,7.821814060,4.879663467,7.851324558,7.825254917,7.844458103,7.841213703,7.862925529,7.835451603,4.925117970,7.832023621,7.834714890,7.855443478,7.864355564",Kontiki,32,0,Potentially Dangerous,Media,6,DPI,"22" diff --git a/test/results/flow-analyse/line.pcap.out b/test/results/flow-analyse/line.pcap.out new file mode 100644 index 000000000..a9fb03321 --- /dev/null +++ b/test/results/flow-analyse/line.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.2.15,125.209.252.210,udp,50835,20610,finished,19,13,608455689,610177798,609998416,30,0,872,740,2795,1792,0,41,105317.3,602060,182193.2,33194352640.0,3.4,"500157,544706,533063,602060,13540,168,64915,55,263094,290370,5367,20000,10523,19462,58958,10024,9911,21001,21013,9059,41,8011,22020,2894,7145,6942,42069,58114,10385,99326,10443",58,171.3,900,234.5,54984.5,4.1,"900,900,270,768,58,380,163,163,331,64,65,65,64,64,64,66,64,66,66,66,64,66,66,66,65,65,100,80,67,67,65,65","1,14,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,8,1,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,1,0,0,1,1,1,1,1,0,0,0,0,0","7.775331020,7.771239281,6.645260811,7.613231659,5.193683147,7.436975479,6.710443974,6.755647659,7.369442463,5.120024681,5.136775970,5.344619274,5.143614769,5.249160290,5.311660290,5.195097923,5.186660290,5.286006927,5.346612453,5.316309452,5.217910290,5.286006451,5.255703449,5.316309929,5.252311230,5.160003662,4.125199318,4.492414474,5.378718853,5.348868370,5.240697861,5.209928036",LineCall,316,1,Acceptable,VoIP,6,DPI,"" +1,ip4,10.200.3.125,147.92.165.194,tcp,57841,443,finished,14,18,1663913332980371,1663913336388129,1663913336380823,0,0,296,334,1142,1292,1,6905,219619.7,2533141,601190.4,361429958656.0,2.8,"74605,74711,34434,71161,134842,63602,34330,34381,78205,122566,44300,34282,34254,68317,109320,41185,34458,34320,6905,46826,64547,58950,90163,2533141,2477508,34518,34165,78836,154671,69564,35143",40,118.1,374,90.9,8262.1,4.6,"100,46,134,46,146,93,46,150,46,343,95,46,146,46,113,89,46,150,46,216,89,124,96,46,95,46,336,46,256,40,374,89","1,8,1,3,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,2,1,0,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,1,0,1,0","5.948760986,4.652828693,6.332477570,4.696306705,6.569760323,6.006792545,4.696306705,6.565413952,4.696306705,7.383316040,6.030017853,4.652828693,6.526851654,4.652828693,6.386383057,5.933434010,4.652828217,6.670314789,4.696306705,7.039282322,5.852028370,6.250293255,6.048403740,4.652828693,5.950967789,4.652828693,7.256349564,4.696306705,7.137952328,4.780641556,7.407141685,5.877035141",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,10.200.3.125,147.92.242.232,tcp,58160,443,finished,14,18,1663913333003014,1663913342823022,1663913342822836,0,0,573,1460,3181,4192,0,0,633542.9,7306445,1725177.1,2976235913216.0,2.7,"237342,237605,1014,239671,1368,0,0,239919,3744,241388,238671,278520,277391,237506,0,0,237646,7029518,7306445,276831,237603,712,0,238338,524359,801600,277245,237667,0,0,237727",40,272.5,1500,367.3,134881.6,4.1,"52,52,40,557,46,1500,1500,381,40,133,314,335,46,581,46,224,75,40,335,46,613,46,224,75,40,335,46,612,46,224,75,40","6,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,3,0,0,0,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,0","4.516527176,4.923395157,4.780641556,4.813910007,4.544876099,7.233272552,7.495951176,7.379673958,4.780641556,6.214868546,7.183261871,7.332785606,4.501397610,7.644387245,4.501397610,7.034603119,5.700131416,4.780641556,7.404506683,4.435436726,7.647257328,4.565871716,6.998442650,5.771955490,4.611769676,7.254877090,4.549460888,7.643351078,4.549460888,7.047076225,5.680000782,4.671928883",TLS.Line,91.315,1,Acceptable,Chat,6,DPI,"15" +1,ip4,10.200.3.125,147.92.169.90,udp,51161,29070,finished,19,13,1663913345063942,1663913345289714,1663913345324209,31,0,853,542,9673,6723,0,0,15678.7,225047,51123.4,2613605376.0,1.5,"175745,225047,59,35,38,31,59,34,37,32,38,31,36,30,43,29,35,45,113,84319,0,0,0,0,0,0,155,0,0,0,48",59,540.4,881,131.0,17170.0,4.9,"881,419,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,569,59,161,398,570,570,570,570,570,570,570,570,570,570,570","1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1","7.761873245,7.165147781,7.605986118,7.625072002,7.581394672,7.661452770,7.659568310,7.627281189,7.538283348,7.648130894,7.648977280,7.646443367,7.577320099,7.610880852,7.662839413,7.594055176,7.592848778,7.662833691,5.346174717,6.693209171,7.482118607,7.644935131,7.664292812,7.595146656,7.643230438,7.594839096,7.698119640,7.644002914,7.648988724,7.686812401,7.668937206,7.563340664",LineCall,316,1,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/lisp_registration.pcap.out b/test/results/flow-analyse/lisp_registration.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/lisp_registration.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/log4j-webapp-exploit.pcap.out b/test/results/flow-analyse/log4j-webapp-exploit.pcap.out new file mode 100644 index 000000000..fc41abd03 --- /dev/null +++ b/test/results/flow-analyse/log4j-webapp-exploit.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip4,172.16.238.10,10.10.10.31,tcp,55408,9001,info,17,15,1639425815944677,1639425823295194,1639425823295146,0,0,5,3,30,3,0,46,474225.3,7288582,1789599.0,3202664366080.0,1.1,"143,183,7288581,7288582,60489,60668,256,174,116,102,89,87,86,86,151,159,99,144,121,87,73,51,50,48,47,46,47,47,47,46,81",52,53.5,60,2.2,4.6,5.0,"60,60,52,55,52,53,52,53,52,53,52,53,52,53,52,53,52,53,52,55,52,57,52,55,52,55,52,55,52,55,52,55","17,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.511636257,5.106626511,4.986606121,5.071912289,4.895165443,4.975576401,4.895165443,4.975576401,4.818242550,4.937840462,4.895165443,4.975576401,4.895165443,4.975576401,4.895165443,4.937840462,4.856703758,4.937840462,4.856703758,4.947280407,4.856703758,5.028079987,4.803725243,5.020007610,4.856703758,4.983644009,4.856703758,5.020007610,4.856703758,5.020007610,4.856703758,4.910916805",,,,,,,,"" diff --git a/test/results/flow-analyse/long_tls_certificate.pcap.out b/test/results/flow-analyse/long_tls_certificate.pcap.out new file mode 100644 index 000000000..629b68617 --- /dev/null +++ b/test/results/flow-analyse/long_tls_certificate.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.60,106.15.100.123,tcp,55333,443,info,17,15,1609756181300869,1609756182512712,1609756182787262,0,0,517,1452,906,9549,0,4,87039.9,370939,130477.0,17024251904.0,3.4,"370788,370939,9373,360927,2844,76,70,354425,123,125,124,131,8073,8089,5763,200299,194564,174299,34,174324,4,2275,71,66,101,117,94097,91476,274609,24,6",40,370.7,1492,546.6,298744.2,3.7,"64,64,40,557,46,1492,1492,1492,40,1492,40,1090,40,1090,52,166,1492,52,91,109,40,40,93,96,82,114,78,109,52,52,52,52","10,4,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0,0,0,0,0,0,0,1,0,1,1,1","4.353732109,4.287687778,4.680641651,4.404402256,4.565872192,6.234030724,4.660021305,4.709488392,4.630641460,6.835905075,4.680641651,7.511188984,4.580641747,7.512306690,4.740514278,6.280318737,6.238153934,4.870416164,5.914383888,6.170372486,4.680641651,4.680641651,5.707346439,5.695815086,5.241580486,6.007335186,5.319273472,6.145098209,4.778975964,5.063529015,5.025067329,5.063529015",,,,,,,,"" diff --git a/test/results/flow-analyse/malformed_dns.pcap.out b/test/results/flow-analyse/malformed_dns.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/malformed_dns.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/malformed_icmp.pcap.out b/test/results/flow-analyse/malformed_icmp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/malformed_icmp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/malware.pcap.out b/test/results/flow-analyse/malware.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/malware.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/memcached.cap.out b/test/results/flow-analyse/memcached.cap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/memcached.cap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mgcp.pcapng.out b/test/results/flow-analyse/mgcp.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mgcp.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/modbus.pcap.out b/test/results/flow-analyse/modbus.pcap.out new file mode 100644 index 000000000..8c9240e41 --- /dev/null +++ b/test/results/flow-analyse/modbus.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.110.131,192.168.110.138,tcp,2074,502,finished,16,16,1223541953927963,1223541960939284,1223541960940128,12,0,12,11,192,176,1,835,452370.5,1014211,497296.8,247304159232.0,3.8,"1135,1208,905,1013603,1014211,1539,891,986516,986873,1217,900,1000224,1000513,1187,905,1000230,1000558,1232,911,1000222,1000609,1645,915,999845,1000447,1173,835,1000242,1000645,1238,912",51,51.5,52,0.5,0.2,5.0,"52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51,52,51","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.526987553,4.730195045,4.438603878,4.877732754,4.429176807,4.636961937,4.429176331,4.877732754,4.622483730,4.730195045,4.589393616,4.838517189,4.622483730,4.730195045,4.550931931,4.916948318,4.569504738,4.769410610,4.627855301,4.916948318,4.622483730,4.730195045,4.627855301,4.916948795,4.622483730,4.769410610,4.627855301,4.862931252,4.607966423,4.769410610,4.627855301,4.916948318",Modbus,44,0,Acceptable,IoT-Scada,6,DPI,"" diff --git a/test/results/flow-analyse/monero.pcap.out b/test/results/flow-analyse/monero.pcap.out new file mode 100644 index 000000000..0c30263f1 --- /dev/null +++ b/test/results/flow-analyse/monero.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.148,94.23.199.191,tcp,46838,3333,finished,17,15,1514196188350524,1514196304559034,1514196304640605,0,0,1448,310,8887,914,0,13,7499954.5,71693099,18613570.0,346464978993152.0,2.4,"80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986",52,358.8,1500,549.1,301531.9,3.7,"60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77","8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0","10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1","4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365",Mining,42,0,Unsafe,Mining,6,DPI,"5,22" +1,ip4,192.168.2.148,116.211.167.195,tcp,53846,3333,finished,17,15,1514196196437568,1514196705571136,1514196705879789,0,0,1444,310,3127,2699,0,11,32857284.0,170525395,51784400.0,2681624034541568.0,3.4,"308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525",40,223.6,1484,347.6,120860.4,3.9,"60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46","12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0","4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1","4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598",Mining,42,0,Unsafe,Mining,6,DPI,"5,22" diff --git a/test/results/flow-analyse/mongo_false_positive.pcapng.out b/test/results/flow-analyse/mongo_false_positive.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mongo_false_positive.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mongodb.pcap.out b/test/results/flow-analyse/mongodb.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mongodb.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mpeg-dash.pcap.out b/test/results/flow-analyse/mpeg-dash.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mpeg-dash.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mpeg.pcap.out b/test/results/flow-analyse/mpeg.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mpeg.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mpegts.pcap.out b/test/results/flow-analyse/mpegts.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mpegts.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mqtt.pcap.out b/test/results/flow-analyse/mqtt.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mqtt.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mssql_tds.pcap.out b/test/results/flow-analyse/mssql_tds.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mssql_tds.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/munin.pcap.out b/test/results/flow-analyse/munin.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/munin.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/mysql-8.pcap.out b/test/results/flow-analyse/mysql-8.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/mysql-8.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/natpmp.pcap.out b/test/results/flow-analyse/natpmp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/natpmp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/nats.pcap.out b/test/results/flow-analyse/nats.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/nats.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ndpi_match_string_subprotocol__error.pcapng.out b/test/results/flow-analyse/ndpi_match_string_subprotocol__error.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ndpi_match_string_subprotocol__error.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/nest_log_sink.pcap.out b/test/results/flow-analyse/nest_log_sink.pcap.out new file mode 100644 index 000000000..ddc9ad2db --- /dev/null +++ b/test/results/flow-analyse/nest_log_sink.pcap.out @@ -0,0 +1,11 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.242.15,35.174.82.237,tcp,63340,11095,info,16,16,1536712992228658,1536713593921755,1536713593982239,0,0,0,0,0,0,1,60807,38820860.0,60122070,28558074.0,815563555209216.0,4.3,"60807,60066531,60070988,444607,512208,60052382,60122070,60064103,60058548,139368,204086,59876012,59944753,60065849,60071735,305546,379257,59710128,59782330,60066153,60065042,470660,541865,60021230,60097006,60071977,60059874,163527,227320,59833996,59896720",40,43.0,46,3.0,9.0,5.0,"46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40,46,40,40,46,46,40","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1,0,1,1,0,0,1","4.501398087,4.881687164,4.457920074,4.881687164,4.881687164,4.501398087,4.457919598,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164,4.414441586,4.881687164,4.881687164,4.441509247,4.501398087,4.881687164,4.501398087,4.881687164,4.881687164,4.501398087,4.501398087,4.881687164",,,,,,,,"" +1,ip4,192.168.242.15,35.188.154.186,tcp,63342,11095,finished,17,15,1536714602612148,1536714605710820,1536714605694468,0,0,531,679,5203,1231,0,55,199386.8,1490586,353669.1,125081829376.0,3.7,"69743,72197,635648,708301,5274,110825,1347393,1490586,118042,84290,55,88866,80271,82780,83378,79961,79977,80201,79559,79635,80946,81395,80711,79963,79339,79335,79882,72223,8456,80008,81752",40,241.9,719,219.8,48330.3,4.4,"46,44,46,571,40,719,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495","4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0","4.347350597,4.921896935,4.434307098,6.926084995,4.831686974,7.091323376,4.544876099,5.377194881,4.981687069,5.869862556,4.981687069,5.670912743,7.483328342,5.698139191,7.522343636,5.745404720,7.484422207,5.740245342,7.506760597,5.790296078,7.525055408,5.637186527,7.521946430,5.669141293,7.561211109,5.642346382,7.582935333,5.811348438,4.434307575,7.459678173,5.698140144,7.522096634",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.174.82.237,tcp,63343,11095,finished,17,15,1536714607530778,1536714735302616,1536714735750574,0,0,531,677,1941,2066,0,7081,8257794.5,60077555,19898212.0,395938807939072.0,2.4,"64103,66685,638775,711013,16458,201353,1246735,1463240,104910,69439,22020,94707,71220,78130,7081,87220,75789,84472,84342,76407,307337,280726,43263,5019615,5092313,178784,59560541,59727665,60063791,60077555,375945",40,167.0,717,184.8,34140.6,4.3,"46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,201,46,332,102,46,46,40,46,40,40","9,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,0,0,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1","4.390829086,5.012806416,4.434307098,6.983462334,4.981687546,7.117225647,4.501398087,5.460370064,5.031687260,7.387540817,4.981687069,5.670276642,6.393791676,7.723265171,4.434307098,6.722110748,6.670401573,6.819778442,6.529592991,6.835218430,6.697788239,4.303872108,6.701543808,4.347350597,7.229048729,5.808568001,4.347350597,4.390829086,4.934183598,4.347350597,4.934183598,4.884183884",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.188.154.186,tcp,63345,11095,finished,17,15,1536716402828004,1536716405720045,1536716405705936,0,0,530,678,5202,1230,0,33,186128.2,1477502,337855.8,114146574336.0,3.6,"61003,66332,638637,696721,5239,274658,1166948,1477502,96252,57032,33,69584,64878,63516,66188,66283,63911,64139,63928,63783,65164,65050,63165,63274,64227,64111,63788,54150,11824,65153,63500",40,241.9,718,219.7,48280.0,4.4,"46,44,46,570,40,718,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495","4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0","4.390829086,4.967352390,4.390829086,6.899403095,4.781687260,7.121079922,4.338141918,5.373412609,4.731687546,5.826634884,4.712815285,5.642511845,7.549121857,5.698139191,7.531104088,5.727138519,7.473689079,5.677087307,7.561008930,5.663398743,7.514960289,5.642345905,7.526351929,5.637186050,7.499288082,5.719192982,7.509342194,5.656034470,4.390828609,7.483929634,5.727138996,7.595646381",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.174.82.237,tcp,63346,11095,finished,18,14,1536716407119984,1536716592513963,1536716532889304,0,0,531,677,1941,1905,0,6654,10037526.0,60065954,21842106.0,477077551710208.0,2.6,"66203,68921,634989,702416,15391,245970,1210603,1481601,108755,76207,16822,97423,70982,72827,6654,85865,79238,75829,75050,77170,97357,2619475,2881135,371772,59569035,59778516,60065954,60063694,377489,447329,59622627",40,162.2,717,185.8,34538.8,4.3,"46,44,46,571,40,717,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,40,46,46","10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0","4.390829086,5.012806416,4.434307098,6.960905552,4.931687355,7.109922409,4.501398087,5.422218800,4.931687355,7.525271416,4.762814999,5.747631550,6.463061810,7.686710835,4.434307098,6.746978760,6.772123814,6.796743393,6.668047905,6.846702099,6.720046520,4.457919121,7.263835907,5.855727196,4.441509247,4.501398087,4.981687546,4.501398087,4.981687546,4.981687546,4.501398087,4.501398087",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.188.154.186,tcp,63348,11095,finished,17,15,1536717428089363,1536717430971296,1536717430957587,0,0,530,678,5202,1230,0,41,185488.9,1475007,337125.5,113653596160.0,3.6,"56837,63375,631089,692531,4988,275292,1167126,1475007,94881,56956,41,68349,63598,63560,63263,63527,64323,71144,70310,64275,64470,63960,64294,64276,63689,63201,62870,53104,10769,65047,64005",40,241.9,718,219.7,48280.0,4.4,"46,44,46,570,40,718,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495","4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0","4.390829086,4.967351913,4.434307098,6.916602135,4.931686878,7.128376961,4.501398087,5.438629150,4.981687069,5.863207817,4.881687164,5.699314117,7.478340149,5.690193176,7.586304665,5.685032845,7.471494675,5.671344757,7.537241459,5.719192505,7.525679111,5.574028969,7.549623489,5.719192028,7.455665112,5.853453159,7.516324997,5.719192028,4.434307098,7.547780037,5.698139668,7.523346424",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.174.82.237,tcp,63349,11095,finished,17,15,1536717450091191,1536717692809761,1536717693064770,0,0,530,678,1560,1740,0,4297,15667489.0,60116188,26141992.0,683403720523776.0,3.1,"65118,68086,678411,747347,17507,94704,1396423,1507704,104371,70568,14503,87690,68949,72988,7038,83601,72569,4297,74338,110547,112155,137112,59606094,59757940,60076789,60061094,60093385,60092412,60108066,60116188,184155",40,145.1,718,181.0,32752.9,4.2,"46,44,46,570,40,718,46,92,40,244,40,100,162,669,46,220,190,46,220,201,332,102,46,46,40,46,40,46,40,46,40,40","10,1,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1","4.303872585,4.967351913,4.390829086,7.000074863,4.931686878,7.083823204,4.501398087,5.370536327,4.981687069,6.850469589,4.881687164,5.621728897,6.422999859,7.639559269,4.347350597,6.781757832,6.666656017,4.544876099,6.837507248,6.783583164,7.269664764,5.833524227,4.501398087,4.390829086,4.931686878,4.457919598,4.931686878,4.501398087,4.931686878,4.501398087,4.931686878,4.981687069",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.188.154.186,tcp,63351,11095,finished,17,15,1536718202984094,1536718205917650,1536718205903699,0,0,530,679,5202,1231,0,34,188811.6,1484002,352858.6,124509216768.0,3.6,"55511,58104,637607,698601,8299,132470,1319785,1484002,100866,62363,34,73666,66291,66062,64356,70801,72468,66245,63705,65435,67073,65571,63470,63974,64872,66987,66191,76434,5185,82369,64364",40,241.9,719,219.8,48309.8,4.4,"46,44,46,570,40,719,46,92,40,110,40,97,495,95,495,95,495,95,495,95,495,95,495,95,495,95,495,95,46,495,95,495","4,1,1,0,0,0,0,0,0,0,0,0,0,0,10,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0","4.287461758,4.967351913,4.374418736,6.956398010,4.981687069,7.137421608,4.544876099,5.452163696,4.981687069,5.767633438,4.931687355,5.629675388,7.553267002,5.769243717,7.480807304,5.656034946,7.456930637,5.661194324,7.513911247,5.748190880,7.546221733,5.663398743,7.504794121,5.711246014,7.578598976,5.698748112,7.528614521,5.748191357,4.321323395,7.516432285,5.677087307,7.518935204",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.174.82.237,tcp,63350,11095,finished,18,14,1536718052990525,1536718206570249,1536718206634864,0,0,531,677,1623,1739,0,1252,9910454.0,60155801,20689402.0,428051338887168.0,2.7,"68635,72232,634362,701888,15937,150934,1314255,1491295,109213,70989,18037,93450,70186,72141,7151,80030,74076,77118,76505,41618,115484,208508,59946855,60155801,60057740,60124304,30586012,30652885,66856,1252,68314",40,147.1,717,180.1,32452.7,4.2,"46,44,46,571,40,717,46,92,40,244,40,100,162,669,46,220,190,220,201,46,332,102,46,46,40,40,46,102,40,46,46,40","10,2,0,1,0,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1","4.260394096,4.921897411,4.434307098,6.934753895,4.931686878,7.082575321,4.501398087,5.325510979,4.981687546,6.942802429,4.981687069,5.756309986,6.493349075,7.689117908,4.434307098,6.784736156,6.532172680,6.853400707,6.767163754,4.457919598,7.212311268,5.867391586,4.501398087,4.544876099,5.031687260,5.031687260,4.544876099,5.644305706,5.031687260,4.544876099,4.588354588,5.031687260",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" +1,ip4,192.168.242.15,35.174.82.237,tcp,63352,11095,finished,18,14,1536718206572751,1536718392321066,1536718332214337,0,0,532,676,1942,1904,0,4658,10044835.0,60173109,21953530.0,481957439864832.0,2.6,"65322,67761,637540,709814,18708,293379,1174542,1481999,109107,72201,17976,90820,70287,73214,8669,96471,87696,75885,78977,77415,126677,2595650,2731016,150399,59910787,60056830,60173109,60107028,4658,60634,60165330",40,162.2,716,185.8,34529.8,4.3,"46,44,46,572,40,716,46,92,40,444,40,100,162,669,46,220,206,220,190,220,201,46,332,102,46,46,40,46,40,46,40,46","10,1,0,1,0,3,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,2,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0","4.347350597,4.967352390,4.434307098,6.920494080,4.981687546,7.105970383,4.544876099,5.378740311,4.881687164,7.440455914,4.812814713,5.615177631,6.437895298,7.618911266,4.434307098,6.860777378,6.737969398,6.892507076,6.603207111,6.959574699,6.884947777,4.457919598,7.273610592,5.848325729,4.414441586,4.501398087,4.831686974,4.544876099,4.881687164,4.501398087,4.881687164,4.544876099",NestLogSink,43,0,Acceptable,Cloud,6,DPI,"" diff --git a/test/results/flow-analyse/netbios.pcap.out b/test/results/flow-analyse/netbios.pcap.out new file mode 100644 index 000000000..38ff16d08 --- /dev/null +++ b/test/results/flow-analyse/netbios.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.4.131,10.0.5.255,udp,137,137,finished,32,0,1447772210350540,1447772220435262,1447772210350540,50,0,50,0,1600,0,0,14022,325313.6,749995,214669.9,46083158016.0,4.6,"471274,14022,264705,470792,80220,113829,555812,80046,113289,146849,489849,113312,146439,749995,33651,749542,308595,441426,307586,628917,121033,628920,470970,278997,470688,458539,291466,334217,123758,93119,532865",78,78.0,78,0.0,0.0,5.0,"78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.124596119,4.134274006,4.159914970,4.089276791,4.134274006,4.134274006,4.134274006,4.134274006,4.159914970,4.159914970,4.159914970,4.159914970,4.159914970,4.159914970,4.159914970,4.124596119,4.124596119,4.159914970,4.124596119,4.159914970,4.134274006,4.159914970,4.134274006,4.159914970,4.134274006,4.159914970,4.159914970,4.159914970,4.134274006,4.159914970,4.159914970,4.159914970",NetBIOS,10,0,Acceptable,System,6,DPI,"" +1,ip4,10.0.5.233,10.0.5.255,udp,137,137,finished,32,0,1447772211392771,1447772242251393,1447772211392771,50,0,50,0,1600,0,0,749128,995439.4,1515990,356068.3,126784610304.0,4.9,"749395,750108,1510862,749350,750084,1512101,749146,750073,1513657,749593,750165,1509201,749922,750117,1511084,749128,750100,1515990,749246,750060,1507974,749281,750095,1513465,749807,750021,1513052,749194,750091,1506879,749381",78,78.0,78,0.0,0.0,5.0,"78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78,78","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3.923101902,3.923101902,3.923101902,3.852463722,3.780971527,3.862141609,3.923101902,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.923101902,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.897460699,3.897460699,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.897460699,3.923101902,3.923101902,3.923101902,3.923101902,3.820537567,3.897460699",NetBIOS,10,0,Acceptable,System,6,DPI,"" diff --git a/test/results/flow-analyse/netbios_wildcard_dns_query.pcap.out b/test/results/flow-analyse/netbios_wildcard_dns_query.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/netbios_wildcard_dns_query.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/netflix.pcap.out b/test/results/flow-analyse/netflix.pcap.out new file mode 100644 index 000000000..cdcc3b882 --- /dev/null +++ b/test/results/flow-analyse/netflix.pcap.out @@ -0,0 +1,37 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.7,54.69.204.241,tcp,53105,443,finished,18,14,1484319032888907,1484319033506287,1484319033504279,0,0,356,1448,1665,5139,0,72,39766.2,363670,81851.3,6699630080.0,3.2,"46025,48575,597,54003,1611,989,54938,11050,13463,9437,301,377,58747,4648,50832,1878,237,59545,562,62143,8477,4734,310931,590,363670,5842,131,72,58058,152,137",52,265.2,1500,396.8,157454.8,3.9,"64,60,52,260,52,1500,1500,52,215,52,127,58,97,52,103,52,408,362,52,992,52,112,52,408,361,52,992,107,86,52,52,52","11,1,1,0,0,0,1,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,0,1,0,0,0,1,1,1,1,0,0,0","4.566831589,5.323234081,5.131024837,5.723237514,5.246409416,7.251158237,7.324303627,5.131024837,6.880544662,5.169486523,6.374709129,5.113821983,6.051860332,5.246409416,5.890006065,5.169486523,7.472100735,7.415780067,5.176993370,7.832669258,5.131024837,6.117320061,5.131024361,7.427300930,7.397639751,5.246409416,7.802502632,6.080207348,5.833016396,5.207947731,5.207947731,5.131024361",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,"" +1,ip4,192.168.1.7,52.32.196.36,tcp,53116,443,info,17,15,1484319032986624,1484319033498318,1484319033554363,0,0,1448,1448,4381,7721,0,191,34820.4,199917,47580.3,2263883008.0,3.8,"45497,51828,277,66352,510,13769,75518,25611,26489,15622,271,195,60990,421,44123,5113,191,57731,67780,234,2712,130987,13830,8367,10032,8058,2353,2270,141147,1238,199917",52,430.8,1500,557.4,310647.7,4.0,"64,60,52,284,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,728,52,1500,415,1500,52,1116,52,261,52,101,52,1436,567,52","10,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0","5,2,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,1,0,1,0,1,0,1,0,0,0,1","4.598081589,5.335815907,5.169486523,5.856084347,5.169486523,7.248301983,7.321610928,5.246409893,7.068851471,5.132945538,6.268332958,5.113822460,5.960739613,5.092563629,6.027123928,5.207948208,7.879599094,7.736606598,5.169486523,7.866442680,7.495402336,7.875605583,5.207948208,7.821874619,5.092563152,7.123493671,5.131024837,6.085196495,5.169486523,7.864480019,7.601682663,5.169486523",,,,,,,,"" +1,ip4,192.168.1.7,52.89.39.139,tcp,53133,443,info,16,16,1484319035080111,1484319035720714,1484319035719060,0,0,1448,1448,2402,12882,0,143,41275.9,350146,77246.2,5966969856.0,3.5,"50833,52103,3892,68860,549,14675,80527,16948,16635,16128,355,222,66675,773,50716,3176,284,61420,291182,143,350146,11846,12750,24110,12460,12309,13854,13662,2679,13302,16338",52,530.2,1500,630.5,397553.6,4.0,"64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,672,52,1500,1500,52,1500,1402,52,1500,52,237,52,1500,1019,52","11,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,7,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0","4.598081589,5.235815525,5.131024837,6.023412704,5.154969215,7.255973339,7.303249359,5.092563152,7.001137733,5.056022167,6.255658627,5.007929802,6.001976490,5.169486523,5.942530632,5.054101467,7.891292572,7.683557510,5.169486523,7.859122753,7.883965492,5.131024837,7.876591682,7.866814137,5.092563152,7.900776386,4.979098797,7.052536488,5.054101467,7.870380402,7.793371201,5.131024361",,,,,,,,"" +1,ip4,192.168.1.7,104.86.97.179,tcp,53141,443,finished,21,11,1484319036854344,1484319036983563,1484319036982334,0,0,227,1448,1128,5359,0,142,8297.1,40245,10476.7,109761248.0,3.9,"11378,14427,1674,21129,2857,316,24018,10358,7406,16914,385,833,30795,4734,18083,26013,249,318,147,231,142,435,4518,193,40245,7107,5353,4161,461,364,1965",52,255.3,1500,414.2,171525.6,3.9,"64,60,52,279,52,1500,1500,52,570,52,127,58,97,52,103,52,105,102,94,200,141,141,141,141,140,120,52,90,90,392,1500,52","8,5,6,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,2,1,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0","4.555036545,5.323234081,5.207947731,5.708015442,5.315825462,7.096366405,7.275357246,5.207947731,7.575589180,5.169486046,6.308334827,5.148305416,5.977168083,5.315825462,5.945915222,5.169486046,6.131762028,6.032381535,6.018351078,6.868569851,6.437176704,6.436284542,6.462777138,6.552643299,6.572731972,6.440443993,5.193430901,5.968302250,5.976224422,7.489761353,7.869163990,5.284871101",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,"" +1,ip4,192.168.1.7,52.89.39.139,tcp,53132,443,info,17,15,1484319035079531,1484319042786338,1484319042922798,0,0,1448,1448,4576,5220,0,147,501615.3,7507819,1826252.6,3335198867456.0,1.4,"49499,50871,4368,54319,2439,996,53513,42973,42827,12725,273,205,57417,5098,49336,4198,388,49955,75766,32147,2030,911,5107,4712,147,7402221,150,7507819,929,35745,990",52,358.8,1500,520.7,271128.8,3.8,"64,60,52,260,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,661,52,52,184,96,86,52,52,52,1500,789,52,52,1500,474","10,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","6,3,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,0,1,1,1,0,0,0,0,0,1,1,1,1","4.566831589,5.335815907,5.094483852,6.025682926,5.169486523,7.256491661,7.325493813,5.092563152,7.129077435,5.092563152,6.393805504,5.100806713,6.014647961,5.169486523,5.965332508,5.169486523,7.872792244,7.651345730,5.207947731,5.207948208,6.796521664,6.094137192,5.926040173,5.169486523,5.207948208,5.169486046,7.868273258,7.747731686,5.169486046,5.169486523,7.861037254,7.536938190",,,,,,,,"" +1,ip4,192.168.1.7,184.25.204.25,tcp,53149,80,finished,7,25,1484319043013015,1484319044532732,1484319044504314,0,0,245,1448,245,33304,0,6882,97129.5,1300093,229777.6,52797755392.0,3.4,"22705,29125,36813,70338,13255,32378,25989,101810,6882,28009,25233,44994,56409,27146,27165,53793,54320,26078,52109,80662,53766,398536,54325,39942,109640,40469,26128,51507,108074,13323,1300093",52,1101.9,1500,637.7,406609.6,4.6,"64,60,52,297,52,1500,1500,1500,52,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,80","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0","4.538909912,5.312702179,5.079966545,5.942044735,5.308815479,7.330718994,7.743900776,7.712044239,5.233813286,5.000318527,7.842275620,7.821234226,5.156889915,7.816409111,7.847937107,7.841120243,7.664994240,7.793088913,7.822535038,7.766201496,7.754564285,7.803048134,7.810695171,7.784301758,7.848053455,7.850491524,7.814136028,7.845249176,7.833446503,7.828612804,7.832110882,5.393421650",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" +1,ip4,192.168.1.7,54.201.191.132,tcp,53151,80,finished,12,20,1484319048780859,1484319049236027,1484319049229808,0,0,1448,1448,2612,21687,0,193,29165.1,187154,42322.7,1791214592.0,4.0,"44122,45598,3902,10660,193,60003,5736,990,135055,302,187154,5655,5706,13881,14022,13277,14383,27821,13324,13128,9212,13280,22521,13399,39251,13309,13303,13855,13324,13288,124463",52,812.3,1500,674.9,455511.9,4.4,"64,60,52,365,1500,903,52,52,52,714,1500,52,1500,52,1500,52,1500,1500,52,1012,52,1500,1293,52,1500,1500,1500,1500,1500,1500,1500,64","9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,13,0,0","0,1,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,0","4.538909912,5.279368401,5.156889915,5.705281258,5.964499474,6.056532860,5.272274971,5.272274494,5.310736179,6.005652428,5.696421623,5.094483852,6.091891766,5.233812809,5.866946220,5.038780212,5.796521664,5.782927513,5.195351601,5.831374168,5.233812809,5.802160263,5.817751884,5.195351124,5.813166142,5.771504402,5.781269550,5.780963898,5.817500591,5.785477638,5.779314995,5.163660049",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" +1,ip4,192.168.1.7,184.25.204.25,tcp,53148,80,finished,14,18,1484319043012652,1484319049640319,1484319049653906,0,0,246,1448,491,23168,0,590,428029.7,6030936,1231580.9,1516791529472.0,2.3,"22448,28943,26758,57708,590,13165,40076,31828,42757,26526,25526,50240,53221,30909,25521,54871,53768,27167,52693,79537,53772,544724,1519985,11557,27351,27280,28765,635381,3643850,6030936,1068",52,795.6,1500,706.6,499284.2,4.3,"64,60,52,298,52,1500,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,80,80,80,72,64,52,52,297,1500,1500","12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1","4.570159912,5.187539101,5.118428230,5.866323471,5.308815956,7.539054394,7.823310852,5.094483852,7.811959267,5.038779736,7.799767494,7.796337128,5.156889439,7.762200832,7.778352737,7.834424973,7.823929787,7.799146652,7.830269337,7.869925976,7.880800724,7.877037048,5.357215405,5.224027157,5.307214737,5.376956940,5.259624004,5.233813286,5.195351601,5.825244904,7.190491676,7.824782848",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" +1,ip4,192.168.1.7,23.246.11.145,tcp,53163,80,finished,11,21,1484319050652467,1484319051912595,1484319051940613,0,0,356,1448,356,28027,0,3794,82202.4,651024,153564.6,23582076928.0,3.6,"24769,26290,3794,42485,4828,43771,27157,40474,69366,43854,44827,78254,38808,79815,102619,28781,14718,354324,85041,14066,12423,12747,651024,22850,582496,8619,27490,16417,16392,14698,15077",52,940.8,1500,683.5,467159.1,4.5,"64,60,52,408,567,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,80,1500,1500,1500,1500,64,52,1500,1500,52,1500,52,1500,1500","10,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,19,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,0,1,1","4.550704956,5.312702179,5.103910923,6.388577938,5.862974167,3.576230049,5.195351124,2.528419971,2.540967226,5.077241421,2.547356844,5.115703106,2.543488026,2.552008152,2.558917999,3.816826105,3.805565357,3.816280365,5.256690979,3.890866995,3.462315798,3.461706400,3.458227158,5.071470261,5.154164314,3.470844507,3.517976761,5.154164314,3.546975851,4.955154419,3.560742617,3.579237461",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.10.139,tcp,53164,80,finished,13,19,1484319052216458,1484319053577715,1484319053589492,0,0,356,1448,356,25132,0,1043,88202.9,638852,151898.7,23073200128.0,3.7,"18792,21375,5144,35741,1043,5439,35508,13242,13983,20324,20435,13235,116191,170244,28107,56564,51631,31663,27571,12760,327583,131379,638852,579987,19881,15021,30035,13582,42286,118688,118005",52,851.9,1500,697.4,486427.5,4.4,"64,60,52,408,568,1500,1500,52,1500,52,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,80,1500,80,1500,72,1500,64,52,1500,52,1500","12,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,0,1,0,1","4.451259136,5.200120449,5.003043175,6.363925457,5.826877117,3.573564768,2.540809155,5.079966545,2.553215742,4.950064659,2.546205282,4.961856842,2.557531357,4.985801220,2.554388523,2.558952808,3.302551985,3.777240515,3.820478201,3.802512646,3.817392588,5.302858829,3.877096891,5.277858257,3.521096945,5.267232895,3.547756672,5.124750137,4.947339535,3.545200109,4.894361019,3.575657606",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.3.140,tcp,53171,80,finished,10,22,1484319054101585,1484319054294236,1484319054480080,0,0,354,1448,354,29479,0,2187,18424.1,44333,10032.7,100655136.0,4.7,"30791,32492,5528,44333,2187,41107,2921,12763,15575,14938,14982,12802,12713,26425,12767,11943,13284,17180,31033,13321,13566,25571,14329,13905,26660,13805,13288,27210,13255,13305,27167",52,984.9,1500,672.7,452466.1,4.5,"64,60,52,406,571,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","9,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0","0,1,0,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,1,1,1,1","4.527114868,5.266787052,5.118428230,6.362258911,5.831311226,3.571949720,5.233812809,2.540643215,2.558721066,5.195351124,2.550262213,5.038779736,2.557194710,2.582848072,5.195351124,2.547422886,5.038780212,2.553757429,2.570932388,5.195351124,2.541049719,5.115703106,3.780845165,3.769821644,3.779848337,3.819229603,3.784283876,3.803048134,3.786687374,3.790169001,3.883657932,3.464622736",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,184.25.204.24,tcp,53153,80,finished,18,14,1484319049672494,1484319054604684,1484319054632485,0,0,216,1448,216,17376,0,2986,319102.6,4093620,811857.0,659111739392.0,2.8,"24907,27714,2986,28468,27857,27840,80258,56838,56993,49295,90365,82473,40903,66540,53920,192092,80506,134732,711253,22984,31289,47833,1645394,40376,54849,160828,1864439,25699,40451,28479,4093620",52,611.1,1500,689.4,475329.8,4.0,"64,60,52,268,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,80,80,80,80,80,80,80,80,72,64,64,52,1500","17,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1","4.570159912,5.312702179,5.132945538,5.890671253,5.308815479,5.345861435,5.004974365,5.272274494,6.923064709,5.053297043,7.872980118,5.163660049,7.695485115,7.810632706,7.851381779,7.826048851,7.839385986,7.837315559,7.867424488,5.267898560,5.317898273,5.317898273,5.283462048,5.393421650,5.418421745,5.418421268,5.387294292,5.247972012,5.216578960,5.247828960,5.156889915,7.848117828",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"25" +1,ip4,192.168.1.7,23.246.11.141,tcp,53180,80,finished,21,11,1484319056241489,1484319059351882,1484319059371795,0,0,360,1448,360,13550,0,394,201312.9,2097549,403399.4,162731114496.0,3.6,"61813,72267,473,134860,394,125851,1162295,73601,899,212949,11519,409208,101075,1892,70852,2097549,79500,52131,129820,120649,42895,59919,67076,69354,174355,284029,29385,65003,252681,150502,125903",52,493.7,1500,638.1,407212.3,3.9,"64,60,52,412,570,1500,52,80,80,80,80,80,80,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,52,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,0,1","4.601409912,5.346035957,5.041505337,6.346901894,5.793770790,4.440931797,5.065449238,5.202858448,5.202857018,5.262294292,5.341651440,5.366651535,5.317899227,5.165874004,5.228374004,5.195351601,4.782721043,5.156889915,4.790072441,5.101186275,4.825405598,4.817777157,5.233812809,4.752513409,5.024262905,4.806689262,5.165874004,5.195351124,5.195351124,4.632717133,5.024262905,4.635102272",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53177,80,finished,20,12,1484319056233255,1484319060551613,1484319060618267,0,0,360,1448,360,13563,0,135,280753.9,1046959,300914.6,90549583872.0,4.2,"43730,45845,23628,124789,4917,111637,635898,176069,176,135,41643,37401,940199,857,45449,434520,483806,1046959,74656,202356,418896,472205,955340,169880,525271,694311,167240,252312,98045,326303,148897",52,490.1,1500,638.9,408170.9,3.9,"64,60,52,412,571,1500,52,72,72,64,64,64,52,88,1476,52,52,52,1500,1500,52,52,52,1500,52,52,1500,52,1500,1500,52,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,1,0,0,1,0,1,1,0,1","4.527114868,5.312702179,5.003043652,6.355251789,5.803568363,4.440690517,5.118427753,5.277718067,5.249940395,5.146419048,5.208919048,5.134624004,5.056021690,4.908463001,4.253908634,5.156889915,5.156889439,5.118427753,4.918218613,4.902011871,5.000318050,5.118427753,5.118427753,4.876659870,4.985801220,5.017560482,4.758782864,4.961856365,4.610503674,4.658255100,5.118427753,4.789437294",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53175,80,finished,20,12,1484319056221799,1484319060594060,1484319060664663,0,0,357,1448,357,14998,0,569,284358.9,1636184,362564.9,131453321216.0,4.0,"16087,19422,23622,88585,4002,82236,1105315,26930,21843,19608,569,13093,381586,1636184,66410,119030,421421,408128,882662,90167,143374,490378,519431,92259,120978,487097,597701,217631,227512,270000,221864",52,536.6,1500,657.9,432827.8,3.9,"64,60,52,409,570,1500,52,72,72,72,64,64,64,64,1500,1500,52,64,52,1500,1500,52,52,1500,1500,52,52,1500,52,1500,64,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1","4.538909912,5.333454132,5.142372608,6.390935421,5.823237419,4.453172207,5.118427753,5.333272934,5.385473251,5.387441158,5.216578960,5.208919048,5.216578960,5.228374004,3.805912256,4.418298721,5.156889915,5.072124004,5.233813286,4.401393414,4.419836998,5.233812809,5.195351124,4.383244514,4.387027740,5.233812809,5.209868431,4.311857224,5.000318527,4.386717796,5.240169048,4.585660934",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.133,tcp,53173,80,finished,16,16,1484319056210218,1484319060695068,1484319060746254,0,0,357,1448,357,20790,0,4949,290996.3,1397235,314333.5,98805530624.0,4.2,"23914,25117,18248,72539,4949,71292,152183,249467,985618,26703,1397235,519076,299466,499851,482346,40528,55620,206768,137068,537495,535230,174291,571825,775969,198842,230534,89909,283953,128056,116304,110490",52,716.2,1500,699.0,488561.8,4.2,"64,60,52,409,570,1500,52,1500,52,80,80,1500,72,1500,64,1500,1500,1500,52,1500,52,1500,52,52,1500,52,1500,1500,52,1500,52,1500","15,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,0,0,1,0,1,0,1,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1","4.601409912,5.266787052,5.036415577,6.391139984,5.809580326,4.456539154,5.041504860,4.186237812,4.961856842,5.322779179,5.322779179,4.373055458,5.331886292,4.362320423,5.228374004,4.324150085,4.463343143,4.271175385,5.118428230,4.316685200,5.142372608,4.338371277,5.077241421,5.195351124,4.538278103,5.038779736,4.711270332,4.737337112,5.079966545,4.685406208,5.233812809,4.710971355",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53182,80,finished,21,11,1484319056264541,1484319060916913,1484319060915445,0,0,358,1448,358,13550,0,342,300105.7,2716440,539188.2,290723889152.0,3.6,"61747,63082,19443,172653,342,153906,1162512,94154,1429,12319,104280,65945,674747,41474,39967,488929,2716440,44869,75746,28743,32797,29468,133613,256105,742961,71312,1131465,569658,135441,73631,104098",52,492.6,1500,638.8,408052.9,3.9,"64,60,52,410,570,1500,52,80,72,72,72,72,72,72,64,52,52,1500,1500,52,1500,52,1500,52,1500,64,52,1500,52,1500,1500,52","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,0,1,0,0,1,0,1,1,0","4.601409912,5.379369259,5.103910923,6.382707119,5.801897049,4.439589024,5.156889439,5.282214642,5.359663963,5.304108143,5.359663963,5.304108143,5.263877869,5.293623924,5.290874004,5.156889915,5.038779736,4.572134495,4.543495178,5.115703106,4.553971767,4.993616104,4.540792465,4.955154419,4.553669930,5.177669048,5.079966545,4.316857815,4.961856842,4.387219906,4.488969326,5.079966545",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53174,80,finished,22,10,1484319056214323,1484319060947278,1484319060861747,0,0,358,1448,358,12102,0,137,302592.9,3094333,556136.4,309287714816.0,3.7,"19993,22151,5332,69145,137,72224,626011,606979,26604,520264,51479,55493,593239,41657,80288,418048,3094333,65564,425655,469983,40810,84995,52141,54303,117697,383081,387305,709380,53664,73805,158619",52,447.8,1500,616.5,380048.7,3.8,"64,60,52,410,570,1500,52,72,72,72,72,64,64,72,64,52,52,1500,64,64,1500,1500,52,1500,52,1500,52,64,1500,64,1500,52","21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,0","4.538909912,5.312702179,5.065449715,6.359480381,5.816523552,4.445319176,5.065449238,5.277717590,5.387441635,5.387441635,5.248553276,5.259624004,5.228374004,5.331886292,5.259624004,5.272274494,5.115703106,4.653451920,5.163660049,5.185328960,4.692939758,4.660350800,5.065449715,4.689436913,5.077241898,4.606202602,5.156889439,5.290874004,4.357360840,5.290874004,4.495481014,5.233812809",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53181,80,finished,22,10,1484319056264215,1484319061168059,1484319060482194,0,0,359,1448,359,12101,0,266,294252.3,2608516,529173.0,280024055808.0,3.5,"61899,63035,8952,155118,266,150147,1152400,92133,498,591361,113696,141666,52293,522,39853,381137,2608516,28241,68204,27169,29555,26620,56459,81742,44814,43749,497350,496550,1208877,807442,91559",52,449.2,1500,615.6,378913.2,3.8,"64,60,52,411,569,1500,52,80,80,80,80,72,64,64,64,52,64,1500,1500,52,1500,52,1500,1500,52,1500,52,64,52,1500,72,72","21,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,1,1,0,1,0,0,0,1,0,0","4.570159912,5.346035480,5.065449715,6.363940239,5.804843426,4.442625046,5.142372608,5.362294197,5.337294102,5.312294006,5.287294388,5.333272934,5.197124004,5.240169048,5.240169048,5.156889439,5.152518272,4.990313053,4.973003864,5.195351124,4.964061737,5.000318050,4.996945381,4.996238232,5.156889439,4.959667683,5.038779736,5.146419048,5.003043175,4.680668831,5.247971535,5.333272934",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.133,tcp,53172,80,finished,21,11,1484319056204111,1484319061128980,1484319061270358,0,0,358,1448,358,13550,0,79,322294.1,3064500,576519.8,332375130112.0,3.6,"11668,15660,2402,60224,1206,79,57126,107813,316921,313910,536684,811161,71198,122498,693690,84709,585634,3064500,52838,57895,98411,231468,526235,115101,671,585669,117652,1178873,25807,79129,64284",52,495.0,1500,637.2,406023.8,3.9,"64,60,52,410,570,1500,1500,52,52,1500,52,80,80,80,80,72,64,72,1500,72,1500,64,1500,80,64,52,64,52,1500,52,1500,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,1,0,1,1","4.507659912,5.233454227,4.964581966,6.333802700,5.821110249,4.461877346,4.201263905,5.132945538,5.014835358,3.777186632,4.976373672,5.144669533,5.135233879,5.169670582,5.169669628,5.192996979,5.140319824,5.248552799,4.282153130,5.248552322,4.242815018,4.995864868,4.290421486,5.085232735,5.140319824,5.132945538,5.140319824,5.056022167,4.478749752,5.053297043,4.467899799,4.518882275",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53178,80,finished,21,11,1484319056233602,1484319061706774,1484319061794702,0,0,357,1448,357,13550,0,240,355944.2,3546297,682699.4,466078498816.0,3.5,"43247,45294,13187,106701,4927,97880,1317695,102059,98186,240,515839,59813,1148424,57207,54890,165165,3546297,68400,92258,155981,131046,69975,95851,103962,104462,205130,729427,91959,551213,1189389,68168",52,493.2,1500,638.4,407523.4,3.9,"64,60,52,409,570,1500,52,80,80,72,72,72,72,72,64,64,52,1500,52,1500,52,1500,1500,52,1500,52,1500,64,52,52,1500,1500","20,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,1,0,1,0,1,0,0,0,1,1","4.515677452,5.333454132,5.041505337,6.377946854,5.816387177,4.450622082,5.118428230,5.366649628,5.366649628,5.359663963,5.333272934,5.387441635,5.387441635,5.293623924,5.290874004,5.322124004,5.272274494,4.440482140,5.209868431,4.489046574,5.014835358,4.480661392,4.471484184,5.233812809,4.471359730,5.062724590,4.458212852,5.290874004,5.233812809,5.000318527,4.395615101,4.444458961",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53179,80,finished,20,12,1484319056234960,1484319062638948,1484319062680623,0,0,358,1448,358,14998,0,72,414504.9,4457097,811357.3,658300731392.0,3.6,"41445,43452,2932,82082,72,78739,1252127,77707,132171,828,525346,100674,510044,513013,40289,4457097,87034,1392951,522404,574888,39602,91204,57625,58127,138968,449063,380142,69915,139503,473414,516793",52,538.1,1500,656.8,431419.8,3.9,"64,60,52,410,570,1500,52,80,80,72,72,72,72,72,64,64,1500,1500,52,52,1500,1500,52,1500,52,1500,52,1500,1500,52,52,1500","19,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1","4.538909912,5.312702179,5.026988029,6.353898048,5.812767506,4.447575092,5.118428230,5.316649437,5.391650200,5.387441635,5.387441635,5.361050606,5.333272934,5.331886292,5.228374004,5.228374004,4.410194397,4.460495949,5.079966545,5.195351124,4.415517807,4.454523087,5.195351601,4.441005707,5.077241421,4.548726559,5.156889915,4.299219608,4.319707394,5.195351601,5.156889439,4.440834999",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53176,80,finished,23,9,1484319056232857,1484319062946776,1484319063015567,0,0,358,1448,358,10653,0,682,435375.1,4431980,814478.7,663375511552.0,3.6,"43856,45826,13429,88623,4898,81946,1250769,92472,118428,682,544165,69196,495457,501654,62886,1143862,28583,39116,4431980,82976,87813,169881,586445,795488,292945,509017,501170,1203523,55860,83014,70669",52,404.2,1500,589.2,347103.4,3.7,"64,60,52,410,569,1500,52,80,80,72,72,72,72,72,64,64,64,64,64,1500,52,1500,64,52,1500,64,52,52,1500,1500,52,1500","22,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,1,0,0,0,1,1,0,1","4.570159912,5.166786671,4.974009037,6.366189480,5.841994762,4.452114582,5.079966545,5.252857208,5.332214355,5.359663963,5.387441635,5.293623924,5.359663486,5.276330948,5.290874004,5.144205093,5.290874004,5.259624004,5.154078960,4.322241306,5.038779736,4.343337059,5.163660049,5.156889439,4.373079300,5.208919048,5.180834293,5.195351124,4.324346066,4.345085144,5.195351124,4.404635906",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,54.69.204.241,tcp,53118,443,info,17,15,1484319033631945,1484319063959877,1484319064010312,0,0,1448,1448,6334,4142,0,136,1958267.8,30086001,7379834.5,54461959503872.0,1.1,"47011,48359,1676,53080,2562,989,62283,11050,5991,10798,261,350,60341,3416,50128,4429,893,563,55944,50485,306,42722,3984,5077,5232,136,57719,311,30033380,30086001,822",52,380.0,1500,556.9,310128.2,3.8,"64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,337,52,52,52,993,112,52,52,52,83,52","9,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0","9,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,0,0,0,1,1","4.484876633,5.289900780,5.078045845,5.808425426,5.131024837,7.255376339,7.317865372,5.092562675,6.901146412,5.131024361,6.124006748,5.004364967,6.039024830,5.169486046,6.007705688,5.169486046,7.873569965,7.881214619,7.864243507,5.169486046,7.845795155,7.405421257,5.116507530,5.078045845,5.131024361,7.806305885,6.290623188,5.169486046,5.092563152,5.094483852,5.825018406,5.132945538",,,,,,,,"" +1,ip4,192.168.1.7,54.69.204.241,tcp,53119,443,info,18,14,1484319033943762,1484319064712006,1484319034278653,0,0,1448,1448,6319,4140,0,74,1003326.9,30431499,5372888.5,28867930619904.0,0.2,"44924,46321,7446,58250,1844,979,55802,12140,9904,9342,287,206,60460,132,50780,11459,460,157,72134,60865,339,50757,444,15673,16944,136,74,82928,303,146,30431499",52,379.5,1500,557.0,310204.4,3.8,"64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1402,1500,1500,52,1500,322,52,52,52,993,107,86,52,52,52,52","10,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0","7,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,1,1,1,1,1,1,0,0,0,0","4.598081589,5.256567001,5.131024837,5.819132805,5.246409416,7.227420330,7.332920074,5.092563152,6.984497547,5.169486046,6.274277210,5.113821983,5.948767662,5.284871101,6.050486565,5.246409416,7.870395660,7.873335838,7.867392540,5.246409416,7.876014709,7.339691162,5.169486046,5.284871101,5.284871101,7.775086403,6.215628147,5.873826027,5.246409416,5.169486046,5.154969215,5.003043175",,,,,,,,"" +1,ip4,192.168.1.7,54.191.17.51,tcp,53193,443,info,23,9,1484319064669455,1484319065388464,1484319065423935,0,0,1448,1448,23355,2633,0,105,47531.9,266118,57373.9,3291763968.0,4.0,"53359,54641,4455,73724,451,53617,123531,11602,72543,62717,1529,55777,52363,2209,208,426,218,96299,96364,227,131,105,82592,81689,880,205,155,38176,40581,146597,266118",52,865.4,1500,680.5,463015.4,4.4,"64,60,52,569,52,1500,1132,52,178,103,52,1044,106,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,1500,1500,1500,72","5,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","5,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1","4.578626633,5.335815907,5.207947731,4.350263596,5.169486523,7.184256554,7.647752762,5.207947731,6.566578865,6.006330490,5.169486046,7.810021400,6.234852314,5.215455055,7.860099316,7.858446598,7.850243568,7.875246525,5.284871101,7.867991447,7.875946045,7.875228882,7.851313114,5.246409416,7.892469883,7.867894650,7.855500698,7.875078678,7.889169693,7.874140739,7.858912468,5.388828278",,,,,,,,"" +1,ip4,192.168.1.7,54.191.17.51,tcp,53202,443,info,19,13,1484319064671268,1484319065492035,1484319065478679,0,0,1448,1448,9240,6755,0,182,52521.9,282465,58168.2,3383536896.0,4.2,"50844,52144,6261,61059,40719,74658,170395,11813,79420,67625,2032,57431,55801,1745,844,219,182,82546,79700,249,94600,127478,60574,282465,10583,27617,37968,39882,42871,7730,723",52,552.5,1500,629.7,396553.7,4.0,"64,60,52,569,52,1500,1132,52,178,103,52,1043,106,52,1500,1500,1500,1500,52,1500,387,52,52,1243,52,1500,1486,52,101,52,83,52","10,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","5,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,2,0,0","0,1,0,0,1,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,1,1,1,0,1,1,0,1,0,0,0","4.598081589,5.369149208,5.169486046,4.365832806,5.154969215,7.171761036,7.662086964,5.169486523,6.518167496,5.984750271,5.100070000,7.782325745,6.202902317,5.246409416,7.867114544,7.871539593,7.857532978,7.870780945,5.078046322,7.856834412,7.434062958,5.154969215,5.154969215,7.833981991,5.246409416,7.884502411,7.878024578,5.246409416,6.160539627,5.207947731,5.791826725,5.094483852",,,,,,,,"" +1,ip4,192.168.1.7,52.37.36.252,tcp,53203,443,info,22,10,1484319064711690,1484319065635020,1484319065630720,0,0,1448,1448,19082,3110,0,105,59431.0,332646,83335.9,6944879104.0,3.8,"69450,70962,2650,55568,49103,64385,167918,331939,332646,26549,653,732,87677,534,60709,8817,7117,449,81078,62803,767,160,105,68135,67101,803,163,105,111161,109572,2549",52,746.1,1500,703.8,495333.0,4.2,"64,60,52,281,52,1500,1500,52,215,52,127,58,97,52,103,52,1403,1500,1500,52,1500,1500,1500,1500,52,1500,1500,1500,1500,52,1500,1500","6,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,12,0,0","6,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0","4.578626633,5.323234081,5.169486046,5.810972691,5.131024837,7.231025219,7.326107502,5.154969215,6.940334797,5.169486523,6.230382919,5.079339504,6.149899960,5.207948208,5.992234230,5.193430901,7.859437466,7.874912739,7.853219032,5.207947731,7.901949883,7.848706245,7.875315189,7.851129055,5.207947731,7.874441147,7.863263607,7.860793114,7.870314598,5.207947731,7.870880127,7.866354465",,,,,,,,"" +1,ip4,192.168.1.7,23.246.11.141,tcp,53184,80,finished,16,16,1484319064593980,1484319066015206,1484319066064571,0,0,515,1448,1024,19133,0,2593,93284.4,471964,119313.2,14235634688.0,4.1,"26070,27491,2593,46530,5363,49411,29634,29502,8466,38422,5397,39840,38400,39693,140326,138333,356578,206910,471964,29274,417442,40849,81521,44012,43364,83015,187750,28619,25160,184386,25502",52,684.8,1500,659.1,434476.8,4.2,"64,60,52,561,621,1500,52,663,52,567,629,1500,52,1500,52,1500,1500,80,1500,64,52,1500,1500,52,1500,52,1500,72,64,52,1500,1500","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,0,0,0,1,1","4.570159912,5.266787052,5.065449715,6.275901794,5.797811985,4.453124046,5.118428230,4.223619461,5.089393616,6.289565086,5.782683849,3.849286318,5.103911400,6.893377781,5.000318050,7.605064869,7.871351719,5.248013020,7.860187054,5.187250137,5.077241421,7.867404461,7.859804153,5.065449238,7.885848045,5.000318527,7.863960743,5.267232895,5.115169048,5.079966545,7.857268333,7.882204533",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.3.140,tcp,53183,80,finished,17,15,1484319064590230,1484319066598421,1484319065741809,0,0,512,1448,1017,17969,0,5292,101928.1,730898,155663.8,24231225344.0,4.0,"30477,31515,13216,64005,5292,56409,6142,68156,5406,71534,109518,202677,164827,560321,47319,78954,279545,27696,94465,26601,26144,15824,70512,85885,39451,39774,41592,84438,730898,41457,39720",52,648.3,1500,653.4,426995.3,4.2,"64,60,52,557,618,951,52,564,628,1500,52,1500,1500,1500,72,64,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,64,72,64,52","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,1,1,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,0,0,0,0","4.476409912,5.212701797,5.156889915,6.230133057,5.778679371,3.867035151,5.079966545,6.195135117,5.745929718,3.167200804,5.094483852,7.856627464,7.824065208,7.816611290,5.331886292,5.165874004,5.118428230,7.781126976,7.831735134,5.118428230,7.778219700,4.961856365,5.882567406,7.827349663,5.103910923,7.794489861,4.961856365,7.814080238,4.958919048,5.244518280,5.083919048,5.079966545",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.133,tcp,53210,80,finished,14,18,1484319070636683,1484319072360005,1484319072357645,0,0,515,1448,1024,21986,0,3710,111105.9,530041,160200.4,25664157696.0,3.9,"18406,19875,3710,28859,18073,45753,41559,39617,18474,45294,5405,31729,29350,29485,41132,41119,82225,87690,42083,64319,51529,299907,159779,515651,435957,526591,530041,39964,69880,40403,40425",52,772.9,1500,666.8,444580.8,4.3,"64,60,52,561,620,1500,52,621,52,567,629,1500,52,1500,52,1500,1500,52,1500,1500,1500,1500,80,1500,64,1500,52,1500,1500,52,1500,52","12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,1,1,1,0,1,0,1,0,1,1,0,1,0","4.488204956,5.300120354,5.156889915,6.256848335,5.804110050,4.454978466,5.233812809,4.247903824,5.156889915,6.243398190,5.778408527,3.438887596,5.156889915,7.007576466,5.077241421,6.349354744,3.910008192,5.103911400,7.877290249,7.845316887,7.839955807,7.878695488,5.416651249,7.863180637,5.208919048,7.866981983,5.156889915,7.868912697,7.868783951,5.233812809,7.847263813,5.077241421",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,23.246.11.141,tcp,53217,80,finished,13,19,1484319091296070,1484319091784359,1484319091750098,0,0,518,1448,1027,23476,0,186,30397.3,286066,49910.1,2491019008.0,4.0,"13013,14780,4042,30273,839,3652,30261,186,16542,35559,2040,21479,3192,3317,13322,13300,26482,13309,13526,13848,42739,56409,14727,15199,71007,25498,25497,25504,51553,55156,286066",52,819.0,1500,665.8,443241.7,4.4,"64,60,52,561,620,1500,663,52,52,570,629,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,52,1500,52,1500,1500,1500,1500,1500,1500,72","11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,1,1,0,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,1,1,1,1,1,0","4.538909912,5.333454132,5.156889439,6.262038231,5.768496513,4.449262142,4.226318359,5.012470722,5.065449238,6.248849392,5.763326645,4.335525513,5.142372608,7.149711609,4.961856842,7.863347054,7.873285294,5.156889915,7.863232136,5.000318050,7.860691547,7.874946594,5.195351124,7.870134830,5.038779736,7.881839275,7.859775066,7.865787983,7.856745243,7.858184338,7.871532917,5.415219307",HTTP,7,0,Acceptable,Web,6,DPI,"12" +1,ip4,192.168.1.7,52.41.30.5,tcp,53249,443,finished,16,16,1484319117826887,1484319118140455,1484319118145946,0,0,1448,1448,2205,9578,0,140,20407.3,141407,28956.2,838464256.0,3.9,"52701,54230,4655,50068,892,45987,1145,402,2281,621,48897,36085,58570,140,1031,141407,13303,12185,4698,8739,8491,4498,3692,4536,12375,12816,15153,13884,6123,6182,6840",52,420.8,1500,506.4,256458.0,4.1,"64,60,52,260,52,197,52,58,97,1500,550,52,52,1500,213,1500,52,545,52,991,52,425,52,1292,52,1392,52,646,52,794,52,707","12,1,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,0,0,0,1,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.494096756,5.269149303,5.100070000,6.003353119,5.215455055,6.547097206,5.138531685,5.182787418,6.044509888,7.866807461,7.609665394,5.140452385,5.215455055,7.873748302,6.994494438,7.847311020,5.138531685,7.632858276,5.138531685,7.760740280,5.176993370,7.540992260,5.061608315,7.843688965,5.176993370,7.880697250,5.138531685,7.689140797,5.100070000,7.779115677,5.138531685,7.737319469",TLS.NetFlix,91.133,1,Fun,Video,6,DPI,"15" +1,ip4,192.168.1.7,52.41.30.5,tcp,53239,443,info,17,15,1484319117605859,1484319118414034,1484319118767393,0,0,1448,1448,4896,7589,0,95,63539.0,500942,121518.7,14766798848.0,3.3,"58292,61223,1798,70566,2939,1016,71265,11570,12325,13054,147,95,65707,781,52265,3649,191,91649,51753,301,140150,3732,3446,3903,5462,6438,5030,437212,863,500942,291945",52,442.8,1500,552.3,305076.8,4.0,"64,60,52,569,52,1500,1500,52,245,52,127,58,97,52,103,52,1500,789,52,1500,476,52,448,52,751,52,86,52,1500,672,52,1500","10,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","5,2,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,1,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,1,0,1,0,0,0,1,1","4.586286545,5.335815430,5.169486523,4.098951340,5.025067329,7.251211166,7.301212311,5.207947731,7.012731075,5.246409416,6.273766041,5.113821983,5.990005016,5.132945538,5.992234230,5.246409893,7.870625973,7.755266190,5.171407223,7.853860855,7.522392750,5.169486046,7.574260712,5.131024361,7.742949009,5.207947731,5.956426620,5.207947731,7.856410503,7.668289185,5.038780212,7.883280277",,,,,,,,"" +1,ip4,192.168.1.7,184.25.204.10,tcp,53252,80,finished,6,26,1484319118658049,1484319118854817,1484319119584735,0,0,245,1448,245,34752,0,508,36240.5,99830,21554.2,464585632.0,4.7,"16679,17740,11985,38478,508,12702,40101,27115,27112,58536,99830,81106,33879,23672,53768,53762,65076,48010,65429,13865,30914,13324,28733,40448,54528,28786,29443,29431,27518,25487,25489",52,1146.7,1500,613.3,376142.5,4.7,"64,60,52,297,52,1500,1500,52,1500,52,1500,64,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500","5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,24,0,0","0,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","4.495864868,5.233453751,5.156889915,5.883365631,5.270353794,7.005603790,7.481070995,5.118428230,7.677317619,5.077241421,7.654481411,5.151865005,7.832942486,7.813632965,7.788673401,7.782803535,7.834435940,7.821334362,7.827250957,7.843655586,7.828696728,7.842951298,7.865435123,7.847778320,7.855163097,7.835734844,7.856423378,7.842322826,7.854029179,7.863353252,7.834544182,7.849704266",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" +1,ip4,192.168.1.7,184.25.204.10,tcp,53251,80,finished,14,18,1484319118657433,1484319120611345,1484319120609765,0,0,245,1448,490,22387,0,241,126007.9,1416280,340787.6,116136157184.0,2.6,"15432,16762,2055,27228,957,1055,27336,38112,39355,39938,44658,83445,40664,236734,277719,1389753,1416280,268,12835,48683,241,12768,12757,15934,13837,16300,12778,12746,23173,13285,13156",52,767.5,1500,698.9,488505.9,4.3,"64,60,52,297,52,1500,1500,52,1500,52,1500,1500,52,1500,719,52,297,1500,1500,1500,52,52,1500,1500,52,1500,52,1500,1500,52,1500,52","12,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,15,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,1,1,0,0,1,1,1,0,0,1,1,0,1,0,1,1,0,1,0","4.464614868,5.187539101,5.079966545,5.914007187,5.270354271,7.264070511,7.801600933,5.195351601,7.847749710,5.032077789,7.834869862,7.811845303,5.118427753,7.846868038,7.676549435,5.195351124,5.834331989,6.944043159,7.534036636,7.785680771,5.062724590,4.993616104,7.810704231,7.840629101,5.024262428,7.853393078,4.863714218,7.836608410,7.849914551,5.062724113,7.841484547,5.053297043",HTTP.NetFlix,7.133,0,Fun,Video,6,DPI,"" diff --git a/test/results/flow-analyse/netflow-fritz.pcap.out b/test/results/flow-analyse/netflow-fritz.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/netflow-fritz.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/netflowv9.pcap.out b/test/results/flow-analyse/netflowv9.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/netflowv9.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/nfsv2.pcap.out b/test/results/flow-analyse/nfsv2.pcap.out new file mode 100644 index 000000000..6ab06562c --- /dev/null +++ b/test/results/flow-analyse/nfsv2.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,139.25.22.2,139.25.22.102,udp,1023,2049,finished,16,16,944207338490000,944207338580000,944207338580000,124,0,172,128,2168,1208,0,0,5806.5,40000,10088.1,101768992.0,3.3,"0,0,0,40000,40000,0,0,0,10000,10000,0,0,0,0,0,10000,10000,10000,10000,0,0,0,0,10000,10000,0,0,0,0,10000,10000",56,133.5,200,43.1,1860.8,4.9,"152,124,152,76,160,56,160,56,192,156,152,124,152,124,160,156,184,124,160,156,160,56,160,56,160,156,160,56,200,56,152,124","0,0,0,5,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","3.371484280,3.525987864,3.379018784,3.466069698,3.343606710,3.300534248,3.343606710,3.300534248,3.290571213,3.348722219,3.371484280,3.323238611,3.371484280,3.487642050,3.331106663,3.335901976,3.693611860,3.362390041,3.331106663,3.362183094,3.365244627,3.300534248,3.365244627,3.215625525,3.331106663,3.379842520,3.352744579,3.300534248,3.235463142,3.225106239,3.358326435,3.513812542",NFS,11,0,Acceptable,DataTransfer,6,DPI,"" diff --git a/test/results/flow-analyse/nfsv3.pcap.out b/test/results/flow-analyse/nfsv3.pcap.out new file mode 100644 index 000000000..4a6aa4604 --- /dev/null +++ b/test/results/flow-analyse/nfsv3.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,139.25.22.2,139.25.22.102,udp,1022,2049,finished,16,16,944207397400000,944207397500000,944207397500000,128,0,184,272,2256,2044,0,0,6451.6,50000,12325.8,151925088.0,3.2,"0,0,10000,10000,0,0,0,50000,50000,0,0,0,10000,10000,0,0,0,10000,10000,0,0,0,10000,10000,0,0,0,10000,10000,0,0",60,162.4,300,63.4,4021.9,4.9,"156,140,156,192,156,196,156,168,164,60,164,60,212,300,156,140,192,172,164,60,164,60,164,268,164,60,208,288,164,268,164,60","0,0,0,0,13,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,6,0,2,2,2,0,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","3.326711178,3.327016592,3.326071262,3.163861752,3.338891745,3.169299841,3.334052563,3.097134829,3.262883663,3.180556774,3.262883902,3.113889694,2.862895966,3.295031309,3.326711178,3.137918949,3.170489788,3.257602215,3.320102930,3.147223234,3.332298279,3.147223234,3.250688314,3.172522783,3.332298279,3.180556774,3.225916147,3.296354771,3.267486334,3.381330967,3.502039671,3.180556774",NFS,11,0,Acceptable,DataTransfer,6,DPI,"" diff --git a/test/results/flow-analyse/nintendo.pcap.out b/test/results/flow-analyse/nintendo.pcap.out new file mode 100644 index 000000000..f05c95e62 --- /dev/null +++ b/test/results/flow-analyse/nintendo.pcap.out @@ -0,0 +1,6 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.114,91.8.243.35,udp,52119,49432,finished,16,16,1500731320644357,1500731323575958,1500731323714896,60,0,188,812,1264,2736,0,53,193617.4,1729670,331922.2,110172323840.0,3.6,"87919,239629,335441,89838,30639,131192,103304,499986,507312,130872,234805,19308,15810,5164,16850,12585,53490,8758,197,60833,14170,505639,501514,5142,514446,94641,233,1729670,53,52619,81",88,153.0,840,179.5,32207.0,4.5,"88,88,184,216,104,88,136,104,88,104,136,120,104,104,104,840,104,840,88,88,104,88,88,88,88,88,104,104,104,104,104,104","0,7,7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,4,8,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,1,0,1,0,1,1,0,1,0,0,1,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1","6.054771423,6.070055008,6.784899235,6.928938866,6.170448780,6.114374638,6.682166576,6.236359596,6.114374638,6.332513809,6.593932629,6.402483463,6.228141308,6.167903423,6.240113258,6.264906406,6.300350189,5.915572166,5.837212563,5.851361752,6.208909988,5.936699867,6.078633785,6.168406963,6.024600983,5.979146481,6.063282490,6.067996502,6.005589962,6.166695118,6.181211948,6.193184376",Nintendo,173,0,Fun,Game,6,DPI,"" +1,ip4,54.187.10.185,192.168.12.114,tcp,443,48328,finished,19,13,1500731322454625,1500731342015923,1500731342041758,0,0,334,405,1090,1094,1,43,1262852.6,14019058,3442938.0,11853821378560.0,2.4,"6277,307132,3508675,3481620,246,43,276417,18546,55237,145,35743,210876,214177,255332,13944464,14019058,757,51,5265,332523,29922,280387,254222,215658,3394,13561,231064,4335,258992,453544,730768",52,120.2,457,98.4,9678.6,4.6,"152,103,52,119,52,110,99,52,103,152,152,52,52,103,52,457,52,99,386,152,52,103,52,368,52,109,99,52,103,52,152,103","8,5,0,5,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,6,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,0,1,1,0,0,1,0,1,0,1,0,0,0,0,1,1,0,1,0,0,0,1,1,0,0,1","6.479545116,5.785408020,5.038780212,5.979954243,4.955154419,6.040005207,6.008045197,5.003043652,5.726619720,6.592999458,6.614606380,4.988526344,5.077241898,5.668902874,5.000318527,7.493407249,5.115703106,6.091131687,7.370351791,6.507602692,5.003043175,5.784872532,5.077241898,7.341584682,5.077241898,6.192684174,5.995468616,5.079966545,5.751333237,5.077241898,6.654079914,5.719826698",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.12.114,185.118.169.65,udp,55915,27520,finished,22,10,1500731342849734,1500731344006747,1500731344120690,60,0,844,844,2472,1560,0,25,78321.6,754134,152593.1,23284658176.0,3.2,"280,397,210011,243,431,203806,304,212,311877,2339,183,754134,1127,30674,588,242272,245592,5517,2752,1899,125604,98,25,109131,222,10721,20118,10437,105846,2222,28907",88,154.0,872,186.2,34652.0,4.5,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,88,104,104,104,104,872,88,872,104,104,88","0,2,18,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,1,1,1,0,0,1,0,0,1,1,1","6.027614594,6.162230015,5.955404758,6.008383274,6.027614117,5.981129169,5.969922066,6.066075802,6.046844959,5.974635601,6.058817387,6.054103374,6.103913307,6.176122665,6.046596527,6.109002590,6.645735741,5.936699867,6.072710037,6.149633408,6.658484459,6.054296017,6.158073902,6.254228115,6.048765182,6.142750740,5.609991074,5.891245842,5.565810204,6.126870632,6.246969700,5.874088764",Nintendo,173,0,Fun,Game,6,DPI,"" +1,ip4,192.168.12.114,93.237.131.235,udp,55915,56066,finished,22,10,1500731343061460,1500731344751616,1500731344671142,60,0,844,844,4168,1560,0,67,106446.4,757918,188381.8,35487694848.0,3.4,"726,2728,200750,236,363,313750,216,309,757918,67,245897,246,38434,238,116689,3047,25905,110485,1189,79734,7959,87905,10077,91853,20145,506365,607064,9714,10174,12917,36738",88,207.0,872,231.8,53743.0,4.4,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,168,88,872,88,872,88,104,104,88,344,840,472,472","0,3,13,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,6,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,0,1,1,1,0,0,0,0,0","6.039587021,6.058817387,5.969922066,6.032328129,6.054103374,6.019590855,6.073334694,6.111796379,6.092565060,6.168863773,6.214584351,6.109002590,6.140205860,6.123519897,6.154723167,6.208508015,6.138843060,6.726152897,5.973575592,6.683043003,5.940660000,5.584841251,5.973575592,5.570620537,5.787140369,6.150815010,6.182018280,6.004880905,7.315718174,5.846724510,6.181584358,6.204835892",Nintendo,173,0,Fun,Game,6,DPI,"" +1,ip4,192.168.12.114,81.61.158.138,udp,55915,51769,finished,20,12,1500731343266581,1500731344811760,1500731344805333,60,0,844,844,2304,1712,0,137,99481.6,649265,183756.7,33766533120.0,3.2,"295,399,313495,260,289,284287,137,381,629371,5230,43658,5349,61371,137,131610,65365,7948,186,836,31052,435,67583,2946,484,7525,105852,5669,103301,9836,549379,649265",88,153.5,872,186.3,34709.8,4.4,"104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,168,88,104,104,168,104,104,88,104,104,872,88,872,88,104,104,88","0,3,15,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,8,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0","6.066075802,6.142999172,6.123768806,6.032328606,6.188719273,6.181460857,6.181460857,6.169488430,6.111796379,6.038962364,6.065451622,6.120974541,6.128233433,6.053479195,6.116261482,6.740974426,6.004880905,6.097030163,6.166695118,6.774616718,6.150815487,6.220480442,5.905394077,6.170046329,6.234997272,5.541868210,5.928121090,5.589448929,6.027608395,6.189277172,6.140205860,6.004880905",Nintendo,173,0,Fun,Game,6,DPI,"" diff --git a/test/results/flow-analyse/nntp.pcap.out b/test/results/flow-analyse/nntp.pcap.out new file mode 100644 index 000000000..c8e5e5053 --- /dev/null +++ b/test/results/flow-analyse/nntp.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.190.20,192.168.190.5,tcp,55630,119,finished,19,13,1258844926423672,1258844993785292,1258844993785209,0,0,31,1448,113,4808,0,29,4345908.0,25684268,7782391.0,60565611347968.0,3.1,"157,178,17001,17072,178,379,673149,673694,608,343,40452,19518042,19565845,7986,4770071,4784435,14326,95,29,25683555,25684268,770,12078373,12090740,12467,209,55,4543973,116,4544308,283",40,205.9,1500,397.4,157950.1,3.6,"60,60,52,176,52,65,52,99,78,52,101,52,65,1280,52,65,1500,52,172,52,83,102,52,63,1500,52,318,52,58,52,80,40","19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,0,0","0,1,0,1,0,0,1,1,0,1,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,0,0,1,0","4.471673489,4.918822765,4.878231525,5.476410866,4.931209564,5.179985523,4.961856842,5.561774254,5.435857296,5.000318050,5.478010178,4.892747879,5.210754871,5.673897266,4.969671249,5.291449070,5.852569103,4.878231049,5.413592815,4.878231049,5.543476105,5.549430847,4.931209564,5.298630238,5.766685963,4.767184258,5.374790192,4.825252533,4.982897282,4.817437172,5.532413483,3.670482159",Usenet,93,0,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/no_sni.pcap.out b/test/results/flow-analyse/no_sni.pcap.out new file mode 100644 index 000000000..54b5cfe30 --- /dev/null +++ b/test/results/flow-analyse/no_sni.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.119,104.16.249.249,tcp,51606,443,finished,17,15,1604822444486731,1604822444918595,1604822444918472,0,0,616,682,1296,1416,0,4,27858.2,180261,53974.2,2913210624.0,3.0,"137944,138022,4673,280,93,180261,3035,178242,156,4,141,2334,6395,1417,5511,15440,136,687,115,1388,73966,13479,4177,2946,6,76790,62,5422,2521,12,7950",40,127.2,722,163.8,26828.9,4.2,"64,52,40,656,46,210,46,722,40,102,46,40,124,46,71,40,191,126,100,132,71,46,46,46,366,71,40,40,46,293,71,40","10,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,0,0,1,1,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0","4.396777153,4.868495941,4.453056812,7.114666462,4.555532932,6.968688488,4.414441109,7.666847229,4.630641460,6.135609627,4.457919598,4.630641460,6.314809799,4.414441109,5.619441509,4.511769772,6.797011852,6.413628101,6.156311035,6.369709969,5.547562122,4.414441109,4.414441109,4.414441109,7.324114323,5.703947544,4.630641460,4.630641460,4.457919598,7.272934914,5.647610664,4.630641460",TLS.DoH_DoT,91.196,1,Acceptable,Network,6,DPI,"" +1,ip4,192.168.1.119,104.16.124.96,tcp,51612,443,finished,16,16,1604822444913120,1604822445694881,1604822445694834,0,0,947,1460,2075,8322,0,120,50434.7,472643,107031.5,11455736832.0,3.0,"121173,121273,5431,100429,365,95332,957,4750,120,77068,533,71774,182,427,594,188,76917,15494,380381,472643,2763,2757,2091,2075,1637,1645,1367,284,1629,603,593",40,367.0,1500,489.4,239474.4,3.9,"64,52,40,987,46,272,40,104,210,903,46,552,40,46,71,40,71,46,46,1078,40,830,40,1431,40,1431,40,1500,393,40,1164,40","12,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,2,0,1,0,0","0,1,0,0,1,1,0,0,0,0,1,1,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,1,0,1,0","4.459277153,4.906957626,4.434184551,7.493985176,4.501398087,6.837790012,4.611769199,6.011372089,6.893880844,7.790526867,4.501398087,7.625611782,4.561769009,4.501398087,5.703947067,4.561769009,5.575730801,4.457919598,4.501398087,7.808494568,4.611769199,7.795384884,4.611769199,7.862168789,4.611769199,7.876565933,4.611769199,7.855591774,7.425184250,4.611769199,7.806784630,4.611769199",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.119,104.22.72.170,tcp,51637,443,finished,18,14,1604822447287011,1604822447783794,1604822447783495,0,0,712,1460,1453,5882,0,23,32040.9,143742,43042.9,1852691072.0,3.8,"81926,82025,5271,129371,1703,673,126443,63976,9103,148,11896,1581,143742,57056,79239,1596,80830,1627,14677,255,13311,11856,23,12136,91,25357,25014,814,775,5252,5500",40,271.3,1500,409.4,167573.6,3.8,"64,52,40,752,46,1500,1371,40,104,210,366,115,115,1371,52,46,552,40,71,46,71,40,567,71,40,40,354,40,71,40,354,40","12,0,3,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,0,1,1,0,0,1,1,0,1,1,0,0,1,0,1,0,1,0","4.459277153,4.906957626,4.521928787,7.339107990,4.501398087,7.864248276,7.833704948,4.680641651,5.877521515,6.990070820,7.449111938,6.292889118,6.375582218,7.833081245,4.709867954,4.544876099,7.609548569,4.680641651,5.444761276,4.457919598,5.626344681,4.680641651,7.643690109,5.580639362,4.630641460,4.630641460,7.406938553,4.680641651,5.636977673,4.680641651,7.347516537,4.680641651",TLS,91,1,Safe,Web,6,DPI,"" diff --git a/test/results/flow-analyse/ocs.pcap.out b/test/results/flow-analyse/ocs.pcap.out new file mode 100644 index 000000000..528377701 --- /dev/null +++ b/test/results/flow-analyse/ocs.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +12,ip4,192.168.180.2,178.248.208.54,tcp,49881,80,finished,32,0,1449652787983929,1449652790713183,1449652787983929,0,0,663,0,663,0,0,450,88040.5,928563,172609.9,29794174976.0,3.5,"83797,14275,246872,572,450,68391,1837,71492,506,5433,4137,41728,146026,90832,71054,77421,63432,3718,80468,1653,86121,564,67336,32599,43283,386587,73735,2510,928563,31722,2140",52,83.1,715,113.8,12942.2,4.5,"60,52,715,64,72,72,80,72,72,72,72,72,64,52,64,64,64,52,52,52,52,64,64,64,64,52,52,64,64,52,64,64","31,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.517588139,5.123517990,6.025798798,5.070159912,5.236322403,5.173415184,5.239589214,5.201192856,5.264100075,5.236322403,5.236322403,5.182154179,5.152114868,5.091758728,5.194910049,5.194910049,5.132410049,5.154164791,5.115703106,5.115703106,5.032077789,5.132410049,5.163660049,5.132410049,5.163660049,5.115703106,5.168681622,5.220060349,5.169355392,5.008133411,5.120864868,5.077819824",HTTP.OCS,7.218,0,Fun,Media,6,DPI,"" +12,ip4,192.168.180.2,178.248.208.210,tcp,42590,80,finished,32,0,1449652842628827,1449652843470951,1449652842628827,0,0,152,0,152,0,0,77,27165.3,79495,29589.7,875550464.0,4.0,"71399,1526,54762,1106,3570,59902,605,77,5328,64776,1667,1533,79495,5458,58361,1849,64604,1987,67520,26503,42864,25995,65439,972,48553,1253,1960,1270,75524,1445,4821",52,63.9,204,26.3,690.5,4.9,"60,52,204,52,52,52,52,52,64,64,64,64,72,64,64,72,72,72,64,64,64,52,52,52,52,52,52,52,52,52,64,72","31,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.550921917,5.046595097,5.875504971,5.154164791,5.115703106,5.154164791,5.192625999,5.154164791,5.194910049,5.226160049,5.194910049,5.226160049,5.329917908,5.226160049,5.251310349,5.296718597,5.391922951,5.336368084,5.251310349,5.294355392,5.294355392,5.207143307,5.154164314,5.168681622,5.091758728,5.168681622,5.168681622,5.130220413,5.168681622,5.207143307,5.313810349,5.324496269",HTTP.OCS,7.218,0,Fun,Media,6,DPI,"" diff --git a/test/results/flow-analyse/ocsp.pcapng.out b/test/results/flow-analyse/ocsp.pcapng.out new file mode 100644 index 000000000..7089e7994 --- /dev/null +++ b/test/results/flow-analyse/ocsp.pcapng.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.128,142.250.184.99,tcp,54154,80,finished,17,15,1623222699655905,1623222817722827,1623222807485567,0,0,394,702,788,1404,0,0,7286986.5,10243102,4408149.5,19431782612992.0,4.5,"3376,7013,0,7440,102951,109262,10007824,10012989,10151666,10151973,10240500,10240566,10243102,10242877,10236097,10235872,10239925,10240468,10239857,10239497,5617732,5617894,102927,109302,10148797,10155034,10236056,10236089,10239827,10239709,10239962",104,173.0,806,189.1,35745.5,4.5,"112,112,104,498,104,806,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,498,104,806,104,104,104,104,104,104,104,104","15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0","3.897244453,4.342274189,4.040620327,6.236268997,4.387147903,7.122592449,4.465434074,4.446203232,4.328273296,4.336050510,4.381251812,4.426972389,4.335968971,4.426972389,4.400482655,4.446203232,4.335968971,4.446203232,4.400482655,4.446203232,4.369279861,6.204105377,4.350049019,7.039563656,4.419713497,4.426972389,4.419713497,4.369279861,4.419713497,4.381252289,4.407741547,4.381689072",HTTP.OCSP,7.63,0,Safe,Cloud,6,DPI,"" +1,ip4,192.168.1.128,92.122.95.235,tcp,43728,80,finished,17,15,1623222785863296,1623222906298417,1623222896069773,0,0,386,889,772,1778,0,280,7440051.5,10244049,4398639.5,19348030750720.0,4.5,"12043,16085,280,19618,157130,176931,7779779,7796085,1344,16621,10045906,10060740,10239929,10239733,10239821,10240037,10244027,10243851,10239937,10239981,10236031,10236118,10243927,10244049,10235957,10235895,10239975,10239809,10240030,10240044,10239885",104,184.2,993,228.7,52281.3,4.4,"112,112,104,490,104,993,104,490,104,993,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104","15,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","3.854789734,4.210582733,4.061213493,6.305238724,4.330295086,6.969508171,4.388510704,6.307199955,4.399959564,6.995585918,4.388510704,4.446203232,4.362458229,4.407741547,4.380728722,4.362020969,4.380728722,4.407741547,4.342267036,4.388510704,4.335008621,4.362458229,4.335008621,4.381251812,4.373470306,4.369279861,4.335008621,4.407741547,4.354239464,4.400482655,4.354321003,4.343227386",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" +1,ip4,192.168.1.128,93.184.220.29,tcp,47904,80,finished,18,14,1623226796047107,1623226898935296,1623226888697884,0,0,387,799,1161,2397,0,297,6307708.5,10240173,4932344.5,24328020164608.0,4.3,"3075,7547,2588,10413,297,8000,10198565,10205648,10239932,10239686,10240046,10239807,10240147,10240173,10239675,10239894,594543,595404,7786,346,7916,7271,10142015,10148632,10239909,10240023,10239943,10239865,10239954,10239944,10239922",104,215.7,903,247.8,61420.8,4.3,"112,112,104,491,104,903,104,104,104,104,104,104,104,104,104,104,104,491,903,104,491,903,104,104,104,104,104,104,104,104,104,104","15,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1,0","3.868270159,4.279380798,4.030010700,6.270659924,4.342348576,7.048072815,4.407741547,4.407741547,4.327831268,4.388510704,4.373551369,4.383797169,4.361579418,4.395769119,4.336050510,4.388510704,4.327831268,6.267565727,7.008815289,4.357307434,6.261363029,7.018546581,4.348686218,4.395769119,4.303886890,4.330818176,4.342348576,4.395769119,4.342348576,4.414999962,4.272684097,4.376538277",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" +1,ip4,192.168.1.128,151.101.2.133,tcp,59922,80,finished,17,15,1623227472211039,1623227587349174,1623227584757187,0,0,401,1344,401,1998,0,0,7344654.5,10240632,4532510.5,20543650660352.0,4.5,"3378,7400,923,8114,615,0,9140,0,10126876,10134843,10240392,10240491,10239169,10239578,10239933,10239705,10239910,10239519,10239942,10240185,10239877,10240084,10240632,10240175,10239571,10239443,10239518,10240005,10239975,10240013,2594877",104,179.5,1448,263.0,69147.6,4.2,"112,112,104,505,104,1448,758,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104","16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","3.821438313,4.185985565,4.099675179,6.228553295,4.350049019,6.867750645,7.448840618,4.438944817,4.354762554,4.362021446,4.304766178,4.350049019,4.400483131,4.381252289,4.400483131,4.354762554,4.328273296,4.342790604,4.381252289,4.419713974,4.400483131,4.419713974,4.373993397,4.347504139,4.362021446,4.362021446,4.400483131,4.400483131,4.400483131,4.354762554,4.381252289,4.362021446",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" +1,ip4,192.168.1.128,52.85.15.92,tcp,49382,80,finished,17,15,1623227471703092,1623227587366039,1623227587361645,0,0,396,1006,396,1006,0,379,7461984.0,10240568,4364520.0,19049033498624.0,4.6,"11963,16479,379,17094,109967,126649,9996419,10012379,10239928,10239783,10239896,10240232,10239903,10239633,10239951,10239961,10239904,10240133,10239949,10239714,10239909,10239972,10240568,10240566,10239801,10239750,10239347,10239527,3107000,3107879,16865",104,148.3,1110,185.9,34567.0,4.5,"112,112,104,500,104,1110,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104,104","16,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","3.872647047,4.259160519,4.034724236,6.288679600,4.284656048,6.962940216,4.381252289,4.381252289,4.315859318,4.362021446,4.250907898,4.362021446,4.335090160,4.354762554,4.277397633,4.283735275,4.335090160,4.381252289,4.315859318,4.362021446,4.284656048,4.381252289,4.284656048,4.323559761,4.335090160,4.335531712,4.296628475,4.362021446,4.315859318,4.329455853,4.250907898,4.369279861",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" +1,ip4,192.168.1.128,23.12.96.145,tcp,49034,80,finished,17,15,1623229850956311,1623229914599193,1623229904370774,0,0,387,1448,1159,5872,0,0,3776043.2,10241196,4797137.5,23012529143808.0,3.6,"12234,16624,475,17773,3362,0,21718,0,1169650,1186786,9796,0,24736,0,1031529,1046686,2550,0,18982,0,10158449,10174381,10240180,10240467,10240694,10240443,10239931,10239902,10238718,10240083,10241196",104,324.2,1552,431.7,186386.9,4.1,"112,112,104,490,104,1552,613,104,104,490,104,1552,613,104,104,491,104,1552,614,104,104,104,104,104,104,104,104,104,104,104,104,104","14,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,0,1,0,1,0,1,0","3.854789734,4.239557266,4.034724236,6.314732075,4.338077068,7.042398453,7.244339943,4.381252289,4.362021446,6.303278446,4.335968971,7.031822681,7.242278576,4.270580769,4.335531712,6.231549740,4.350049019,7.030226231,7.237232208,4.342790604,4.323559761,4.400483131,4.426972389,4.400483131,4.426972389,4.362021446,4.426972389,4.335532188,4.388510704,4.400482655,4.426972389,4.400482655",HTTP.OCSP,7.63,0,Safe,Network,6,DPI,"" diff --git a/test/results/flow-analyse/ookla.pcap.out b/test/results/flow-analyse/ookla.pcap.out new file mode 100644 index 000000000..2ab8039a0 --- /dev/null +++ b/test/results/flow-analyse/ookla.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.7,46.44.253.187,tcp,51215,8080,finished,21,11,1491069115107460,1491069116003131,1491069115908957,0,0,19,34,174,186,0,72,54747.4,137734,32631.2,1064798016.0,4.7,"36785,36897,27990,64017,72,36059,38392,72665,34304,27134,61863,34745,97665,133205,35538,27694,63063,35336,68477,103729,35275,26006,61113,35107,103239,137734,34506,32637,67251,34614,94056",52,63.9,86,9.7,93.7,5.0,"64,60,52,55,52,86,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71,71,52,71","21,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","4.484427452,5.279368877,5.115703106,5.192151546,5.207948208,5.516513824,5.077241421,5.383457661,5.524891853,5.024262905,5.400994301,5.542428493,5.077241421,5.485500813,5.524891853,5.077241421,5.439795971,5.648200035,5.077241421,5.411627769,5.609398842,5.115703106,5.485501289,5.524892330,4.961856365,5.485501289,5.648200035,5.115703106,5.496133804,5.530390263,5.000318050,5.390362263",Ookla,191,0,Safe,Network,5,DPI (cache),"" diff --git a/test/results/flow-analyse/openvpn.pcap.out b/test/results/flow-analyse/openvpn.pcap.out new file mode 100644 index 000000000..59dcf4b01 --- /dev/null +++ b/test/results/flow-analyse/openvpn.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.77,46.101.231.218,tcp,60140,443,finished,14,18,1467904946700231,1467904948037674,1467904948077757,0,0,305,156,869,1940,0,124,87579.6,997748,233509.3,54526590976.0,2.7,"54914,54953,945324,997748,484,52895,181,76406,76231,41001,2720,125,43907,139,238,305,40498,40497,41001,40993,125,124,261,41001,40990,40292,40328,460,133,578,40117",52,140.3,357,75.3,5671.5,4.8,"60,60,52,96,52,108,52,104,52,357,52,208,196,104,196,196,52,196,208,196,104,196,196,52,196,208,196,104,196,196,52,196","6,5,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,1,0,1,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,1","4.584255219,5.060977936,4.931210041,5.511040688,5.118428230,5.631525517,4.931210518,5.754630089,5.118428230,5.666812420,5.079966545,5.957755566,6.109939575,5.713871956,6.450070858,6.737315655,4.969671726,6.613219261,6.182499886,6.423310280,5.735399246,6.659830093,6.680945873,4.839769840,6.074276447,6.127354145,6.415046692,5.795508862,6.625069141,6.833714008,5.008133411,6.392446995",OpenVPN,159,1,Acceptable,VPN,6,DPI,"5" +1,ip4,192.168.43.12,139.59.151.137,udp,41507,13680,finished,17,15,1470218591746723,1470218592449269,1470218592448973,42,0,303,154,1095,2054,0,395,45316.0,195816,59561.3,3547546112.0,3.9,"195179,195816,838,177248,176180,535,476,500,395,473,450,98532,98585,29601,29590,19812,19831,411,519,50093,49983,29934,29992,20280,20221,9484,9461,38312,38344,31856,31865",70,126.4,331,58.6,3436.1,4.9,"70,82,78,331,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78","0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","5.343287468,5.472147942,5.659653187,5.646926403,5.923888206,5.609391689,6.040631294,5.680029869,6.625756264,5.669331551,6.739820004,5.680030346,6.600285530,5.721633911,6.436116695,5.670351982,6.646757126,5.644711018,6.586377144,5.654388905,6.016889572,5.609391689,6.426263332,5.705670357,6.638464928,5.644710541,6.632380486,5.644710541,6.345944881,5.680030346,6.544235229,5.654388905",OpenVPN,159,1,Acceptable,VPN,6,DPI,"5" +1,ip4,192.168.43.18,139.59.151.137,udp,13680,13680,finished,17,15,1472334890224928,1472334893134977,1472334893134900,42,0,303,154,1087,1962,0,128,187742.6,2242452,537269.1,288658030592.0,2.4,"2195888,2242452,46716,128,203103,15136,218070,621,558,521,518,3451,3482,185164,185172,417,398,39454,39467,9396,9396,82274,82279,3757,3775,34199,34189,15722,15714,74305,74299",70,123.3,331,58.9,3466.4,4.9,"70,70,82,78,331,78,182,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78,170,78","0,16,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,0,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","5.229001999,5.275360584,5.380565643,5.531448364,5.602619648,5.454524517,5.838843346,5.558109283,6.079430580,5.548431396,6.588905811,5.542146206,6.663234234,5.567787170,6.550342560,5.532467842,6.371866703,5.558108807,6.659762859,5.532467842,6.541461945,5.593428135,5.988543987,5.567787170,6.300799370,5.583750248,6.642903805,5.567787170,6.638377190,5.532467842,6.413649559,5.583750248",OpenVPN,159,1,Acceptable,VPN,6,DPI,"5" diff --git a/test/results/flow-analyse/oracle12.pcapng.out b/test/results/flow-analyse/oracle12.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/oracle12.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/os_detected.pcapng.out b/test/results/flow-analyse/os_detected.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/os_detected.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ospfv2_add_new_prefix.pcap.out b/test/results/flow-analyse/ospfv2_add_new_prefix.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ospfv2_add_new_prefix.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/pgm.pcap.out b/test/results/flow-analyse/pgm.pcap.out new file mode 100644 index 000000000..381157287 --- /dev/null +++ b/test/results/flow-analyse/pgm.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.244.64.154,235.0.1.47,113,,,finished,32,0,1654564815455078,1654564817394846,1654564815455078,36,0,1310,0,5416,0,0,16,62573.2,840685,155726.8,24250839040.0,2.9,"840685,20786,25,36771,5581,109,6559,20,17008,16,14904,14731,16,37275,29,168236,95027,1618,67043,1565,11009,51225,29,243023,25455,15996,6391,15033,3510,84,240009",56,189.2,1330,214.8,46132.5,4.5,"56,115,113,307,1330,192,112,116,156,271,238,319,165,117,213,299,115,127,134,114,115,130,132,131,114,121,119,120,119,121,112,113","0,1,9,12,2,1,2,1,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.207933426,3.772077084,3.737904549,4.289524555,3.977143764,4.305780411,3.733274460,3.889899492,4.148006916,4.292365074,4.336574078,4.226692677,4.062590599,3.930770159,4.197418690,4.412383080,3.835077763,3.796297789,4.342565060,3.788575172,3.851600647,4.257427692,4.309153080,4.246764660,3.757787228,3.886102915,3.938454628,3.971912861,3.968787670,3.964792728,3.751131535,3.773303032",PGM,296,0,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/pgsql.pcap.out b/test/results/flow-analyse/pgsql.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/pgsql.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/pim.pcap.out b/test/results/flow-analyse/pim.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/pim.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/pinterest.pcap.out b/test/results/flow-analyse/pinterest.pcap.out new file mode 100644 index 000000000..8f6678392 --- /dev/null +++ b/test/results/flow-analyse/pinterest.pcap.out @@ -0,0 +1,17 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7854,tcp,33262,443,info,15,17,1605289713743557,1605289713845515,1605289714059633,0,0,517,1048,1112,8219,0,0,13485.0,172415,32478.6,1054859584.0,2.7,"17629,17683,505,39969,1745,1,2,41182,41,13,234,2,0,175,23,26,7012,281,424,41621,1,1,33877,492,1,473,243,41960,172415,2,1",72,364.1,1120,421.4,177613.6,4.2,"80,80,72,589,72,1120,1120,1120,72,72,72,1120,1120,154,72,72,72,165,171,437,72,72,330,72,138,72,72,110,72,1120,1120,549","10,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,0,1,1,1,1","4.847575665,5.229952335,5.179864883,4.532552719,5.045369625,6.786690235,4.454385281,6.617737293,5.179864883,5.207642555,5.263197899,7.131698132,7.585322857,6.331103802,5.207642555,5.150118828,5.137001514,6.091404438,6.368394852,7.380807877,5.073147297,5.045369625,7.067039967,5.263197899,6.187361240,5.128702641,5.207642555,5.611329079,5.128702641,7.815224648,7.838888168,7.557251453",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::84,tcp,38512,443,finished,18,14,1605289714142423,1605289714260622,1605289714260607,0,0,954,1388,2837,7034,0,0,7625.3,53871,14761.3,217895472.0,3.0,"29210,29304,461,30605,2146,1,1,1,32223,44,9,7,7205,255,2012,156,139,311,354,53871,1,222,1,43618,1326,1,0,1343,231,798,527",72,381.0,1460,486.9,237029.2,4.1,"80,80,72,589,72,1460,1460,1460,1230,72,72,72,72,165,171,363,383,350,1026,328,72,72,72,330,72,138,72,72,72,110,1460,72","9,1,1,1,0,0,0,0,2,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,0,1,1,1,0,0,1,0","4.621765614,5.087494850,5.064152718,4.449456215,4.904376030,6.379762650,5.172341347,7.343800068,7.630727291,5.109223843,5.043183804,5.081446171,5.109223843,6.011801243,6.221057415,7.200978279,7.082930088,6.925302982,7.362153053,6.891495228,4.942638397,4.914860725,4.942638397,7.062083721,5.109223843,6.069666862,4.887083054,4.970416069,5.109223843,5.576783180,7.859548092,5.109223843",TLS.Pinterest,91.183,1,Fun,SocialNetwork,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::2004,tcp,40694,443,finished,17,15,1605289714590794,1605289714712098,1605289714737758,0,0,517,1208,1066,4645,0,0,8653.8,43788,13864.0,192210288.0,3.4,"26021,26034,177,34476,9474,0,43788,3,51,24,2375,110,130,39176,1,238,310,37117,263,3095,2873,7183,1,0,7144,49,3,681,625,589,26257",72,251.0,1280,327.8,107441.1,4.1,"80,80,72,589,72,1280,1280,72,72,289,72,136,164,395,72,72,72,652,72,103,103,72,493,818,267,72,72,72,111,72,111,72","12,1,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,0,0,0,1,0,0,1","4.845952034,5.276737213,5.243131161,4.473354340,5.090543747,7.802321434,7.843567848,5.288201809,5.260424137,7.108726978,5.260424137,6.180178165,6.552865028,7.368058681,5.107836723,5.135614395,5.097352028,7.652834892,5.232646942,5.827667713,5.769781590,5.232646942,7.502712727,7.757375717,7.029527187,5.232646465,5.260424137,5.288201809,5.925748348,5.260424137,5.889372826,5.107836723",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2600:1901::7a0b::,tcp,47032,443,finished,18,14,1605289714558209,1605289714795031,1605289714793606,0,0,517,1208,1778,5802,0,0,15232.9,132689,29577.9,874849472.0,3.1,"23500,23520,222,32278,1902,1,0,33966,35,25,324,0,242,8,1731,75,102,35078,5741,3731,0,1,42641,14,135,39228,93613,132689,1225,118,74",72,309.4,1280,401.1,160869.7,4.1,"80,80,72,589,72,1280,1280,1280,72,72,72,1280,173,72,72,136,164,451,72,72,652,103,72,72,72,103,72,330,72,111,229,571","11,1,2,0,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,0,0","4.656593323,5.123788357,5.017778397,4.494572163,4.850525856,7.806178570,7.820445061,7.825618267,4.990000248,4.985159874,5.017777920,7.793226242,6.582598209,5.045556068,5.045556068,6.051473618,6.341272354,7.424715996,4.850525856,4.812263489,7.613498688,5.540113449,4.850525856,5.073333740,5.073333740,5.737332821,4.822747707,7.185048103,5.017778397,5.884420395,6.843392372,7.591670513",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7854,tcp,33280,443,info,16,16,1605289714658043,1605289714873020,1605289714873010,0,0,517,1048,1043,6264,0,0,13869.2,89623,22425.8,502918720.0,3.3,"39835,39893,388,39880,1850,1,41296,35,60,0,18,4,565,0,563,29,2922,2605,564,39805,119,1086,1924,0,36819,15,203,49740,40102,0,89623",72,300.8,1120,374.8,140490.0,4.1,"80,80,72,589,72,1120,1120,72,72,1120,1120,72,72,1120,154,72,72,165,171,368,72,72,72,330,138,72,72,110,72,516,246,72","11,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0","4.759509563,5.142373085,5.117740154,4.564804554,4.953123093,6.789499283,4.442035198,5.175263882,5.103079796,6.610801220,7.126421452,5.203041553,5.203041553,7.603042603,6.151700974,5.175263882,5.175263882,6.101224422,6.300935745,7.262635231,4.980900764,5.036456108,4.980900764,7.043718815,6.196548939,5.175263882,5.175263882,5.631328106,5.036456108,7.479037762,6.852047443,5.230819225",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::720,tcp,57050,443,info,16,16,1605289714782619,1605289714902517,1605289714903070,0,0,517,1388,1077,12561,0,0,7753.2,50337,15382.7,236626480.0,2.9,"50290,50337,220,31719,3102,0,34561,13,675,659,1179,1,1182,11,2643,116,155,32346,0,0,0,1,29460,6,548,1,0,514,15,6,589",72,498.7,1460,595.9,355070.7,4.0,"80,80,72,589,72,1460,1460,72,72,1460,72,1460,1205,72,72,165,171,440,72,72,72,330,138,72,72,1460,1460,1460,72,72,72,1460","12,0,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,1,1,1,0,0,0,1","4.703702927,5.136080265,5.124309540,4.545345783,5.017591953,6.717867374,4.853471756,5.096531868,5.124309540,7.395221710,5.124309540,7.321218014,7.643990993,5.124309540,5.152087212,5.949683189,6.333797455,7.364598274,5.017591953,5.017591953,4.989814281,7.067564487,6.163845539,5.152087212,5.124309540,7.852941513,7.865815639,7.871354580,5.096531868,5.124309540,5.053668499,7.834792614",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::2003,tcp,51582,443,finished,16,16,1605289715133578,1605289715335705,1605289715335669,0,0,517,1208,987,9735,0,0,13039.3,76867,25126.2,631323968.0,2.8,"76818,76867,1845,47286,29961,0,0,75361,6,2,2110,577,1618,47934,0,0,88,0,1,0,1,1,1,0,43713,12,4,2,3,3,4",72,407.6,1280,486.0,236213.0,4.1,"80,80,72,589,72,1280,1280,342,72,72,72,136,164,386,72,72,72,652,103,470,1280,1280,1280,1280,1280,72,72,72,72,72,72,72","12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0","4.791396141,5.261173248,5.175122738,4.488063812,5.118321419,7.805737019,7.818699837,7.306349754,5.164638519,5.175123215,5.175123215,6.012620926,6.475091934,7.352373600,5.107836723,5.135614395,5.163392067,7.573746204,5.684781551,7.517905235,7.836332798,7.835289955,7.831481934,7.851193428,7.838675499,5.164638519,5.126376152,5.230678558,5.185607433,5.230678558,5.175123215,5.230678558",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:806::200e,tcp,54416,443,finished,16,16,1605289715221747,1605289715430506,1605289715430565,0,0,517,1208,965,10223,0,0,13470.2,79486,22212.4,493390560.0,3.3,"51607,51735,639,27991,20462,0,1,47699,14,8,3349,184,136,69956,1,28,13172,79486,329,8681,8388,16746,3,2,2,16717,40,14,21,164,2",72,422.1,1280,496.1,246097.6,4.1,"80,80,72,589,72,1280,1280,312,72,72,72,136,164,333,72,72,72,652,72,103,103,72,988,1280,1280,1280,72,72,72,72,1280,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,1,1,0,0,0,0,1,1","4.905388832,5.201737404,5.194384098,4.447809696,5.069574356,7.796703339,7.816472054,7.245393753,5.222161770,5.194384098,5.194384098,6.221469402,6.666475773,7.225831985,5.059089661,5.086867332,5.097352028,7.629415512,5.222161770,5.833802700,5.730946064,5.211677074,7.792719841,7.812408924,7.862325191,7.810635090,5.211677074,5.249939442,5.222161770,5.222161770,7.816607952,7.836236000",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a03:2880:f030:13:face:b00c::3,tcp,51292,443,finished,18,14,1605289715274358,1605289715471680,1605289715427326,0,0,517,1380,1347,5004,0,0,11299.7,93180,21751.5,473125984.0,3.0,"26987,27077,236,32338,1,0,32042,17,3873,399,116,64739,93180,2,1,290,2,3,2,24343,46,12,9,157,3,2,82,23,41,4388,39879",72,271.0,1452,368.4,135732.3,4.1,"80,80,72,589,72,1452,979,72,72,136,164,330,330,72,72,72,251,152,116,653,72,72,72,72,483,1452,114,72,72,72,103,199","12,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1,1,0,0,0,0,0","5.086080074,5.358260632,5.421088219,4.582517624,5.325077534,7.824724197,7.800261974,5.487128258,5.459350586,6.217577457,6.494597435,7.339631081,7.344889641,5.269522190,5.231259823,5.286815166,7.021345615,6.361854553,5.947217464,7.648275852,5.393310547,5.421088219,5.393310547,5.448865891,7.531715393,7.878327370,6.086453915,5.448865891,5.421088219,5.365532398,5.884278774,6.731818199",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2003,tcp,43562,443,finished,9,23,1605289716168715,1605289716199465,1605289716199511,0,0,158,1208,281,21058,1,0,1985.4,28590,6415.7,41161208.0,1.8,"202,23469,160,5107,2,28590,251,1,1,2,214,4,31,0,19,391,1,0,1,397,8,1304,0,0,1,0,1316,72,1,1,0",72,738.8,1280,578.2,334348.7,4.5,"230,195,72,72,263,1280,72,1280,1280,1280,1280,72,72,1280,1280,72,1280,1280,1280,1280,72,72,1280,1280,237,111,199,72,1280,1280,1280,1280","7,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,0,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,1,0,1,1,1,1,0,0,1,1,0,1,1,1,1,0,0,1,1,1,1,1,0,1,1,1,1","6.948834896,6.675073147,5.125129700,5.125129700,6.977108479,7.855700493,5.182512760,7.824506283,7.846910477,7.827116013,7.838431835,5.116472721,5.137442112,7.839233875,7.849976540,5.154735088,7.852743149,7.835449219,7.826992035,7.859686375,5.182512760,5.182512760,7.806921482,7.824195862,6.883517742,5.810838699,6.706934929,5.109664440,7.833899021,7.836830139,7.838667870,7.830160618",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::200a,tcp,47790,443,finished,17,15,1605289715966342,1605289717653626,1605289716195463,0,0,517,1208,1280,4020,0,0,61819.5,1485939,260701.6,67965321216.0,1.6,"55481,55557,2604,45080,17803,15,60231,16,286,275,9398,2484,606,42880,0,228,1,30633,193,14864,14650,23014,0,23014,8,85,0,70,1606,29384,1485939",72,238.1,1280,317.7,100919.6,4.1,"80,80,72,589,72,1280,1280,72,72,573,72,136,164,444,72,72,72,652,72,103,103,72,462,135,72,72,111,72,72,111,72,237","11,1,2,0,0,1,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,0,0,1,0","4.830388546,5.236173153,5.083273411,4.664566517,5.024503708,7.801916599,7.849427700,5.232646465,5.204868793,7.603487968,5.204868793,6.090775967,6.470489025,7.520395279,5.107836723,5.107836723,5.080059052,7.600295067,5.194384098,5.756132126,5.672693253,5.166606426,7.483500957,6.249640465,5.177091122,5.204868793,5.886195660,5.135614395,5.204868793,5.955920696,5.135614395,6.860337257",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::200d,tcp,40894,443,finished,16,16,1605289717548570,1605289717681759,1605289717681662,0,0,517,1208,959,10121,0,0,8589.7,42968,12964.6,168080032.0,3.5,"23434,23612,605,27825,5261,2,0,32335,48,7,3191,171,159,42968,880,1,157,40413,894,3393,2534,21369,1,21337,22,7799,1,0,1,7829,32",72,418.8,1280,492.4,242485.9,4.1,"80,80,72,589,72,1280,1280,322,72,72,72,136,164,327,72,72,72,652,72,103,103,72,876,1280,72,72,1280,1280,1280,1280,72,72","12,0,2,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,1,0,0,1,1,1,1,0,0","4.905389309,5.361174107,5.232646465,4.557852268,5.107836723,7.817549706,7.840916157,7.180346489,5.232646465,5.260424137,5.260424137,6.185771942,6.393667221,7.196280479,5.107836723,5.107836723,5.107836723,7.630718231,5.204868793,5.782878876,5.796528339,5.222161770,7.750598431,7.833017826,5.260424137,5.260424137,7.845281124,7.848848343,7.857541561,7.841633797,5.194384098,5.232646465",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a03:2880:f11f:83:face:b00c::25de,tcp,60340,443,finished,16,16,1605289715782853,1605289717682629,1605289717754541,0,0,546,1380,1620,4362,0,0,124885.9,1522186,365675.9,133718884352.0,2.3,"51050,51117,702,184290,1,0,183671,66,7538,8559,3870,48706,3,10603,0,1,1,39192,55,6,1700,5826,4025,34675,42375,77042,1489773,1522186,1,32460,71970",72,259.4,1452,363.6,132225.8,4.1,"80,80,72,589,72,1452,980,72,72,136,164,442,72,72,72,243,152,103,72,72,72,103,107,72,72,492,72,618,72,107,72,1374","11,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0,0,1,1,0,1","5.147778988,5.386569977,5.363564491,4.530324936,5.275225163,7.856009483,7.774714947,5.419119835,5.348239422,6.266700268,6.486256123,7.484294891,5.260424137,5.260424137,5.232646465,6.926154137,6.485898972,5.898414135,5.275390625,5.325302124,5.275390625,5.898528576,5.995410442,5.391342163,5.286815166,7.551696301,5.363564491,7.633099079,5.342370510,6.001532078,5.391342163,7.830712318",TLS.Facebook,91.119,1,Fun,SocialNetwork,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80a::200e,tcp,45126,443,finished,17,15,1605289732972740,1605289733216831,1605289733216812,0,0,517,1208,969,9927,0,0,15747.2,157269,35268.1,1243837184.0,2.7,"46894,46909,201,112030,45428,0,2,157269,9,5,2935,270,2964,37660,1,0,1100,1,0,32562,12,3,631,955,1,0,0,308,7,3,3",72,413.0,1280,486.7,236885.8,4.1,"80,80,72,589,72,1280,1280,549,72,72,72,136,164,337,72,72,72,652,486,1280,72,72,72,103,1280,1280,1280,1280,72,72,72,72","13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0","4.855388165,5.286173344,5.149313450,4.600729942,5.080059052,7.797164440,7.832664490,7.507453918,5.138828754,5.081305504,5.166606903,6.092433929,6.575641632,7.259848118,5.043183804,5.097352505,5.052281380,7.626473904,7.461633682,7.832756042,5.149313450,5.132019997,5.083273411,5.775549889,7.833918095,7.851273537,7.839205742,7.857754707,5.121535778,5.177091122,5.111051083,5.177091122",TLS.Google,91.126,1,Acceptable,Advertisement,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a04:4e42:1d::84,tcp,38546,443,info,15,17,1605289732959160,1605289733287022,1605289733341107,0,0,517,1388,1151,10308,0,0,22897.1,135965,39614.3,1569289984.0,3.2,"46509,46553,392,49783,3591,0,52945,10,1267,1,1272,3,2358,266,496,109019,0,0,1,0,1,105909,5,6,6499,35807,111148,135965,1,2,0",72,430.6,1460,544.3,296293.8,4.0,"80,80,72,589,72,1460,1460,72,72,1460,1230,72,72,165,171,338,72,72,330,138,72,570,72,72,72,110,72,210,72,1460,1460,1460","9,1,1,1,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,0,1,1,1,1","4.684510231,5.128057957,5.091930866,4.525407314,4.980900764,6.391155720,5.165083408,5.175263882,5.175263882,7.346390247,7.633969307,5.175263882,5.109223843,6.098253250,6.329233170,7.209453583,5.008678436,4.970416069,7.086939812,6.058278084,4.925345421,7.519527912,5.175263882,5.147486210,5.175263882,5.594966412,4.980900764,6.689027309,4.980900764,7.853739262,7.845409870,7.847467899",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:7a6e,tcp,40114,443,info,16,16,1605289733399863,1605289733500742,1605289733511200,0,0,517,1048,1017,8749,0,1,6845.7,45476,12150.2,147627232.0,3.2,"20965,21014,506,37100,8905,1,45476,39,2004,2,1,1,1959,29,12,7,90,33,7803,454,394,31006,1,387,1,22756,38,359,8296,2575,2",72,377.7,1120,441.2,194656.5,4.1,"80,80,72,589,72,1120,1120,72,72,1120,1120,1120,1120,72,72,72,72,113,72,165,171,342,72,72,330,138,72,72,110,72,1120,1120","11,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,0,1,1,1","4.809510231,5.143908501,5.203041553,4.540377140,5.064233780,6.870509624,5.058271885,5.230819225,5.230819225,6.720662117,7.193079948,7.346520901,7.621092319,5.230819225,5.137001038,5.203041553,5.175263882,5.649272442,5.175263405,6.019917488,6.380431175,7.094295502,5.064233780,5.064233780,7.049797535,6.150704861,5.203041077,5.203041553,5.667691708,5.008678436,7.799199581,7.796170235",,,,,,,,"" diff --git a/test/results/flow-analyse/pluralsight.pcap.out b/test/results/flow-analyse/pluralsight.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/pluralsight.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/pop3.pcap.out b/test/results/flow-analyse/pop3.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/pop3.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/pop3_stls.pcap.out b/test/results/flow-analyse/pop3_stls.pcap.out new file mode 100644 index 000000000..4768e25c9 --- /dev/null +++ b/test/results/flow-analyse/pop3_stls.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.20.18,72.249.41.52,tcp,50583,110,info,13,19,1346096808946579,1346096812985585,1346096813059760,0,0,314,1460,648,5522,0,215,262973.8,2072094,524859.6,275477528576.0,3.3,"68193,68972,68661,120626,119751,1003135,1075317,72544,524,70840,70284,69545,70981,215,69915,69104,262,69187,6957,114416,36010,229437,154000,2002867,2072094,69067,658,117241,116699,68875,75810",40,234.5,1500,417.0,173868.9,3.7,"52,52,40,51,46,46,68,46,46,189,46,77,208,1500,1500,40,1500,400,40,354,46,278,71,46,93,71,46,208,84,89,82,89","9,2,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,4,0,0,1,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1,1,0,1,0,1","4.492581844,4.801308632,4.734183788,5.157432556,4.996070385,4.501398087,5.447610855,4.952592373,4.501398087,5.483742237,5.012480259,5.432518482,5.539906025,7.142385483,7.103268623,4.734183788,6.899816990,7.242932796,4.784183979,7.363773823,4.501398087,6.985215187,5.760285378,4.501398087,5.843768597,5.665146351,4.501398087,6.988708973,5.939931870,5.954314232,5.674627304,5.896972179",,,,,,,,"" diff --git a/test/results/flow-analyse/pops.pcapng.out b/test/results/flow-analyse/pops.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/pops.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/pps.pcap.out b/test/results/flow-analyse/pps.pcap.out new file mode 100644 index 000000000..fe7726ade --- /dev/null +++ b/test/results/flow-analyse/pps.pcap.out @@ -0,0 +1,9 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,1.173.5.226,192.168.115.8,udp,22636,22793,info,10,22,1467353136432546,1467353136472487,1467353136473380,1065,0,1065,37,10650,814,0,2,2605.6,13556,4035.9,16288762.0,3.7,"306,331,2951,1986,4674,337,125,2,561,612,2012,866,221,1880,1060,119,11920,11824,91,13556,13473,115,2750,2611,216,1278,998,122,1608,1850,320",65,386.2,1093,476.5,227043.4,4.0,"1093,65,65,1093,1093,65,65,65,65,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1","7.828674316,5.137356281,5.137356281,7.824265003,7.825281143,5.179738998,5.101225376,5.179738998,5.101225376,5.154975891,5.154975891,7.796083450,5.137356281,5.137356281,7.808646679,5.210508347,5.210508347,7.801303864,5.079889774,5.079889774,7.813374043,5.210508823,5.210508823,7.793810368,5.112839222,5.112839222,7.648104191,5.179739475,5.179739475,7.828240871,5.179739475,5.179739475",,,,,,,,"" +1,ip4,192.168.115.8,114.42.0.158,udp,22793,7716,info,22,10,1467353136439181,1467353136477379,1467353136477110,37,0,37,1065,814,10650,0,107,2455.7,12554,3705.5,13730790.0,3.8,"314,12554,12553,190,1137,940,141,1586,1472,244,2060,1844,332,694,598,286,1704,1051,140,3586,5819,415,11908,9064,111,1248,1392,110,1452,1075,107",65,386.2,1093,476.5,227043.4,4.0,"65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65","0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0","5.119737148,5.119737148,7.751015663,5.162120342,5.162120342,7.728781223,5.025249004,5.025249004,7.800218105,5.162120342,5.162120342,7.811382294,5.100581169,5.100581169,7.798585892,5.131350517,5.131350517,7.812101364,5.131350517,5.131350517,7.815410614,5.052836418,5.052836418,7.801507473,5.069812298,5.069812298,7.767622948,5.162119865,5.162119865,7.797546387,5.162120342,5.162120342",,,,,,,,"" +1,ip4,118.171.15.56,192.168.115.8,udp,5544,22793,info,10,22,1467353136433806,1467353136571752,1467353136559870,1065,0,1065,37,10650,814,0,98,8516.5,26979,8440.4,71240384.0,4.1,"354,233,4927,176,24291,18871,121,5388,6873,160,19127,17570,126,13829,13759,135,13082,15439,116,26979,24414,172,9012,10973,385,1993,887,14115,8282,98,12123",65,386.2,1093,476.5,227043.4,4.0,"1093,65,65,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,22,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,1,1,0,1,1,0","7.718708038,5.110659122,5.110659122,5.055125713,5.055125713,7.786316872,5.085895061,5.085895061,7.777331829,5.172197342,5.172197342,7.830995560,5.055125713,5.055125713,7.799821854,5.043511868,5.043511868,7.781206608,5.055126190,5.055126190,7.756371021,5.172197819,5.172197819,7.778749943,5.141428471,5.141428471,5.018351555,5.018351555,7.782123089,5.141428471,5.141428471,7.801887989",,,,,,,,"" +1,ip4,192.168.115.8,219.228.107.156,udp,22793,1250,info,24,8,1467353136440165,1467353136804834,1467353136804280,37,0,37,1065,888,8520,0,67,23509.2,69635,21390.8,457567520.0,4.2,"416,29926,29688,118,32027,32808,298,45715,281,69635,23035,67,41991,41569,116,35956,327,59526,23042,142,31796,32196,302,44442,309,68337,22748,167,30877,30767,160",65,322.0,1093,445.1,198147.0,3.9,"65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65","0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0","5.112839222,5.112839222,7.812224865,5.155221939,5.155221939,7.822898388,5.222122192,5.222122192,5.222122192,5.222122192,7.815716267,5.252891541,5.252891541,7.813511848,5.068920135,5.068920135,5.148970604,5.148970604,7.791888237,5.150506973,5.150506973,7.805237770,5.160583973,5.160583973,5.192889690,5.192889690,7.800968647,5.088968277,5.088968277,7.814544201,4.920591831,4.920591831",,,,,,,,"" +1,ip4,192.168.115.8,222.197.138.12,udp,22793,6956,info,24,8,1467353136439640,1467353136868041,1467353136900861,37,0,37,1065,888,7474,0,67,28697.5,108044,30689.6,941853376.0,4.0,"939,52844,52258,255,55452,67,77746,21970,217,78270,79276,484,437,117,46524,44383,93,18436,18537,325,35971,83,108044,71536,720,28274,507,45891,16142,358,33466",47,289.3,1093,425.3,180865.5,3.8,"65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,1093,65,65,65,65,1093,65,65,65,65,1093,65,65,47","0,24,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1","5.252891541,5.252891541,7.807993889,5.259143829,5.259143829,5.252891541,5.252891541,7.789888382,5.197358608,5.197358608,7.823671818,4.976612091,4.976612091,5.056662560,5.056662560,7.801744938,5.179739475,5.179739475,7.702906132,5.148970127,5.148970127,5.069812298,5.069812298,7.822528839,5.131350994,5.131350994,5.119737625,5.119737625,7.810484409,5.131350517,5.131350517,4.884167194",,,,,,,,"" +1,ip4,192.168.115.8,223.26.106.19,tcp,50505,80,finished,2,30,1467353189325739,1467353189360764,1467353189374572,144,0,148,1260,292,37052,1,0,2705.1,35765,8658.9,74976944.0,1.8,"2901,35025,35765,2,54,1038,2,1,1,1,1,1,4098,1,1,1,1,0,557,2,0,1,1,4317,82,1,1,1,0,0,1",184,1207.0,1300,293.9,86398.0,4.9,"184,552,188,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300","0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,29,0,0,0,0,0,0,0,0","0,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.565698147,5.713972092,5.579771042,4.387238026,0.303162068,0.301623583,3.732781410,6.116701126,5.907885075,6.110567570,6.000755787,6.220743179,6.106208801,5.965834141,6.086260319,5.932269096,6.297639847,6.179096699,6.268159389,6.412519932,5.845352650,6.157920837,6.009664059,6.058042526,6.120846272,6.430628300,6.278068542,5.995249271,6.119624615,6.003195763,6.359897137,6.283394337",HTTP,7,0,Acceptable,Web,6,DPI,"" +1,ip4,192.168.115.8,223.26.106.20,tcp,50778,80,finished,1,31,1467353196856069,1467353196856069,1467353196981279,249,0,249,1260,249,39060,1,0,4039.0,61439,12542.6,157315936.0,1.8,"61439,3,3,0,1,1,30336,2,1,1,25868,1,0,484,2,1,0,1,574,0,2,3519,3,772,1,1,1,1,0,1,2191",289,1268.4,1300,175.9,30943.1,5.0,"289,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300","0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.680209637,7.104508400,7.815409660,7.799874306,7.795087337,7.821745396,7.813271046,7.853199959,7.800473690,7.816552639,7.802090645,7.825591564,7.808625698,7.787723064,7.801823139,7.815733910,7.747669697,7.812804699,7.828133106,7.820801258,7.831765652,7.796298027,7.782429695,7.798837185,7.797708988,7.815753460,7.803283215,7.828951836,7.803116322,7.810623646,7.793246269,7.812668324",HTTP.PPStream,7.54,0,Fun,Streaming,6,DPI,"" +1,ip4,192.168.115.8,223.26.106.20,tcp,50780,80,finished,1,31,1467353198532645,1467353198532645,1467353198686720,249,0,249,1260,249,39060,1,0,4970.2,62853,15415.3,237632432.0,1.7,"62853,7,1,1,1,1,28633,3,0,1,57886,1,1,29,1,1,276,1,0,311,1,3236,49,2,773,2,0,1,1,0,2",289,1268.4,1300,175.9,30943.1,5.0,"289,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300,1300","0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,31,0,0,0,0,0,0,0,0","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.692187786,7.093656063,7.763891220,7.770260334,7.793470383,7.754670143,7.762333870,7.736806870,7.762505054,7.806702614,7.785463810,7.806148052,7.807487488,7.792947292,7.799264908,7.823724270,7.810103416,7.827909470,7.809601784,7.808609962,7.806282997,7.797142029,7.799598694,7.803467274,7.787366390,7.806374073,7.817587852,7.813340664,7.816604614,7.807970047,7.816948891,7.823331356",HTTP.PPStream,7.54,0,Fun,Streaming,6,DPI,"" diff --git a/test/results/flow-analyse/pptp.pcap.out b/test/results/flow-analyse/pptp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/pptp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/psiphon3.pcap.out b/test/results/flow-analyse/psiphon3.pcap.out new file mode 100644 index 000000000..b3deb9cdc --- /dev/null +++ b/test/results/flow-analyse/psiphon3.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +12,ip4,192.168.0.103,104.18.151.190,tcp,40557,443,info,18,14,1613865079123029,1613865079254264,1613865079202653,0,0,1008,1460,2038,5498,0,0,6801.9,46102,10684.6,114161304.0,3.6,"6003,17375,0,14372,0,0,998,15961,7000,4998,0,0,3002,27963,1997,2998,1002,0,7002,25852,0,1389,0,0,4047,20760,1037,46102,1001,0,0",40,277.5,1500,421.9,177964.3,3.8,"60,60,52,52,40,208,40,208,40,40,1500,1002,1500,1002,40,40,40,40,133,133,40,40,298,109,298,109,40,40,133,417,78,1048","10,1,3,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,2,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","0,0,1,1,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,0,0","4.559092522,4.559092522,4.801308632,4.801308632,4.780641556,5.412927151,4.780641556,5.412927151,4.780641079,4.780641079,6.953819275,7.189953327,6.953819275,7.189953327,4.780641556,4.780641556,4.780641556,4.780641556,5.944580555,5.944580555,4.780641079,4.780641079,7.039272308,5.966729164,7.039272308,5.966729164,4.730641365,4.730641365,6.272472382,7.310267448,5.370555401,7.811244488",,,,,,,,"" diff --git a/test/results/flow-analyse/punycode-idn.pcap.out b/test/results/flow-analyse/punycode-idn.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/punycode-idn.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-23.pcap.out b/test/results/flow-analyse/quic-23.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-23.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-24.pcap.out b/test/results/flow-analyse/quic-24.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-24.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-27.pcap.out b/test/results/flow-analyse/quic-27.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-27.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-28.pcap.out b/test/results/flow-analyse/quic-28.pcap.out new file mode 100644 index 000000000..921b8913e --- /dev/null +++ b/test/results/flow-analyse/quic-28.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.9.0.2,104.26.11.240,udp,60106,443,finished,13,19,1591267474847575,1591267474935131,1591267474949617,43,0,1200,1197,4297,5362,0,2,6116.1,20960,7174.9,51478880.0,3.9,"13634,13791,13932,1053,15111,1394,4,2,2195,342,15,8,10,14715,11,4,4,3,4,4,3,13849,1181,10523,11750,5487,19948,6547,20960,4038,19076",71,329.8,1228,425.6,181138.2,4.0,"1228,75,1228,99,189,1228,1224,1225,245,138,89,71,71,154,98,543,71,71,96,71,71,71,71,71,686,71,133,71,845,71,108,72","0,6,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,9,3,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,0,1,1,0,0,1,1,0,0,1","7.825420856,5.391368389,7.839229107,6.043497086,6.731246471,7.843968391,7.815639019,7.852266788,7.065521240,6.543905735,6.067143917,5.873550892,5.873550892,6.748120308,6.120771885,7.600786686,5.845381737,5.732706547,6.072868347,5.683273315,5.722074032,5.818619251,5.778411865,5.760875225,7.744878292,5.750242710,6.580695629,5.778411865,7.773950577,5.873550892,6.249063969,5.721802711",QUIC,188,1,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/quic-29.pcap.out b/test/results/flow-analyse/quic-29.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-29.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-33.pcapng.out b/test/results/flow-analyse/quic-33.pcapng.out new file mode 100644 index 000000000..622152ccd --- /dev/null +++ b/test/results/flow-analyse/quic-33.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip6,::1,::1,udp,51430,4443,finished,9,23,1607938456563491,1607938456569390,1607938456569730,53,0,1440,1440,3531,26643,0,15,391.5,3446,792.0,627294.4,3.2,"2813,127,21,3446,599,267,22,367,71,407,38,1140,1379,530,25,290,50,285,35,19,16,16,16,16,15,17,16,46,17,16,16",101,990.9,1488,605.0,366070.2,4.6,"1280,1280,791,1488,101,103,195,103,1280,1280,359,1488,487,231,103,103,103,103,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488,1488","0,4,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0","0,3,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,15,0,0","0,1,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1","7.803868771,7.809453964,7.636795044,7.827753067,4.482279301,4.907669544,6.029671192,4.876163006,7.831148624,7.774451256,7.038985729,7.835481644,7.443472862,6.574716568,4.842088223,4.868834019,4.744999409,4.934416294,7.840272427,7.834603786,7.829602718,7.819114208,7.856932640,7.836608410,7.829055309,7.839015007,7.837625027,7.848807812,7.847033501,7.843163967,7.839411736,7.808558464",QUIC,188,1,Acceptable,Web,6,DPI,"5,24" diff --git a/test/results/flow-analyse/quic-34.pcap.out b/test/results/flow-analyse/quic-34.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-34.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-fuzz-overflow.pcapng.out b/test/results/flow-analyse/quic-fuzz-overflow.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-fuzz-overflow.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-mvfst-22.pcap.out b/test/results/flow-analyse/quic-mvfst-22.pcap.out new file mode 100644 index 000000000..40311ad48 --- /dev/null +++ b/test/results/flow-analyse/quic-mvfst-22.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.2.15,31.13.86.8,udp,35601,443,finished,12,20,24710880,27201767,27283563,31,0,1232,1252,6836,11997,0,0,163341.0,2090987,507077.5,257127612416.0,2.1,"6626,174,24,23,15783,192,68,25740,0,16544,24398,2090987,2072824,30640,212689,1822,115,243417,45,25374,21896,80671,49,21,8,9,96673,35817,60860,70,11",52,616.5,1280,577.0,332915.8,4.3,"1260,1280,1280,221,81,1260,106,95,66,261,59,52,1128,56,60,598,1260,1221,56,56,60,52,1280,1280,1280,1280,84,65,52,1280,1280,1280","1,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,3,0,0,0,0,0,0,0,0,0","6,3,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0","0,1,1,1,1,0,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,1,1,1,1","7.865873814,7.840335846,7.856841087,6.935217857,5.841008663,7.844548225,5.975329399,6.068257332,5.408033371,7.120600224,5.413970470,5.168682098,7.824946880,5.206433296,5.433454037,7.633729935,7.839689255,7.820494652,5.385004520,5.200210571,5.379368782,5.130220413,7.847099781,7.835284233,7.857980728,7.824029922,5.854679585,5.473884106,5.168681622,7.866020203,7.849047184,7.840563774",QUIC.Facebook,188.119,1,Fun,SocialNetwork,6,DPI,"" diff --git a/test/results/flow-analyse/quic-mvfst-22_decryption_error.pcap.out b/test/results/flow-analyse/quic-mvfst-22_decryption_error.pcap.out new file mode 100644 index 000000000..8c8f4b1cc --- /dev/null +++ b/test/results/flow-analyse/quic-mvfst-22_decryption_error.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +12,ip4,10.230.40.168,94.97.225.146,udp,62196,443,finished,10,22,1593498296832000,1593498296833000,1593498296836000,32,0,1232,1252,3572,18205,0,0,161.3,3000,573.4,328824.1,1.4,"1000,0,0,0,0,0,0,0,0,3000,0,0,0,0,0,1000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",60,708.5,1280,531.1,282057.0,4.5,"1260,106,106,106,698,698,698,60,60,60,66,66,66,261,261,261,400,400,400,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280,1280","0,3,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0","0,3,0,0,0,0,0,3,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","7.860296249,6.126270771,6.126270771,6.163064480,7.718494892,7.718494892,7.717700005,5.480065823,5.480065823,5.506893158,5.413313866,5.413313866,5.536673069,7.175638199,7.175638199,7.187689304,7.409482956,7.409482956,7.414732456,7.811549187,7.811549187,7.811690331,7.844969273,7.844969273,7.846896648,7.838176727,7.838176727,7.839562893,7.844841957,7.844841957,7.846801758,7.857825279",QUIC,188,1,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/quic-mvfst-27.pcapng.out b/test/results/flow-analyse/quic-mvfst-27.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-mvfst-27.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-mvfst-exp.pcap.out b/test/results/flow-analyse/quic-mvfst-exp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic-mvfst-exp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic-v2-01.pcapng.out b/test/results/flow-analyse/quic-v2-01.pcapng.out new file mode 100644 index 000000000..e9ced2aba --- /dev/null +++ b/test/results/flow-analyse/quic-v2-01.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.56.1,192.168.56.198,udp,34229,4443,finished,9,23,1643108746209343,1643108746213653,1643108746213782,55,0,1440,1440,3681,28445,0,3,282.2,2611,585.9,343297.1,3.2,"2220,34,85,2611,15,161,480,75,75,407,511,344,364,20,7,7,7,5,8,6,304,236,17,5,4,4,3,7,5,393,329",83,1031.9,1468,592.8,351417.0,4.7,"1280,1280,752,1468,431,1468,211,83,83,467,83,83,211,1468,1468,1468,1468,1468,1468,1468,1468,83,1468,1468,1468,1468,1468,1468,1468,1468,83,1468","0,4,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0","0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,18,0,0","0,1,1,1,0,0,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,0,1","7.859164715,7.830483913,7.691216469,7.861833572,7.535028458,7.857851028,7.014661312,5.904921532,5.971303463,7.551024437,6.091784954,5.908110142,7.010611057,7.856127262,7.862607956,7.865868568,7.851809502,7.870316029,7.876718044,7.846899033,7.842083454,5.832632065,7.868857384,7.869379997,7.866369724,7.853280067,7.852721214,7.849537849,7.868902206,7.856405258,5.923110962,7.879580021",QUIC,188,1,Acceptable,Web,6,DPI,"5,24" diff --git a/test/results/flow-analyse/quic.pcap.out b/test/results/flow-analyse/quic.pcap.out new file mode 100644 index 000000000..5e6acde97 --- /dev/null +++ b/test/results/flow-analyse/quic.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.109,216.58.212.101,udp,57833,443,finished,16,16,1431155536815947,1431155545866860,1431155545859249,37,0,1350,1350,4333,4661,0,7,583684.4,3197585,963931.8,929164558336.0,3.4,"46000,60057,14787,65380,2487,93393,168067,168088,622738,681338,42,58036,3119141,3197585,40,12,54064,25544,1951118,28580,2034695,28303,25,7,56884,470823,496378,2190158,2289756,44685,126004",47,309.1,1378,382.9,146578.8,4.1,"1378,464,1378,65,60,711,68,711,65,200,494,56,68,180,156,55,87,68,65,241,149,63,57,226,47,74,201,65,1176,63,744,455","0,8,0,1,1,1,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0","4,4,0,0,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,0,1,0,1,1,0,1,0,0,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1,0,1,0,0,1,1,0","4.785362720,7.506221294,7.842458248,5.653138161,5.515064240,7.661302567,5.705106735,7.653655529,5.683907509,6.901843548,7.549375057,5.423249722,5.793341637,6.893099785,6.626470089,5.353907585,6.017427444,5.664593697,5.555222511,7.050589561,6.613369942,5.496887207,5.372109413,7.016873360,5.139485359,5.793843269,6.920541286,5.579985619,7.860387802,5.401647568,7.762588978,7.570559025",QUIC.GMail,188.122,1,Acceptable,Email,6,DPI,"" +1,ip4,192.168.1.109,216.58.210.206,udp,35236,443,finished,12,20,1463075953299562,1463075954259331,1463075954259852,37,0,1350,1350,3706,22849,0,11,61937.4,828641,198595.2,39440068608.0,2.0,"565,35358,43,40485,132,24017,25957,16828,62,532,35459,51659,446,11,26638,25576,828641,25,803246,620,371,204,811,210,360,238,291,204,540,286,244",61,857.8,1378,620.8,385421.5,4.5,"1378,373,1378,1378,1378,369,65,68,1378,61,61,71,1378,1378,1174,68,65,1378,1378,68,1378,1378,1378,68,1378,68,1378,1378,1378,68,1378,1378","0,8,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,16,0,0,0,0,0","0,0,1,1,0,0,1,0,1,1,1,0,1,1,1,0,0,1,1,0,1,1,1,0,1,0,1,1,1,0,1,1","5.050794601,7.427186489,7.589700222,2.645882607,5.424244404,7.418235779,5.309068680,5.493865013,7.858019829,5.512544155,5.545331001,5.716576576,7.892964363,7.881204605,7.816042900,5.554157257,5.641524315,7.888419628,7.861907005,5.675695419,7.860325336,7.873119831,7.856549263,5.635182381,7.861664295,5.694005013,7.863921165,7.839401245,7.861547947,5.558049202,7.862613201,7.852869511",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" diff --git a/test/results/flow-analyse/quic046.pcap.out b/test/results/flow-analyse/quic046.pcap.out new file mode 100644 index 000000000..796bd2480 --- /dev/null +++ b/test/results/flow-analyse/quic046.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.236,216.58.206.86,udp,50587,443,finished,13,19,1584456191933380,1584456191967570,1584456191967633,28,0,1350,1350,4485,23197,0,176,2207.8,29469,6263.4,39229868.0,2.6,"987,559,560,557,592,573,584,606,710,21225,29469,423,216,240,242,250,248,254,253,253,237,265,240,242,256,252,6530,176,509,707,228",48,893.1,1378,591.6,350034.9,4.6,"1378,560,114,187,185,185,186,185,191,188,1378,1378,255,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,56,48,1378,56,1378","2,0,1,0,5,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,17,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,1,1,0,1","4.104627609,7.586378098,6.310873032,6.874300003,6.880319118,6.833760738,6.876335144,6.910101891,6.969146729,6.870172024,4.098705292,7.858126640,7.073942184,7.867921352,7.889789104,7.868343830,7.839922428,7.858704567,7.859090805,7.875567436,7.864448547,7.848357201,7.879473686,7.877913952,7.860894203,7.857960701,7.861531734,5.436729908,5.095174789,7.816503525,5.401014805,7.861771584",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" diff --git a/test/results/flow-analyse/quic_0RTT.pcap.out b/test/results/flow-analyse/quic_0RTT.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_0RTT.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_crypto_aes_auth_size.pcap.out b/test/results/flow-analyse/quic_crypto_aes_auth_size.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_crypto_aes_auth_size.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_frags_ch_in_multiple_packets.pcapng.out b/test/results/flow-analyse/quic_frags_ch_in_multiple_packets.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_frags_ch_in_multiple_packets.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out b/test/results/flow-analyse/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_frags_ch_out_of_order_same_packet_craziness.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_interop_V.pcapng.out b/test/results/flow-analyse/quic_interop_V.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_interop_V.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_q39.pcap.out b/test/results/flow-analyse/quic_q39.pcap.out new file mode 100644 index 000000000..965e5a651 --- /dev/null +++ b/test/results/flow-analyse/quic_q39.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,170.216.16.209,21.157.183.227,udp,38620,443,finished,16,16,1509098995610775,1509099004752497,1509099004382425,41,0,1350,1350,14377,2074,0,7,577850.7,6514643,1531988.4,2346988339200.0,2.7,"8931,36678,89781,7,404130,1367,298294,119221,31,434781,6185342,12819,6514643,11351,11378,22730,702601,702694,435266,435159,11351,11442,16019,15861,397203,9235,397732,33897,93428,52,499948",46,542.2,1378,603.7,364512.4,4.1,"1378,1160,63,1378,59,69,69,58,291,46,69,256,1378,64,1378,1378,61,1378,60,1378,62,1378,62,1378,62,1378,716,62,62,90,46,84","0,4,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,9,0,0,0,0,0","4,10,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0","0,0,1,1,1,0,0,1,1,1,0,0,0,1,0,0,1,0,1,0,1,0,1,0,1,0,0,1,1,1,1,0","4.179285526,7.832315445,4.966748714,7.846248627,5.380072594,5.640916824,5.720768929,5.299251080,7.336034775,4.816403389,5.818665504,7.074090958,7.867320538,5.431150436,7.827050686,7.874505997,5.477433681,7.859999657,5.412702084,7.863677979,5.373553276,7.855113029,5.379174232,7.856376648,5.502585888,7.846080780,7.718618870,5.508206844,5.470327377,6.029057026,4.816403389,5.969577789",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" diff --git a/test/results/flow-analyse/quic_q43.pcap.out b/test/results/flow-analyse/quic_q43.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_q43.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_q46.pcap.out b/test/results/flow-analyse/quic_q46.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_q46.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_q46_b.pcap.out b/test/results/flow-analyse/quic_q46_b.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_q46_b.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_q50.pcap.out b/test/results/flow-analyse/quic_q50.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_q50.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_t50.pcap.out b/test/results/flow-analyse/quic_t50.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/quic_t50.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/quic_t51.pcap.out b/test/results/flow-analyse/quic_t51.pcap.out new file mode 100644 index 000000000..2803d602d --- /dev/null +++ b/test/results/flow-analyse/quic_t51.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,187.227.136.152,211.247.147.90,udp,55356,443,finished,14,18,1598620434413428,1598620467988515,1598620467941031,33,0,1350,1350,4666,8428,0,7,2164602.8,19582580,5209676.0,27140724621312.0,2.5,"5872,69285,110768,19,33,113561,2317,5835,79981,27,46402,10090862,10162287,246207,1361,7,331600,26165,19472426,19582580,120230,670,167,185037,26475,2999498,3090044,125889,1350,111,205624",53,437.2,1378,500.3,250315.8,4.1,"1378,1378,1378,1378,1378,1240,69,69,101,54,644,61,989,53,668,54,299,61,61,497,53,720,54,137,61,61,211,53,456,54,259,61","0,8,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","7,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,3,0,0,0,0,0","0,1,0,1,1,1,0,0,0,1,1,0,0,1,1,1,1,0,0,0,1,1,1,1,0,0,0,1,1,1,1,0","7.869323730,7.856849670,7.844151974,7.845833778,7.865318298,7.844552517,5.639471054,5.726426601,6.218957901,5.208410263,7.701806545,5.635654926,7.814414501,5.246605873,7.688014030,5.353935242,7.329473972,5.701228619,5.602868080,7.546798706,5.284341812,7.731115818,5.282484531,6.512764931,5.557705879,5.570081234,6.968918324,5.284341812,7.518057823,5.231468201,7.265197754,5.557705879",QUIC.Google,188.126,1,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/quickplay.pcap.out b/test/results/flow-analyse/quickplay.pcap.out new file mode 100644 index 000000000..d6a9285c3 --- /dev/null +++ b/test/results/flow-analyse/quickplay.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip4,10.54.169.250,120.28.35.40,tcp,52009,80,finished,18,14,1429000052217627,1429000090450568,1429000090229285,444,0,531,1400,8360,10852,1,182557,2459503.2,5871155,1331263.2,1772261736448.0,4.7,"2337891,2470825,5776550,5871155,324615,2084534,1689148,182557,2170257,2013275,645600,519622,2223724,2353455,480927,4401947,3911834,3909668,3936554,2356476,2338349,2619995,2626526,2264068,2270477,2391541,2349518,2604523,2641967,2224884,2252137",60,640.4,1440,347.9,121006.6,4.8,"484,1440,484,224,569,486,1232,569,486,838,571,60,488,1252,569,486,142,486,642,486,1108,486,1192,486,332,486,1440,486,946,486,564,486","0,0,0,0,0,0,0,0,0,0,0,0,0,13,1,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,1,0,0,1,2,0,0,0,0,0,2,0,0,0,0","0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","5.927153111,7.868373871,5.963050365,7.051006317,5.916583061,5.928764343,7.836061001,5.947601795,5.927013874,7.735056400,5.960254192,4.985874176,5.956949711,7.848547459,5.950881958,5.944071770,6.557918549,5.946902752,7.695936680,5.966873169,7.840433598,5.939571857,7.838245869,5.963761330,7.329223633,5.943363190,7.857814789,5.947385788,7.759774208,5.933074474,7.621943474,5.938513279",HTTP,7,0,Acceptable,Streaming,6,DPI,"" diff --git a/test/results/flow-analyse/radius_false_positive.pcapng.out b/test/results/flow-analyse/radius_false_positive.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/radius_false_positive.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/raknet.pcap.out b/test/results/flow-analyse/raknet.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/raknet.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/rdp.pcap.out b/test/results/flow-analyse/rdp.pcap.out new file mode 100644 index 000000000..15de7d326 --- /dev/null +++ b/test/results/flow-analyse/rdp.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +0,ip4,172.16.2.185,192.168.2.142,tcp,52494,3389,finished,21,11,1559207465138576,1559207465679719,1559207465679652,0,0,572,1179,1691,1900,0,149,34910.3,86174,23095.5,533403456.0,4.5,"42415,42485,360,46147,45785,5885,50430,44534,5170,48270,43112,41453,86174,44710,10166,53885,43706,302,43769,43467,297,43729,43444,307,149,43556,40251,83348,297,42450,42166",40,153.3,1219,233.3,54415.1,4.1,"64,52,40,59,59,40,213,1219,40,166,91,40,126,331,40,612,128,40,145,73,40,531,195,40,81,77,40,80,40,81,84,40","12,3,1,2,0,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,4,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,0,1,1,0,0,1,0","4.441382408,4.923395157,4.571928501,4.281987667,4.796913624,4.630641460,5.275919437,7.619496822,4.680641174,6.597459316,5.503854275,4.680641174,6.437798500,7.132068157,4.680641174,7.669749737,6.215856552,4.680641174,6.650300980,5.246529579,4.680641174,7.538676739,6.737553120,4.680641174,5.756097317,5.626734734,4.881687641,5.445608139,4.680641174,5.722887993,5.468319893,4.680641174",RDP,88,0,Acceptable,RemoteAccess,6,DPI,"30" diff --git a/test/results/flow-analyse/reasm_crash_anon.pcapng.out b/test/results/flow-analyse/reasm_crash_anon.pcapng.out new file mode 100644 index 000000000..dc6317e03 --- /dev/null +++ b/test/results/flow-analyse/reasm_crash_anon.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip4,192.168.145.147,10.209.8.148,tcp,51218,21999,info,23,9,1410865705717955,1410865856222147,1410865856222116,0,0,13,725,129,3158,1,3,9709947.0,30165638,14064983.0,197823744180224.0,3.3,"9,1510,1527,4,1248,1237,4,30097711,30099473,1765,3,1246,1236,30097518,8,30099327,1814,1237,30097422,1775,4,30101686,1241,30097498,30165638,1254,69395,30031106,8,30032779,1670",52,155.0,777,234.8,55144.5,4.0,"65,65,126,52,52,777,52,52,65,106,52,52,765,52,65,65,106,52,52,65,52,52,777,52,65,106,777,52,65,65,106,52","23,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,0,1,0,0,0,1,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0","5.512839317,5.512839317,3.005599976,5.193430901,5.193430901,5.327538013,5.193430901,5.156889915,5.391298771,5.590394974,5.079966545,5.101990700,0.545940340,5.140451908,5.395370483,5.389761925,5.628829002,5.193430901,5.193430901,5.482069969,5.118428230,5.193430901,5.310135365,5.116507530,5.433681488,5.596330643,5.286610126,5.010550022,5.397304058,5.397304058,5.612702370,5.193430901",,,,,,,,"" diff --git a/test/results/flow-analyse/reasm_segv_anon.pcapng.out b/test/results/flow-analyse/reasm_segv_anon.pcapng.out new file mode 100644 index 000000000..d870881d9 --- /dev/null +++ b/test/results/flow-analyse/reasm_segv_anon.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,145.76.2.236,187.96.52.85,udp,2152,2152,finished,9,23,1550422828553466,1550422833287234,1550422833289770,64,0,80,1448,640,27912,0,1,305486.2,1859119,563984.9,318078976000.0,3.1,"396021,83822,1376171,124,2,2,1,3,2,2,113,124,1859119,964928,439709,439658,123,2,1,1,1,121,163901,20078,1615354,1799040,121,3,155764,155637,124",76,920.2,1476,651.3,424215.9,4.5,"92,92,92,1476,1476,1476,1476,1476,1476,1476,1476,1476,1476,100,1476,100,1476,1476,1476,1476,1372,1476,1476,108,108,100,76,388,1164,100,76,388","0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0","0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1","5.396138191,5.404344082,5.439617157,7.876337528,7.839885235,7.778254986,7.872960091,7.839048862,7.805950642,7.829119205,7.848347187,7.849987984,7.779471874,5.402985096,7.775711060,5.441986561,7.838281155,7.873279095,7.848281860,7.860656261,7.849815845,7.850412846,7.844122410,5.518630505,5.537148952,5.382984638,5.187358379,7.340617657,7.811021328,5.454438686,5.151109695,7.382753849",GTP.GTP_U,152.271,0,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/reddit.pcap.out b/test/results/flow-analyse/reddit.pcap.out new file mode 100644 index 000000000..170d9aded --- /dev/null +++ b/test/results/flow-analyse/reddit.pcap.out @@ -0,0 +1,29 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80a::200a,tcp,40028,443,finished,16,16,1605291684451133,1605291684654464,1605291684654375,0,0,824,1208,2166,4508,0,0,13115.3,75646,23104.5,533820192.0,3.2,"24940,24984,493,75646,0,1,1,75219,11,11,8777,4975,582,741,37567,3490,25948,1187,485,1611,1121,59921,1,0,1,1,0,1,58810,38,10",72,281.1,1280,342.1,117045.1,4.2,"80,80,72,589,72,1280,1280,572,72,72,72,136,164,896,710,72,652,72,72,103,72,103,72,72,384,422,285,111,139,72,72,72","11,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,1,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0","4.711516857,5.217300892,5.071401596,4.609335899,4.946592331,7.806063652,7.848966122,7.544353485,5.166606426,5.045011044,5.138829231,6.070029259,6.486535549,7.761092186,7.700193405,5.014019012,7.592603683,5.138829231,5.097352028,5.692110538,5.138829231,5.768221378,5.097352028,5.041796684,7.336868286,7.405985832,7.111319542,5.950567245,6.190017700,5.111051083,5.111051559,5.081305504",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56558,443,info,14,18,1605291684452132,1605291685883411,1605291685884221,0,0,517,1048,1120,9354,0,0,92366.7,1287577,306947.3,94216675328.0,1.8,"33174,33242,863,66592,1,1,1,1,65678,11,9,6,13203,712,517,42062,2,0,27621,483,471,1369,59921,136,1228856,1287577,855,2,1,1,0",72,399.8,1120,437.6,191482.0,4.2,"80,80,72,589,72,1120,1120,1120,587,72,72,72,72,165,171,445,72,330,72,72,138,72,110,72,72,1120,72,1120,1120,1120,203,1120","9,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,0,0,1,1,1,0,1,1,1,1,1","4.907011032,5.304951668,5.190349579,4.499736786,5.055853844,6.898099899,7.358309269,7.317547321,7.583971977,5.273682594,5.245904922,5.273682594,5.273682594,6.093073368,6.340588570,7.416254044,5.083631516,7.073973179,5.083631516,5.218127251,6.225534439,5.218127251,5.702238560,5.055853844,5.111409664,7.793631554,5.218127251,7.806817532,7.807598114,7.795763016,6.697732925,7.803894997",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56564,443,finished,22,10,1605291686035769,1605291686160496,1605291686157690,0,0,1388,1048,3806,3988,0,0,7956.4,41517,14223.9,202320352.0,3.1,"29904,29917,129,38003,2302,1,40177,45,72,0,17,3,2699,111,630,30,181,4,41517,1269,39145,1579,42,7307,1546,7292,2107,217,138,38,226",72,316.1,1460,366.7,134435.4,4.3,"80,80,72,589,72,1120,1120,72,72,1120,592,72,72,165,171,361,391,1460,269,72,330,72,195,227,72,138,72,217,110,182,183,294","8,1,1,4,2,0,2,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0","4,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,0,0,0,0,0","4.882011414,5.304953098,5.179864883,4.549963951,5.111409664,6.918439388,7.329545975,5.245904922,5.188381195,7.346970558,7.538538456,5.218127251,5.245904922,5.939581871,6.414350033,7.179112434,7.152504921,7.613826752,6.820423126,5.139187336,7.056142330,5.190349579,6.550985336,6.538044453,5.083631992,6.217070103,5.162571907,6.655886650,5.512269497,6.450225830,6.518562317,6.906108856",TLS.Reddit,91.205,1,Fun,SocialNetwork,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56578,443,info,15,17,1605291686060652,1605291686199280,1605291686201936,0,0,517,1048,1550,9238,0,0,9029.4,48292,15572.2,242494768.0,3.2,"38700,38720,198,38531,1,38345,41,14,329,0,334,4,2216,2804,187,210,6465,48292,2910,39329,6844,2704,1,9551,251,801,2129,0,0,1,0",72,409.6,1120,435.5,189657.0,4.2,"80,80,72,589,72,1120,72,1120,72,1120,602,72,72,165,171,436,468,115,72,330,72,72,72,138,72,110,72,1120,1120,1120,1120,1120","8,2,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1,1,1,1,1","4.734510422,5.203058243,5.273682594,4.560284615,5.139187336,6.919415474,5.273682594,7.320698738,5.273682594,7.355862617,7.598192215,5.301460266,5.301460266,6.043826580,6.386544228,7.400215149,7.219000340,5.771939278,5.139187336,7.067717552,5.190349579,5.055854321,5.055854321,6.171116352,5.245904922,5.665874481,5.111409664,7.825948715,7.822474480,7.825513840,7.821124554,7.834854126",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56582,443,info,17,15,1605291686064532,1605291686204966,1605291686203988,0,0,517,1048,1563,5635,0,0,9028.7,60278,18333.8,336128832.0,2.7,"36077,36109,144,41300,1,41154,44,17,686,0,689,5,2344,1105,220,36,172,60278,1038,0,57438,31,0,0,0,1,0,25,34,2,940",72,297.4,1120,353.7,125114.1,4.2,"80,80,72,589,72,1120,72,1120,72,1120,576,72,72,165,171,446,359,227,72,330,72,72,138,72,72,72,1120,687,72,72,72,110","10,1,1,1,1,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,1,1,0,0,0,0","4.791447639,5.270516872,5.273682594,4.464357376,5.111409664,6.904564381,5.273682594,7.359911442,5.273682594,7.337382793,7.522022247,5.273682594,5.273682594,6.074471474,6.455021381,7.426345348,7.089967251,6.816715717,5.083631992,7.110243320,5.083631992,5.218127251,6.187361240,5.008678436,5.036456108,5.064233780,7.784244537,7.688348293,5.230819225,5.245904922,5.235420227,5.565464973",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56592,443,info,16,16,1605291686084954,1605291686233012,1605291686233017,0,0,517,1048,1107,8188,0,0,9552.3,52464,18854.0,355471904.0,2.8,"44627,44653,347,50980,1843,1,0,0,52464,10,3,2,2413,668,102,121,49031,1,45760,75,169,1186,0,1,1,1443,16,7,133,49,15",72,363.0,1120,422.8,178733.3,4.1,"80,80,72,589,72,1120,1120,1120,602,72,72,72,72,165,171,389,153,72,330,72,72,72,138,72,1120,1118,72,72,72,1120,72,1120","11,0,2,1,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,1,0,1","4.907011986,5.354953289,5.301460266,4.552157402,5.139187336,6.938700199,7.322981834,7.354511738,7.534717083,5.245904922,5.218127251,5.245904922,5.273682594,6.089848042,6.412801743,7.335155964,6.124976635,5.139187336,7.085140228,5.273682594,5.111409664,5.028076649,6.191080093,5.111409664,7.845114708,7.817538738,5.273682594,5.245904922,5.263197899,7.819205284,5.245904922,7.795106411",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56594,443,info,17,15,1605291686301196,1605291686469619,1605291686468646,0,0,517,1048,1078,8227,0,0,10834.6,91996,22155.6,490868928.0,2.8,"25838,25880,395,66367,26055,91996,835,0,0,829,7,4,1579,121,254,42141,1,1,6209,0,2,0,0,1,46395,10,6,2,1,4,940",72,363.3,1120,424.0,179781.3,4.1,"80,80,72,589,72,1120,72,1120,1120,623,72,72,72,165,171,403,72,72,72,346,138,1120,1120,1120,1120,72,72,72,72,72,72,110","12,1,1,1,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0","4.907011986,5.304953098,5.301460266,4.568593025,5.139187336,6.968538761,5.258596897,7.334045410,7.344312668,7.577483654,5.301460266,5.329237938,5.301460266,6.086132526,6.472829342,7.337939262,5.128702641,5.166965008,5.166965008,7.241396427,6.241778851,7.834823132,7.795830250,7.800470352,7.816886902,5.273682594,5.301460266,5.273682594,5.329237938,5.301460266,5.329237938,5.684057236",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2002,tcp,50960,443,finished,16,16,1605291686985114,1605291687110047,1605291687110135,0,0,517,1208,965,10234,0,0,8063.0,43636,14163.2,200595904.0,3.1,"31477,31507,233,36835,7050,0,43636,16,599,576,2431,165,135,37718,689,1069,36764,111,89,22,531,8580,9121,90,75,174,0,158,5,98,0",72,422.5,1280,490.0,240053.7,4.1,"80,80,72,589,72,1280,1280,72,72,533,72,136,164,333,72,72,652,72,103,72,103,72,778,72,1280,72,1280,1280,72,72,1280,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,1,1","4.794175148,5.301737785,5.137723446,4.609352589,5.163392067,7.822265148,7.828993320,5.193279266,5.193279266,7.574356556,5.165501595,6.187675953,6.451539040,7.193062782,5.135614395,5.135614395,7.646523952,5.182794571,5.842692375,5.165501595,5.903290272,5.163392067,7.712309837,5.193279266,7.843823910,5.165501595,7.846527100,7.838549614,5.193279266,5.165501118,7.822370052,7.826137066",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::df9:21c6,tcp,43492,443,info,17,15,1605291686985710,1605291687112023,1605291687112006,0,0,517,1388,962,11490,0,0,8148.7,51019,15066.4,226995168.0,3.0,"38538,38619,398,37312,14166,1,0,0,1,51019,20,3,2,2,2408,107,140,31274,2,1645,1,30239,111,3355,1,0,0,3233,8,2,2",72,461.6,1460,586.5,343946.1,4.0,"80,80,72,589,72,1460,1460,1460,1460,387,72,72,72,72,72,136,164,330,72,72,72,143,72,103,1460,1460,1460,1460,72,72,72,72","13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,1,1,0,0,0,0","4.836891651,5.211080551,5.205674171,4.514605999,5.057240963,7.814661026,7.847680092,7.865528107,7.842185020,7.380033970,5.243936539,5.243936539,5.155763149,5.188381195,5.132825851,6.139283180,6.518441677,7.254546165,5.029463291,5.029463291,5.057240963,6.252353668,5.243936539,5.873327255,7.877524853,7.827719688,7.871821880,7.839930534,5.243936539,5.243936539,5.271714211,5.271714211",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::6853:b3b6,tcp,38320,443,finished,15,17,1605291686996891,1605291687186026,1605291687186023,0,0,517,1388,998,10536,0,0,12202.2,72269,18508.9,342577632.0,3.4,"27356,27416,299,37313,35299,1,0,72269,38,3,2523,128,130,31242,0,2117,15088,1,0,45626,28,24,154,29754,10263,39831,697,0,0,1,666",72,432.9,1460,553.5,306346.9,4.0,"80,80,72,589,72,1460,1460,310,72,72,72,152,164,350,72,72,72,343,343,142,72,72,72,103,72,1460,72,1445,1460,1445,1460,72","11,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,5,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,0,0,1,1,0,1,1,1,1,0","4.857011795,5.304952145,5.190349579,4.366506100,5.111409664,7.825345039,7.835193157,7.203350067,5.273682594,5.245904922,5.245904922,6.284915447,6.470990181,7.367970467,5.111409664,5.139187336,5.055853844,7.210521698,7.280154705,6.282705784,5.207642555,5.273682594,5.245904922,5.913538456,5.139187336,7.867059231,5.245904922,7.855923176,7.844721794,7.856983662,7.858796120,5.273682594",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::acd9:12c2,tcp,51026,443,finished,16,16,1605291687485783,1605291687606682,1605291687608302,0,0,517,1388,978,10865,0,0,7852.2,49462,14324.2,205184016.0,3.1,"27211,27234,262,32139,7460,39332,541,0,528,9,1876,115,75,39448,325,0,11758,0,49462,14,229,1909,2,0,1682,24,5,95,52,1631,0",72,442.6,1460,558.6,312025.4,4.0,"80,80,72,589,72,1460,72,1460,174,72,72,136,164,346,72,72,72,652,103,72,72,103,508,1460,1460,72,72,72,1460,72,1460,1460","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,1,0,1,1","4.882011414,5.229951859,5.245904922,4.668323040,5.111409664,7.823575497,5.218127251,7.840838909,6.577263832,5.273682594,5.245904922,6.141845703,6.526543617,7.249311924,5.028076172,5.028076649,5.028076172,7.620381832,5.685565948,5.134794235,5.107016563,5.797031403,7.461103439,7.863368988,7.879219532,5.218127251,5.218127251,5.218127251,7.865433216,5.218127251,7.849226475,7.844064713",TLS.Google,91.126,1,Acceptable,Advertisement,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:789d,tcp,48240,443,info,17,15,1605291687514756,1605291687641122,1605291687641103,0,0,517,1048,1012,8292,0,0,8152.0,61125,15844.6,251049776.0,2.9,"30377,30415,332,47450,13993,61125,95,1,0,49,10,2,3286,115,139,30628,2061,91,0,29231,1271,1309,181,374,3,2,1,161,6,3,2",72,363.2,1120,425.8,181298.7,4.1,"80,80,72,589,72,1120,72,1120,1120,704,72,72,72,165,171,337,72,72,72,330,72,138,72,110,1120,1120,1120,1120,72,72,72,72","12,1,1,1,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1,1,1,0,0,0,0","4.882011890,5.254952908,5.245904922,4.537001133,5.045369625,6.921907902,5.119708538,7.178970814,7.321282864,7.568989754,5.190349579,5.162571907,5.096531868,5.980709553,6.354322433,7.210721493,5.083631516,5.139187336,5.111409664,7.047548294,5.218127251,6.254519463,5.162571907,5.573678017,7.803915977,7.831707001,7.839641571,7.817306042,5.245904922,5.245904922,5.245904922,5.245904922",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:816::2008,tcp,39520,443,finished,16,16,1605291687642048,1605291687769797,1605291687770512,0,0,517,1208,967,10018,0,0,8264.9,43870,14337.0,205550432.0,3.2,"34309,34348,1675,38053,7520,1,0,43870,15,3,2990,179,332,37258,1,401,1,34144,24,176,2332,6921,9068,836,1,863,34,109,28,721,0",72,415.8,1280,486.5,236643.5,4.1,"80,80,72,589,72,1280,1280,550,72,72,72,136,164,335,72,72,652,103,72,72,103,72,545,72,1280,1280,72,72,1280,72,1280,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,1,1,0,0,1,0,1,1","4.845952988,5.276736736,5.138828754,4.602811337,5.041796684,7.803936958,7.832890034,7.552286625,5.166606426,5.194384098,5.194384098,6.037216187,6.610102654,7.276579857,5.041796684,5.041796684,7.656215668,5.660604000,5.183899403,5.183899403,5.788832664,5.069574356,7.590582848,5.222161770,7.845970631,7.817458153,5.222161770,5.222161770,7.842357159,5.222161770,7.846263409,7.836318970",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2620:116:800d:21:f916:5049:f87f:108e,tcp,48648,443,info,16,16,1605291687933355,1605291688258109,1605291688258300,0,0,517,1388,1296,10685,0,0,20958.0,180245,38814.9,1506599424.0,3.3,"41345,41375,239,45639,16078,1,0,61463,16,3,3880,365,125,94049,180245,10480,2,92307,53,428,5467,8019,1891,14882,15513,1,15533,36,263,0,1",72,446.9,1460,554.6,307585.9,4.0,"80,80,72,589,72,1460,1460,660,72,72,72,198,171,330,330,72,346,141,72,72,110,72,72,110,72,1460,1460,72,72,1460,1460,1460","10,1,0,2,0,0,0,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,0,1,1,0,0,1,1,1","5.270193100,5.621731281,5.459350586,4.656135082,5.421088219,6.918155670,7.356199741,7.583865643,5.431572914,5.431572914,5.348239899,6.523558617,6.440567493,7.245548248,7.233427525,5.403794765,7.155272961,6.347721100,5.459350586,5.459350586,5.820535183,5.393310547,5.355048180,6.026633739,5.409216881,7.855928898,7.870290756,5.487128258,5.459350586,7.867146015,7.870689869,7.867941856",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:806::200e,tcp,54862,443,finished,17,15,1605291687931808,1605291688275672,1605291688275738,0,0,517,1208,1514,8800,0,0,22186.9,168765,38280.1,1465366144.0,3.3,"34819,34839,225,53032,4946,57771,466,0,0,435,8,5,3584,2043,379,91732,168765,1823,72847,231,970,1993,2727,14555,61747,2,76315,38,696,685,116",72,394.8,1280,466.2,217386.3,4.1,"80,80,72,589,72,1280,72,1280,1280,272,72,72,72,136,164,477,477,72,652,72,103,72,103,72,72,813,1280,72,72,1280,72,1280","12,0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,0,1,1,1,0,0,1,0,1","4.855388641,5.336174011,5.166606426,4.455770016,5.107836723,7.809723854,5.222161770,7.834493160,7.853783131,7.186578274,5.194384098,5.194384098,5.222161770,6.074600697,6.474341869,7.424253941,7.412911415,5.135614395,7.636740208,5.081305027,5.736714840,5.107836723,5.719827175,5.194384098,5.063430309,7.714984417,7.833517075,5.166606426,5.204868793,7.844364166,5.194384098,7.833867073",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::d83a:d1e6,tcp,51100,443,finished,18,14,1605291688324076,1605291688488430,1605291688495517,0,0,517,1388,1402,4278,0,1,10832.1,42730,14959.8,223794400.0,3.6,"41079,41100,165,31856,11033,42730,469,1,470,25,2812,1299,93,34223,10205,1,40205,536,1458,1,938,16571,1,3,16547,20,17,4417,310,12670,24540",72,250.0,1460,362.6,131502.0,4.0,"80,80,72,589,72,1460,72,1460,172,72,72,136,164,486,72,652,72,72,103,72,103,72,793,103,111,72,72,72,111,107,282,72","11,2,2,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,1,1,0,1,1,1,0,0,0,0,0,0,1","4.857011318,5.329952717,5.273682594,4.540163040,5.139187336,7.843326092,5.273682594,7.862450600,6.539532185,5.273682594,5.273682594,6.134756088,6.541216850,7.446951866,5.166965008,7.636521339,5.100924969,5.273682594,5.932955742,5.111409664,5.777672768,5.263197899,7.737014294,5.703792095,5.962306976,5.301460266,5.329237938,5.329237938,6.057867527,5.878192425,7.107053280,5.166965008",TLS.Google,91.126,1,Acceptable,Advertisement,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::68f4:2ac8,tcp,56782,443,info,16,16,1605291687800179,1605291688483940,1605291688560007,0,0,517,1388,1460,4488,0,0,46567.4,216552,67587.7,4568099328.0,3.6,"29231,29299,228,29539,187299,216552,332,0,326,7,1815,188,30,70254,211900,6516,1,182884,58339,20162,41757,64,46,873,11694,10868,9898,6233,112514,128634,76106",72,258.4,1460,353.4,124913.6,4.1,"80,80,72,589,72,1460,72,1460,735,72,72,198,171,362,362,72,72,72,172,72,314,72,116,72,110,110,72,72,72,531,72,338","9,1,0,3,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,0,0,1,1,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,1,0,1,1,0,1,0,0,1,0,1,1,1,0,1","4.822575092,5.245516300,5.245904922,4.574756145,5.111409664,6.787540913,5.218127251,7.353115559,7.586227894,5.162571907,5.190349579,6.362659931,6.273279667,7.149994850,7.138213634,5.083631992,5.055854321,5.055854321,6.419822216,5.083631992,6.981730461,5.245904922,5.900056362,5.218127251,5.636374950,5.857635021,5.190349579,5.083631992,5.083631992,7.496485710,5.175263882,7.287763596",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2606:2800:134:1a0d:1429:742:782:b6,tcp,39736,443,finished,16,16,1605291688611238,1605291688786771,1605291688811895,0,0,523,1208,1624,5905,0,0,12135.2,51136,17866.3,319203328.0,3.5,"43010,43065,309,41280,10189,51136,400,38397,3509,41489,471,1,468,4,62,52,2291,169,102,38533,0,1,0,35978,9,3,58,5162,2233,17560,249",72,307.8,1280,396.4,157103.1,4.1,"80,80,72,589,72,171,72,595,72,1280,72,1280,1280,72,72,409,72,146,164,459,72,327,327,168,72,72,72,103,72,72,103,1280","11,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,2,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1","5.156615734,5.498501778,5.447478771,4.680018902,5.305136681,6.159050465,5.343176365,5.095525742,5.322429657,7.814732552,5.475256443,7.833696365,7.860356808,5.419701099,5.436994553,7.369849682,5.475256443,6.433616161,6.626874924,7.528322220,5.360692024,7.254635811,7.262678146,6.541914940,5.447478771,5.475256443,5.447478771,6.000376225,5.388469696,5.360692024,5.934231758,7.832221508",TLS.Twitter,91.120,1,Fun,SocialNetwork,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2004,tcp,57282,443,finished,16,16,1605291688749044,1605291688895635,1605291688895679,0,0,517,1208,990,9898,0,0,9458.9,62320,17558.3,308293920.0,3.0,"37391,37416,173,47446,15044,0,62320,24,361,320,2535,232,269,39947,114,0,2294,39328,242,2903,2650,782,796,254,1,2,253,13,20,95,1",72,412.8,1280,483.3,233579.9,4.1,"80,80,72,589,72,1280,1280,72,72,289,72,136,164,358,72,72,72,652,72,103,497,72,1280,72,1280,1280,1280,72,72,72,1280,292","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,1,1,0,0,1,0,1,0,1,1,1,0,0,0,1,1","4.742643356,5.251736641,5.156122208,4.431118965,5.052281380,7.795456409,7.833138943,5.183899879,5.183899879,7.222666740,5.183899879,6.136840343,6.526112080,7.291018963,5.080059052,5.080059052,5.107836723,7.666177273,5.098598480,5.762085438,7.464744568,5.183899879,7.830111027,5.156122208,7.819734097,7.865944386,7.829904556,5.128344536,5.156122208,5.100566864,7.822502613,7.162058353",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:805::2001,tcp,58122,443,finished,15,17,1605291688830061,1605291689005944,1605291689006046,0,0,517,1208,1039,8982,0,0,11350.6,68993,22767.9,518376128.0,2.8,"63745,63780,224,68524,719,1,1,1,68993,14,7,6,49,23,8336,2581,2495,40185,1017,0,0,27807,170,1594,1,1430,17,147,0,1,0",72,385.7,1280,459.2,210886.5,4.1,"80,80,72,589,72,1280,1280,1280,1280,72,72,72,72,469,72,136,164,407,72,652,72,72,72,103,103,503,72,72,1280,1280,328,111","11,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,1,0,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,1,1,1,1","4.810268402,5.216053009,5.081305027,4.495285511,5.070961475,7.775168419,7.813756466,7.830919743,7.820947170,5.175122738,5.202900410,5.175122738,5.164638042,7.419659138,5.202900410,6.144525528,6.597908497,7.465239525,5.081446171,7.628419399,5.025890350,5.081446171,5.136860371,5.834997177,5.649486065,7.575581074,5.202900410,5.202900410,7.817056179,7.851086140,7.198029995,5.871317387",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80c::2003,tcp,47302,443,finished,16,16,1605291688843899,1605291689013039,1605291689013078,0,0,517,1208,1086,9699,0,0,10913.5,73480,20451.9,418282080.0,3.0,"45331,45373,379,65680,8193,73480,42,0,21,5,12589,926,174,173,41157,1595,28896,105,3348,1,0,3744,1,0,1,6991,22,3,3,85,1",72,409.5,1280,484.5,234727.2,4.1,"80,80,72,589,72,1280,72,1280,341,72,72,136,164,373,153,72,652,72,103,72,72,72,466,1280,1280,1280,72,72,72,72,1280,1280","11,0,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,1,0,0,0,0,1,1","4.855388641,5.270608902,5.232646942,4.480056286,5.091208458,7.815004349,5.193278790,7.850385666,7.281913757,5.248834610,5.137723923,6.052643776,6.521836281,7.361442566,6.438180447,5.052281380,7.594014645,5.288202286,5.794967651,5.135614395,5.191169739,5.137001514,7.486030579,7.839892864,7.804619789,7.849721909,5.260424614,5.260424614,5.288202286,5.277717590,7.826467514,7.832191467",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:815::2016,tcp,52296,443,finished,16,16,1605291688831210,1605291689029453,1605291689029440,0,0,517,1208,1007,10130,0,0,12789.5,67787,22343.4,499229344.0,3.2,"63335,63360,1131,67787,769,1,1,67414,6,6,11732,1751,188,41623,368,28482,452,4153,0,1923,5466,17937,17942,106,77,226,1,0,0,229,7",72,420.5,1280,488.8,238946.4,4.1,"80,80,72,589,72,1280,1280,751,72,72,72,136,164,375,72,652,72,103,72,72,103,72,456,72,1280,72,1280,1280,1280,1280,72,72","12,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,1,1,1,0,0","4.855387688,5.286172390,5.166606426,4.403482437,5.097352028,7.810871601,7.864149094,7.683444977,5.164638042,5.232646465,5.288201809,6.259301662,6.552115440,7.385071278,5.107836723,7.668366432,5.149313450,5.867877483,5.069574356,5.080059052,5.803856373,5.204868793,7.481070042,5.260424137,7.860325813,5.260424137,7.834439754,7.818997860,7.817288876,7.835785389,5.232646465,5.260424137",TLS.YouTube,91.124,1,Fun,Media,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:798c,tcp,56640,443,info,16,16,1605291689408040,1605291689629927,1605291689672104,0,0,517,1048,1710,4392,0,0,15675.8,144189,36484.9,1331146624.0,2.7,"25745,25768,203,144189,2,0,143997,4,71,1,41,7,2508,597,1253,49737,1,0,1,45397,18,103,1,65,704,437,888,38392,2516,1067,2238",72,263.2,1120,320.8,102914.8,4.2,"80,80,72,589,72,1120,1120,72,72,1120,587,72,72,165,171,471,72,72,330,138,72,72,72,439,72,110,566,142,72,72,72,114","9,1,2,1,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,1,0,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1","4.857011795,5.259831905,5.179864883,4.529115200,5.055853844,6.908260822,7.364731312,5.245904922,5.218127251,7.327914715,7.541935444,5.162571907,5.218127251,6.139030457,6.351455688,7.439690113,5.166965008,5.139187336,7.125073433,6.245332241,5.235420227,5.273682594,5.139187336,7.450459003,5.273682594,5.556783676,7.574505329,6.164192200,5.085018635,5.139187336,5.139187336,5.963419437",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80b::2002,tcp,59336,443,finished,17,15,1605291690384370,1605291690495032,1605291690511816,0,0,517,1208,1020,5622,0,1,7680.9,45875,12464.9,155373568.0,3.4,"18528,18557,358,37185,9026,1,2,1,45875,10,14,14,8672,419,266,33620,1,89,1151,1,25433,25,482,7313,1,1,6808,24,7,3698,20526",72,280.1,1280,371.7,138197.8,4.1,"80,80,72,589,72,1280,1280,1280,273,72,72,72,72,136,164,349,72,72,72,652,103,72,72,103,775,516,111,72,72,72,111,72","12,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,1,0,0,0,0,1","4.830388546,5.286173820,5.175123215,4.582562923,5.135614395,7.820514202,7.848834991,7.840905190,7.029392242,5.204868793,5.232646465,5.232646465,5.232646465,6.256432056,6.550828457,7.277585983,5.097352028,5.107836723,5.107836723,7.629249096,5.686814308,5.260424137,5.260424137,5.854413509,7.698106289,7.556940079,5.871694088,5.222162247,5.166606903,5.166606903,5.962721825,5.004921436",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80b::2001,tcp,59624,443,finished,17,15,1605291690421002,1605291690527565,1605291690527527,0,0,517,1208,1054,6986,0,0,6873.8,34221,11275.4,127133528.0,3.4,"28106,28139,660,33241,1626,34221,71,30,636,643,4625,213,224,27018,3512,25468,241,4283,1409,5453,77,6348,1,0,6424,34,8,196,1,158,22",72,323.8,1280,408.2,166632.7,4.1,"80,80,72,589,72,1280,72,1280,72,534,72,136,164,422,72,652,72,103,72,103,72,72,482,1280,1280,72,72,72,704,111,72,72","13,0,2,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,0,1,1,1,1,0,0,0,1,1,0,0","4.750831604,5.256616592,5.147345066,5.037306786,5.025890827,7.794999599,5.175122738,7.849133015,5.175122738,7.594861984,5.147345066,6.103534698,6.601645947,7.415776730,5.023922443,7.687021732,5.175123215,5.854413509,4.959850788,5.758662224,5.147345066,5.053668499,7.493776798,7.824415684,7.830970287,5.175122738,5.175122738,5.147345066,7.700448990,5.878117561,5.175122738,5.175122738",TLS.Google,91.126,1,Acceptable,Advertisement,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:808::2001,tcp,46806,443,finished,15,17,1605291690926655,1605291691043702,1605291691043566,0,0,517,1208,1291,11382,0,0,7547.0,42183,12243.2,149896752.0,3.3,"25564,25583,1059,31489,7154,1,37586,36,127,1,1,0,1,87,28,7124,13598,568,199,42183,2,20688,340,10112,7,263,1,3,2,10101,50",72,468.5,1280,513.4,263601.8,4.2,"80,80,72,589,72,1280,1280,72,72,1280,1280,1280,1280,220,72,72,136,164,342,389,72,652,72,103,72,72,72,1062,1280,1280,72,72","10,0,2,0,0,0,0,0,1,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,1,1,1,0,0","4.825832367,5.281616688,5.136860847,4.553145885,5.043183804,7.811286926,7.839466095,5.164638519,5.164638519,7.864381790,7.859279633,7.843964577,7.841698170,6.810353279,5.109083176,5.136860847,6.135817528,6.436379910,7.296087742,7.276475906,5.025890350,7.637989998,5.136860847,5.737908840,5.098739147,5.043183804,5.070961475,7.799327850,7.850948334,7.827920914,5.136860847,5.136860847",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80f::2001,tcp,36964,443,finished,16,16,1605291690926912,1605291691067608,1605291691069122,0,0,517,1208,1326,6622,0,0,9126.0,45897,14144.4,200064000.0,3.4,"29535,29546,105,39799,6197,1,1,45897,20,10,16645,7440,877,217,45409,188,20393,461,14689,1873,1,1,16098,2949,2,0,2950,29,8,1564,1",72,320.9,1280,398.4,158685.9,4.1,"80,80,72,589,72,1280,1280,311,72,72,72,136,164,391,375,72,652,72,103,72,103,72,72,72,551,398,207,72,72,72,1280,1280","11,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,1,0,0,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,1,1,1,0,1,1,1,0,0,0,1,1","4.860268116,5.316052437,5.175122738,4.626070023,5.053668499,7.798489094,7.858765125,7.213901043,5.175122738,5.175122738,5.136860371,6.074123383,6.494878292,7.385508060,7.250154495,4.998777390,7.691906452,5.175122738,5.820339203,5.053668022,5.765991211,5.015406132,5.015406132,5.147345066,7.610651970,7.403194427,6.718353748,5.175122738,5.175122738,5.114727020,7.829133987,7.837005138",TLS.Google,91.126,1,Acceptable,Advertisement,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:811::200a,tcp,38166,443,finished,16,16,1605291690926867,1605291691075065,1605291691075150,0,0,517,1208,987,5335,0,0,9563.9,43801,13475.5,181588928.0,3.6,"28655,28663,221,37924,6057,43801,75,33,588,595,16415,9761,878,43789,3898,20653,579,14876,1700,0,16044,10542,2,1,1,10492,40,13,10,172,3",72,270.1,1280,336.6,113301.5,4.2,"80,80,72,589,72,1280,72,1280,72,572,72,136,164,355,72,652,72,103,72,103,72,72,531,897,272,357,72,72,72,72,111,72","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,1,0,1,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,1,1","4.786516666,5.247180939,5.070820332,4.566688538,5.043183804,7.807061672,5.053527355,7.847422123,5.025749683,7.577804089,5.043042660,6.031175137,6.392292976,7.341467381,4.977143764,7.597589493,5.081305027,5.788832188,5.004921436,5.547259808,5.015406132,5.081305027,7.471312523,7.741707325,7.060866833,7.323482037,5.109082699,5.109082699,5.064012051,5.053527355,5.763209343,5.043183804",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/riotgames.pcap.out b/test/results/flow-analyse/riotgames.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/riotgames.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/rsh-syslog-false-positive.pcap.out b/test/results/flow-analyse/rsh-syslog-false-positive.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/rsh-syslog-false-positive.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/rsh.pcap.out b/test/results/flow-analyse/rsh.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/rsh.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/rsync.pcap.out b/test/results/flow-analyse/rsync.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/rsync.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/rtmp.pcap.out b/test/results/flow-analyse/rtmp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/rtmp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/rtsp.pcap.out b/test/results/flow-analyse/rtsp.pcap.out new file mode 100644 index 000000000..1103f7f49 --- /dev/null +++ b/test/results/flow-analyse/rtsp.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +113,ip4,10.1.1.10,10.2.2.2,tcp,52472,8554,finished,16,16,1627567279015763,1627567279050715,1627567279050859,0,0,142,125,1032,500,0,2,2259.6,21135,5876.1,34528696.0,2.2,"35,2,147,185,74,3,21,233,32,2,57,13140,10,5,57,13537,3,20,31,20633,10,29,32,21135,10,3,84,464,2,22,30",40,92.6,182,58.6,3438.9,4.7,"52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,40,46,46,165,165,165,165,182,182,182,182,46,40,46,46","8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1","4.423448086,4.423448086,4.461909771,4.461909771,4.669178486,4.669178486,4.707640171,4.707640171,4.375547886,4.375547886,4.662815571,4.375547886,5.749258041,5.749258041,5.749258041,5.749258041,4.342726707,4.625071049,4.342726707,4.342726707,5.713921547,5.730617523,5.730617523,5.713921547,5.797795296,5.797795296,5.797795296,5.797795296,4.342726707,4.675071239,4.386205196,4.342726707",RTSP,50,0,Fun,Media,6,DPI,"5" +113,ip4,10.1.1.10,10.2.2.2,tcp,52474,8554,finished,16,16,1627567338841836,1627567338873699,1627567338873793,0,0,142,125,1032,500,0,3,2058.7,21234,5470.2,29923468.0,2.2,"11,6,72,280,3,19,31,588,10,4,95,9323,12,6,70,10052,3,20,30,20464,12,35,38,21234,11,6,415,877,63,5,25",40,92.6,182,58.6,3438.9,4.7,"52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,40,46,46,165,165,165,165,182,182,182,182,46,46,40,46","8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1","4.384986401,4.384986401,4.423448086,4.423448086,4.630716801,4.669178486,4.669178486,4.630716801,4.402615547,4.402615547,4.693943024,4.402615547,5.758685112,5.758685112,5.758685112,5.758685112,4.342726707,4.675070763,4.386205196,4.342726707,5.747313976,5.747313976,5.747313976,5.747313976,5.794003963,5.794003963,5.804993153,5.804993153,4.299248219,4.299248219,4.625071049,4.342726707",RTSP,50,0,Fun,Media,6,DPI,"5" +113,ip4,10.1.1.10,10.2.2.2,tcp,52476,8554,finished,16,16,1627567398644402,1627567398672191,1627567398672567,0,0,142,125,1032,500,0,3,1805.0,21000,5109.4,26105754.0,2.2,"11,6,298,316,75,4,113,848,111,3,200,4833,13,7,374,6198,62,5,77,20136,13,74,34,21000,11,7,67,946,6,27,79",40,92.6,182,58.6,3438.9,4.7,"52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,46,40,46,165,165,165,165,182,182,182,182,46,40,46,46","8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1","4.348445415,4.348445415,4.386907101,4.386907101,4.594175816,4.594175816,4.632637501,4.632637501,4.315659046,4.315659046,4.593943119,4.315659046,5.696279526,5.696279526,5.696279526,5.696279526,4.272180557,4.272180557,4.593943596,4.315659046,5.713315964,5.725437164,5.725437164,5.713315964,5.750239849,5.750239849,5.750239849,5.750239849,4.228702545,4.543943405,4.228702545,4.272180557",RTSP,50,0,Fun,Media,6,DPI,"5" +113,ip4,10.1.1.10,10.2.2.2,tcp,52478,8554,finished,16,16,1627567406342871,1627567406849646,1627567406870301,0,0,116,125,464,500,0,2,33361.5,505214,123872.6,15344430080.0,1.2,"13,12,110,1319,2,16,338,505214,14,12,119,504501,5,45,55,1025,12,6,56,113,30,3,36,579,55,2,21,20351,8,26,107",40,76.3,165,48.8,2380.7,4.7,"52,52,52,52,46,40,46,46,52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,46,40,46,165,165,165,165","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.370469093,4.370469093,4.370469093,4.370469093,3.475291967,3.831542015,3.475291967,3.518770218,4.370469093,4.370469093,4.370469093,4.370469093,4.630716801,4.669178486,4.630716801,4.669178486,4.332069397,4.332069397,4.562815189,4.288591385,5.709887981,5.709887981,5.697067261,5.697067261,4.255770683,4.255770683,4.575070858,4.299248695,5.728408337,5.740529537,5.728408337,5.740529537",RTSP,50,0,Fun,Media,6,DPI,"5" +113,ip4,10.1.1.10,10.2.2.2,tcp,52480,8554,finished,16,16,1627567466882987,1627567466918846,1627567466919056,0,0,142,125,1032,500,0,1,2320.3,23771,5847.6,34194776.0,2.4,"13,10,107,377,5,25,77,583,10,4,135,10337,14,11,11449,2,754,44,76,20263,13,28,87,23771,10,4,96,3496,1,20,106",40,92.6,182,58.6,3438.9,4.7,"52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,46,40,156,46,46,165,165,165,165,182,182,182,182,46,40,46,46","8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1,1,1,1","4.333256245,4.333256245,4.371717930,4.371717930,4.585553169,4.624014854,4.585553169,4.624014854,4.338141441,4.338141441,4.646440029,4.338141441,5.716025352,5.716025352,5.703204632,4.234774113,4.577568054,5.703204632,4.234774113,4.278252602,5.685709476,5.709951878,5.685709476,5.709951878,5.773123264,5.773123264,5.773123264,5.773123264,4.234774113,4.577568054,4.234774113,4.278252602",RTSP,50,0,Fun,Media,6,DPI,"5" +113,ip4,10.1.1.10,10.2.2.2,tcp,52482,8554,finished,16,16,1627567528106056,1627567528134816,1627567528135319,0,0,142,125,1032,500,0,4,1871.7,21029,5194.1,26978296.0,2.2,"13,12,126,440,5,40,92,581,9,4,94,6644,14,9,113,7455,6,53,93,20043,15,52,57,21029,9,6,97,810,5,21,76",40,92.6,182,58.6,3438.9,4.7,"52,52,52,52,52,52,52,52,46,46,40,46,156,156,156,156,46,40,46,46,165,165,165,165,182,182,182,182,46,40,46,46","8,0,0,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0,0,1,1,1,1","4.268796921,4.268796921,4.307258606,4.307258606,4.437603951,4.476065636,4.437603951,4.476065636,4.253599167,4.253599167,4.522574425,4.253599167,5.663463116,5.663463116,5.663463116,5.663463116,4.228702545,4.543943405,4.228702545,4.272181034,5.650695801,5.662817001,5.650695801,5.662817001,5.715077877,5.715077877,5.715077877,5.715077877,4.272181034,4.593943119,4.272181034,4.315659046",RTSP,50,0,Fun,Media,6,DPI,"5" diff --git a/test/results/flow-analyse/rtsp_setup_http.pcapng.out b/test/results/flow-analyse/rtsp_setup_http.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/rtsp_setup_http.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/rx.pcap.out b/test/results/flow-analyse/rx.pcap.out new file mode 100644 index 000000000..dc4ec9d38 --- /dev/null +++ b/test/results/flow-analyse/rx.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,131.114.219.168,192.167.206.241,udp,7001,7000,finished,17,15,1460647299704750,1460647300147650,1460647300150407,28,0,468,740,2528,1781,0,52,28663.1,105287,33586.2,1128029952.0,4.0,"77545,77601,57048,57152,38155,1292,39484,65722,277,65926,103176,105287,2087,8975,9068,2966,1842,4798,61436,65225,3784,52,6802,6683,61,3692,3703,4895,8042,2994,2787",56,162.7,768,165.9,27529.2,4.5,"60,94,93,60,496,93,104,56,93,64,93,80,72,421,60,496,93,184,93,160,768,93,80,184,93,96,200,93,80,72,421,60","1,4,7,0,1,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,6,5,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1","4.077751637,3.436867237,3.527563810,4.011084557,4.341524601,3.511269569,3.900409222,4.138328075,3.532774925,3.942092896,3.562457323,5.267373562,3.808812857,7.113327503,4.069581032,4.336879253,3.522217751,6.534686565,3.586733341,6.423340321,7.662765026,3.559956789,5.237494469,6.512056828,3.573345423,5.590069771,6.656118393,3.594850540,5.217373848,3.930941820,7.131436825,4.136247635",RX,223,0,Acceptable,RPC,6,DPI,"" diff --git a/test/results/flow-analyse/s7comm.pcap.out b/test/results/flow-analyse/s7comm.pcap.out new file mode 100644 index 000000000..9a151dbe3 --- /dev/null +++ b/test/results/flow-analyse/s7comm.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.10,192.168.1.40,tcp,4185,102,finished,21,11,1408528803880679,1408528803957564,1408528803957480,7,0,33,221,396,794,1,66,4957.6,9013,3321.6,11033309.0,4.5,"3735,3883,3114,3055,66,6981,6927,4642,8989,4385,568,7037,6437,271,5970,5746,295,9009,8666,204,8975,8763,201,9013,8819,232,8990,8762,250,4988,4713",47,77.2,261,40.3,1625.5,4.9,"62,62,65,67,47,73,121,47,73,121,47,73,261,47,73,121,47,69,101,47,69,101,47,69,101,47,69,101,47,71,77,47","17,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,3,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0","4.432188988,4.290980816,4.257703304,3.892863989,4.469065666,4.562385082,3.916244507,4.469065666,4.445193291,3.499234200,4.469065666,4.517119408,2.438902855,4.367897987,4.497249603,3.901077271,4.469065666,4.394919872,4.398461342,4.469065666,4.423905373,4.398461342,4.426512718,4.412964821,4.410789013,4.469065666,4.412964821,4.372174263,4.410450935,4.692483425,4.443362713,4.469065666",s7comm,249,0,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/safari.pcap.out b/test/results/flow-analyse/safari.pcap.out new file mode 100644 index 000000000..2a8328afc --- /dev/null +++ b/test/results/flow-analyse/safari.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.178,146.48.58.18,tcp,55262,443,info,15,17,1620898024056646,1620898025244024,1620898025243976,0,0,379,1440,1066,15026,0,3,76603.5,579033,166832.5,27833075712.0,2.8,"28338,28438,576,28670,6985,69,14,35105,3,52717,81952,29,29304,948,28144,550635,1230,579033,248,252,138,105,115,138,126,100,428094,455026,4375,1236,32565",52,555.5,1492,644.5,415419.9,4.0,"64,60,52,287,52,1492,1492,627,52,52,145,52,103,52,411,52,1492,1492,52,1492,52,1492,52,1492,52,1492,52,431,52,1492,1492,52","11,0,1,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,1,0,0,0,1,1,0,0,1,1,1,0,1,0,1,0,1,0,1,0,0,1,1,1,0","4.396777153,5.300120831,5.014835358,5.627039909,5.023147106,7.096756935,7.334726810,7.588644505,4.961856365,4.853978634,6.075397491,4.986606121,5.885092735,4.983880520,7.377478600,4.983880997,7.862138748,7.865662575,4.937912464,7.882334709,4.815825462,7.869226933,4.976374149,7.871172428,4.854287148,7.892846584,5.014835358,7.391702652,5.061608791,7.860088825,7.873157978,5.053297043",,,,,,,,"" +1,ip4,192.168.1.178,146.48.58.18,tcp,55267,443,finished,14,18,1620898025216866,1620898025482937,1620898025510399,0,0,442,1440,1135,16958,0,2,18051.7,118862,28694.5,823374080.0,3.5,"29610,29665,2362,30524,2,28159,51917,8877,77853,8496,625,1248,27408,129,120,247,131,125,259,123,123,248,503,122,637,24023,24010,84464,7818,118862,914",52,618.0,1492,660.5,436248.1,4.1,"64,60,52,263,52,193,52,103,494,52,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52,1029,52,52,483,52,1492","10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0,0,0,1,1","4.365527153,5.154205322,4.884933472,5.833237171,5.047091484,6.387271881,4.923395157,5.485030651,7.478204250,4.994112968,4.772770882,7.875178814,7.866140842,4.961856842,7.872851372,7.874671459,4.961856842,7.876760006,7.864192009,4.884933472,7.871975422,7.883419514,4.961856842,7.874213696,7.878833771,4.923395157,7.820206165,4.961856842,4.839769840,7.462142944,5.085553646,7.865268230",TLS,91,1,Safe,Web,6,DPI,"15" +1,ip4,192.168.1.178,146.48.58.18,tcp,55265,443,finished,14,18,1620898025216193,1620898025515519,1620898025515861,0,0,434,1440,1102,16480,0,3,19322.4,140358,32968.3,1086907520.0,3.4,"30407,30442,2425,30749,1690,30065,50340,8582,78328,9234,5001,125,33713,130,749,881,125,129,16,259,3,103964,6593,140358,1494,509,31816,122,126,243,376",52,602.1,1492,656.6,431150.1,4.1,"64,60,52,263,52,193,52,103,458,52,52,1492,1492,52,1492,1492,52,1492,1492,551,52,52,52,486,52,1492,1492,52,1492,1492,52,1492","10,1,0,0,0,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0,1,1,0,1","4.396777153,5.200120449,4.854287148,5.825632572,5.100070000,6.466464043,4.937912464,5.504448891,7.429816246,5.008629799,5.047091484,7.873772621,7.867330074,4.976373672,7.875112534,7.878286839,5.014835358,7.858428001,7.863643646,7.549911976,4.945418835,4.976373672,4.892748356,7.471665859,5.100070477,7.873035431,7.880444050,4.892748356,7.872234821,7.868445873,4.854287148,7.863982677",TLS,91,1,Safe,Web,6,DPI,"15" +1,ip4,192.168.1.178,146.48.58.18,tcp,55266,443,finished,14,18,1620898025216511,1620898025519635,1620898025519733,0,0,437,1440,1130,16706,0,9,19559.5,144002,33697.1,1135492736.0,3.4,"31343,31380,1377,32375,996,31994,49530,8158,77501,8373,630,1247,30061,122,9,127,127,136,106790,7135,144002,5758,108,35937,131,121,250,128,122,249,129",52,610.0,1492,657.1,431734.9,4.1,"64,60,52,263,52,193,52,103,489,52,52,1492,1492,52,1492,1492,52,777,52,52,483,52,1492,1492,52,1492,1492,52,1492,1492,52,1492","10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1","4.314822197,5.233453751,4.923395157,5.828969955,5.023147106,6.406717777,4.808010101,5.437491417,7.501916409,5.023147106,4.970168114,7.863673210,7.870786667,4.923395157,7.876905441,7.877601147,4.961856842,7.763181210,4.923395157,4.762846470,7.385672092,5.061608791,7.861380100,7.878694057,4.839769363,7.892414093,7.876000881,4.916692734,7.865588188,7.858906269,4.930902004,7.889223099",TLS,91,1,Safe,Web,6,DPI,"15" +1,ip4,192.168.1.178,146.48.58.18,tcp,55269,443,finished,14,18,1620898025217638,1620898025521891,1620898025521857,0,0,434,1440,1125,16096,0,3,19628.1,147007,34082.4,1161612032.0,3.3,"33594,33644,1195,33573,9,32379,46938,8284,78165,6257,993,261,30448,865,3,877,105414,6486,147007,2135,111,37341,124,122,246,129,624,757,125,122,244",52,590.8,1492,660.8,436665.8,4.1,"64,60,52,263,52,193,52,103,481,52,52,1492,1492,52,1492,167,52,52,486,52,1492,1492,52,1492,1492,52,1492,1492,52,1492,1492,52","10,1,0,0,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0","0,1,0,0,1,1,0,0,0,1,1,1,1,0,1,1,0,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0","4.428027153,5.266787052,5.014835835,5.842227459,5.023147106,6.438008308,4.937912464,5.659790039,7.505598068,5.008629799,5.138532162,7.874384403,7.853630066,5.053297043,7.871713161,6.760118008,4.937911987,4.854287148,7.518191338,5.025067806,7.867798328,7.843288898,5.053297043,7.860529423,7.873259544,5.014835358,7.870237827,7.866991520,4.976373672,7.854802608,7.868881702,5.053297043",TLS,91,1,Safe,Web,6,DPI,"15" +1,ip4,192.168.1.178,146.48.58.18,tcp,55268,443,finished,15,17,1620898025217296,1620898025552151,1620898025552116,0,0,437,1440,1558,13367,0,2,21602.4,146010,34561.6,1194505728.0,3.5,"30429,30474,1424,31291,132,29986,50740,8293,78244,9210,246,28671,116212,146010,494,137,30426,114,380,498,130,113,14,250,2,896,5501,36248,1496,132,31482",52,519.0,1492,616.9,380607.3,4.0,"64,60,52,263,52,193,52,103,480,52,52,1399,52,483,52,1492,1492,52,1492,1492,52,1492,1492,411,52,52,52,489,52,1492,1492,52","10,1,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,8,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,1,1,1,0,1,1,0,1,1,1,0,0,0,0,1,1,1,0","4.365527153,5.212701797,4.906957626,5.866992474,4.948143959,6.471822739,4.777055740,5.588072777,7.508736134,5.010550499,4.972089291,7.876531601,4.976373672,7.413162708,4.945419312,7.858516216,7.873053551,4.770353794,7.876352787,7.853984356,4.861793518,7.863806248,7.873053074,7.450196266,4.900255680,4.900255203,4.774691582,7.458786488,5.100070000,7.869789600,7.864884853,5.053297043",TLS,91,1,Safe,Web,6,DPI,"15" diff --git a/test/results/flow-analyse/salesforce.pcap.out b/test/results/flow-analyse/salesforce.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/salesforce.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/sccp_hw_conf_register.pcapng.out b/test/results/flow-analyse/sccp_hw_conf_register.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/sccp_hw_conf_register.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/sctp.cap.out b/test/results/flow-analyse/sctp.cap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/sctp.cap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/selfsigned.pcap.out b/test/results/flow-analyse/selfsigned.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/selfsigned.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/sflow.pcap.out b/test/results/flow-analyse/sflow.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/sflow.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/signal.pcap.out b/test/results/flow-analyse/signal.pcap.out new file mode 100644 index 000000000..abf5e723b --- /dev/null +++ b/test/results/flow-analyse/signal.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.17,23.57.24.16,tcp,57018,443,finished,16,16,1569051247599529,1569051247791544,1569051247792234,0,0,517,1440,893,10648,0,7,12410.3,52274,19984.8,399390400.0,3.2,"44158,46025,121,45605,778,217,319,168,47796,18,50,46011,44670,7772,1684,58,381,118,52274,18,1127,18,42555,122,704,525,120,879,64,358,7",52,413.3,1492,522.5,272968.6,4.0,"64,60,52,569,52,1492,1492,1268,1492,52,52,52,659,52,132,98,95,87,193,323,323,52,122,52,52,52,52,83,1098,1098,1492,413","10,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,1,1,0,0,0,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,1,1,1,1","4.496222496,5.260978699,5.115703106,4.449790955,5.154164791,7.842132568,7.877580166,7.812294483,7.873640060,5.077241421,5.115703106,5.032077789,7.623220921,5.154164791,6.284255981,5.843806267,5.875387192,5.767893314,6.860127449,7.271677971,7.350573063,5.115703106,6.393777370,5.115703106,5.062724113,5.024262428,5.038779736,5.628359795,7.828307152,7.836736202,7.865890980,7.503857136",TLS.AppleiTunes,91.145,1,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.17,23.57.24.16,tcp,57022,443,finished,15,17,1569051264078385,1569051264310199,1569051264310869,0,0,517,1440,862,11255,0,7,14977.4,100663,25001.2,625062336.0,3.3,"34916,37696,123,37363,772,231,309,173,37044,153,34846,100663,83343,17640,1078,2531,59,427,91,36023,34,31611,467,2412,13,489,2231,1076,233,244,7",52,431.7,1492,520.4,270842.4,4.1,"64,60,52,569,52,1492,1492,1268,1492,52,52,659,52,659,64,132,98,95,87,193,323,323,52,52,52,122,52,52,1098,1098,1492,413","9,3,1,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,1,0,0,0,0,0,2,0,0,1,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,1,1,0,0,1,0,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,1,1","4.496222496,5.227644920,5.115703106,4.414837837,5.154164791,7.853477478,7.870889187,7.817573071,7.876551151,5.115703106,5.062724590,7.664700031,5.077241421,7.657122135,4.978374004,6.355051041,5.966256618,5.935075283,5.821801186,6.831858158,7.289732933,7.287264824,5.154164791,5.115703106,5.154164791,6.311809540,5.115703106,5.115703106,7.817995071,7.817259789,7.852911472,7.453959465",TLS.AppleiTunes,91.145,1,Fun,Streaming,6,DPI,"" +1,ip4,192.168.2.17,35.169.3.40,tcp,57026,443,finished,20,12,1569051264666082,1569051265118031,1569051265227415,0,0,1440,1440,12293,2636,0,11,32686.5,114919,49905.0,2490513152.0,3.3,"108942,110621,122,110401,2138,28,112445,4951,114919,23,109553,1892,17,11,122,779,118,231,116,111402,211,108448,1776,614,1715,181,200,291,136,109394,1485",52,519.2,1492,606.2,367455.8,4.1,"64,60,52,569,52,1492,1090,52,178,103,121,52,105,102,94,298,1492,1492,1492,364,52,90,834,52,52,1492,1492,1492,1492,137,52,52","4,3,1,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,1,0,1,1,0,0,0,0,0,1,1","4.390677452,5.215063572,5.101185799,4.568855762,5.154164791,7.123593330,7.686298847,5.024262428,6.455136299,5.824676991,6.354698181,5.077241421,5.747490406,5.596203804,5.551773548,7.089583874,7.859809875,7.887398720,7.860632420,7.352869511,5.192626476,5.919520855,7.736015797,5.115703106,5.115703106,7.850556374,7.899875164,7.874493599,7.879738331,6.114603519,5.154164791,4.993616104",TLS.Signal,91.39,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.2.17,13.35.253.42,tcp,57027,443,info,20,12,1569051267121677,1569051267296344,1569051267317465,0,0,1440,1440,11716,2541,0,13,11950.2,43365,16041.8,257340416.0,3.7,"32885,39763,98,40023,2747,13,39382,7752,43365,416,22,34673,57,7463,493,19,81,373,5900,119,379,42152,16,471,26781,7559,10672,123,259,280,26119",52,498.2,1492,608.0,369644.2,4.0,"64,60,52,569,52,1492,995,52,178,52,103,121,52,52,105,102,94,243,90,1492,1492,1492,52,90,52,671,52,1492,1492,1492,1492,52","5,4,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0","7,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,1,1,1,0,1,0,0,0,0,1","4.433722496,5.194311619,5.024262428,4.269306660,5.062724590,7.102223873,7.698739052,5.077241421,6.281415939,5.115703106,5.989915848,6.360937119,5.077241421,5.077241421,5.716584206,5.596204281,5.530496597,6.966745853,5.422244072,7.874898434,7.862365246,7.863490105,4.937912464,5.888910294,5.077241421,7.631612301,5.077241421,7.861750603,7.881488323,7.873866558,7.857449532,5.115703106",,,,,,,,"" diff --git a/test/results/flow-analyse/simple-dnscrypt.pcap.out b/test/results/flow-analyse/simple-dnscrypt.pcap.out new file mode 100644 index 000000000..ef1267381 --- /dev/null +++ b/test/results/flow-analyse/simple-dnscrypt.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.43.167,134.119.26.24,tcp,50233,443,info,15,17,1491813284555591,1491813285148253,1491813285258007,0,0,218,1310,804,10162,0,0,41776.7,221977,52354.6,2741003520.0,3.9,"110617,111151,27928,119560,18487,5167,114877,3012,7467,5,1,10608,4894,14894,118,54,378,91813,2,71462,3132,28841,0,26832,76361,36004,32630,95192,61613,221977,1",40,383.4,1350,516.9,267229.7,3.9,"52,52,40,246,40,1350,1350,40,1350,1350,1350,346,40,166,93,96,82,258,298,109,40,78,40,78,40,40,40,401,40,105,1350,1310","7,4,1,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,6,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,1,1,0,0,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1","4.700937748,5.053297043,4.884183884,5.597340584,4.884183884,7.257542610,7.247560978,4.734184265,7.594522476,7.479546547,7.614046097,7.344598770,4.780641079,6.391661167,5.721328735,5.834361076,5.503191471,7.138485432,7.091854095,6.122251511,4.934183598,5.396905422,4.884183884,5.818656921,4.884183884,4.884183884,4.884183884,7.331987381,4.934183598,5.989890099,7.848228931,7.847333908",,,,,,,,"" +1,ip4,192.168.43.167,134.119.26.24,tcp,50259,443,info,16,16,1491813286393273,1491813286786121,1491813286786057,0,0,280,1310,962,7944,0,0,25343.0,105611,35915.9,1289953152.0,3.6,"76904,76992,229,75549,27738,2534,105611,594,1,590,1297,3,1553,3254,3682,128,52,3057,79,49,84732,1,74133,4254,0,9610,25085,23405,82024,4138,98354",40,319.1,1350,456.8,208637.0,3.9,"52,52,40,250,40,1350,1350,40,1350,1350,40,1350,346,40,166,93,96,82,320,119,118,298,109,40,40,78,40,78,40,402,401,40","7,4,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,0,0,0,0,0,0,0,1,1,0,1,1,1,0,1,1,1,0","4.662476063,5.014835358,4.784183979,5.463803768,4.784183979,7.264608860,7.254951954,4.784183979,7.596163750,7.476695061,4.665311813,7.616894245,7.412656784,4.784183979,6.267624378,5.635307789,5.800558090,5.503190994,7.286572456,6.049404621,6.063973427,7.156964302,6.273537159,4.934183598,4.884183884,5.802693844,4.834183693,5.438509464,4.884183884,7.476879120,7.394095898,4.934183598",,,,,,,,"" diff --git a/test/results/flow-analyse/sip.pcap.out b/test/results/flow-analyse/sip.pcap.out new file mode 100644 index 000000000..c4566261a --- /dev/null +++ b/test/results/flow-analyse/sip.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.2,212.242.33.35,udp,5060,5060,finished,21,11,1120469572844249,1120470235521078,1120470235448732,5,0,825,593,7448,4947,0,25935,42751008.0,279041814,57873684.0,3349363405357056.0,4.0,"136757,17415627,17424961,49834,89928591,89874891,17280679,17290428,150200040,150188219,17325180,17335822,73916043,73902652,17325038,17333170,25935,17724998,29031776,29092737,34118166,34119076,29272359,29031830,29031631,29031476,17104967,497671,1001842,279041814,227102",33,415.3,853,273.0,74531.7,4.6,"495,514,708,334,374,495,514,708,519,495,514,708,519,495,514,708,334,498,33,33,33,33,33,33,33,33,33,853,853,853,621,368","9,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,0,0,0,0,4,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,2,1,0,0,0,1,6,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0","5.741633415,5.745016098,5.709460258,5.733335018,5.724183083,5.734008312,5.752299309,5.705936909,5.742718697,5.746319294,5.735527039,5.694232941,5.749829292,5.746265888,5.718012810,5.700710297,5.702609062,5.648171425,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.098355293,4.037749290,4.098355293,4.098355293,5.722674847,5.721789837,5.722674847,5.763523579,5.703196526",SIP,100,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/sip_hello.pcapng.out b/test/results/flow-analyse/sip_hello.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/sip_hello.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/sites.pcapng.out b/test/results/flow-analyse/sites.pcapng.out new file mode 100644 index 000000000..6bc9bfd10 --- /dev/null +++ b/test/results/flow-analyse/sites.pcapng.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.128,91.198.174.208,tcp,50620,443,info,14,18,1623223595952198,1623223596109406,1623223596108936,0,0,517,1448,1036,16479,0,0,10127.3,52937,19772.5,390950848.0,2.8,"46836,50076,2241,52937,230,0,0,0,52220,0,0,0,1478,638,2420,52443,0,779,3077,0,237,0,0,0,0,0,199,47900,0,0,235",52,599.8,1500,646.4,417856.7,4.1,"60,60,52,569,52,1500,1500,1252,152,52,52,52,52,132,222,290,355,95,83,1500,1500,1500,1500,1500,1500,1500,1500,374,52,52,52,83","10,0,1,0,0,1,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,1,0,1,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0","4.713301182,5.220872402,5.008629799,5.408417225,5.079967022,7.845353127,7.893048763,7.841969490,6.480354786,5.047091007,5.047091484,5.085552692,5.085553169,6.254513264,6.947219372,7.136369228,7.362440109,5.997154236,5.666953564,7.893563271,7.867501259,7.878776073,7.865104198,7.874600887,7.869311810,7.861063480,7.860395432,7.425109863,5.085552692,5.047091007,5.085552692,5.564384460",,,,,,,,"" +1,ip4,192.168.1.250,45.82.241.51,tcp,39890,80,finished,17,15,1623226283573712,1623226284678348,1623226284677149,0,0,190,1460,380,18862,0,0,71228.2,1031142,245139.1,60093177856.0,1.6,"27914,29082,9509,39180,2950,0,249,0,0,0,0,59912,0,307,0,0,304,0,974261,1031142,0,0,0,29550,491,2002,0,490,0,730,0",46,645.1,1500,701.2,491744.0,4.0,"60,52,46,230,46,1500,1500,1500,1500,1500,1500,1382,46,46,46,46,46,46,46,230,1500,1500,1500,1500,46,46,1500,1500,46,46,46,46","15,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,12,0,0","0,1,0,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0","4.650921822,4.854286671,4.347350597,5.690956593,4.347350597,7.663578510,7.860166073,7.846680641,7.877070427,7.858085155,7.884421825,7.865271091,4.347350597,4.303872585,4.260394573,4.303872585,4.303872585,4.347350597,4.347350597,5.731587410,7.670816898,7.866776943,7.851586819,7.865674973,4.303872585,4.303872108,7.855195045,7.870656013,4.303872585,4.260394096,4.303872108,4.303872585",HTTP.Likee,7.261,0,Fun,SocialNetwork,6,DPI,"" diff --git a/test/results/flow-analyse/skinny.pcap.out b/test/results/flow-analyse/skinny.pcap.out new file mode 100644 index 000000000..9e0aadc33 --- /dev/null +++ b/test/results/flow-analyse/skinny.pcap.out @@ -0,0 +1,8 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.195.58,192.168.193.12,tcp,49399,2000,finished,13,19,1317801130501299,1317801134312976,1317801134286303,0,0,52,324,248,1620,1,14,245054.2,3609828,877176.1,769437794304.0,1.5,"2211,18,14,5962,3780,258,15,49,20014,19685,10391,48806,3559643,16,82,3609828,11683,20052,16478,36490,7020,23440,32822,19981,11660,17,20000,11522,27273,50735,26736",46,100.2,364,74.3,5521.7,4.7,"64,68,56,64,46,364,68,76,68,46,200,60,46,64,180,76,46,252,46,88,46,184,46,184,46,184,172,46,92,92,46,92","9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,0,0,5,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,0,1,1,1,1,0,1,0,1,1,1,1,0,1,0,0,1,1,0,1,0,1,1,0,0,0,1,0","3.922401428,4.000817776,4.543873787,4.299025536,4.398030758,3.738415241,4.369860649,4.173765659,4.555430412,4.446094513,4.498068333,4.266249657,4.654558659,4.450102329,2.632452726,4.180215836,4.398030758,4.264904022,4.549461365,3.957430601,4.654558659,2.670037031,4.549461365,2.689654589,4.478915215,2.567897081,4.683412552,4.398031235,4.043387413,3.999909163,4.567602158,4.021648407",CiscoSkinny,164,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.195.58,192.168.195.50,udp,32144,17718,finished,18,14,1317801134322976,1317801134482957,1317801134468575,172,0,172,172,3096,2408,0,4,9857.4,25564,10215.5,104355640.0,3.9,"25,19949,10,25564,11,20009,15,19949,15,19947,7,19983,8,20009,7,20042,7,20010,7,19977,4,19971,13,19997,11,20024,12,20020,11,19956,10",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","4.233760357,4.233760357,4.755019665,4.755019665,4.365148544,4.365148544,5.067544460,5.067544460,4.363914013,4.363914013,4.870802402,4.870802402,5.547243595,5.547243595,5.061565876,5.061565876,5.180966377,5.180966377,5.064822674,5.064822674,5.333183289,5.333183289,5.182554245,5.182554245,5.614361763,5.614361763,5.808181763,5.808181763,5.246697903,5.246697903,5.232192516,5.232192516",RTP,87,0,Acceptable,Media,6,DPI,"" +1,ip4,192.168.195.58,192.168.193.24,udp,32150,9395,finished,32,0,1317801134322539,1317801134942562,1317801134322539,172,0,172,0,5504,0,0,19901,20000.7,20073,35.0,1222.2,5.0,"20010,20035,19901,20015,19977,20040,20015,20006,19996,20018,19974,20009,19997,20001,20001,19982,20073,20009,20000,19999,20061,19944,19990,19953,20026,19940,20010,20055,20010,19978,19998",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.253760338,4.786761761,5.077544212,4.880802631,5.060857296,5.094822407,5.175570965,5.860004425,5.252192497,4.811758041,5.051555157,5.202684879,4.826058388,4.792474747,4.938888073,4.741405487,4.472463608,4.580914974,4.584398270,4.538744450,4.508350849,4.288617134,4.379649162,4.592761517,4.371983528,4.385575771,4.512448788,4.759740829,4.715042114,4.770418644,3.938650370,4.306789398",RTP,87,0,Acceptable,Media,6,DPI,"" +1,ip4,192.168.195.50,192.168.193.24,udp,17726,9399,finished,32,0,1317801134348136,1317801134968092,1317801134348136,172,0,172,0,5504,0,0,19962,19998.6,20095,27.6,759.7,5.0,"19962,19969,20095,19966,20007,20019,20010,19970,19996,20019,19982,19965,20001,20006,19994,20032,19986,19999,19985,19996,20021,19995,20005,19995,19975,19984,19971,20037,20033,19973,20008",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.382149220,4.433072090,5.554677963,5.245295525,5.359684944,5.638034821,5.272410393,5.136450291,4.824490070,4.458597660,4.762297153,4.430035591,4.140134811,3.858884573,3.769583702,3.278017282,3.433972836,3.403135061,3.567106962,4.292976856,4.648509502,4.789345264,4.830762386,4.555335999,4.442068100,6.184312344,4.938612938,6.346918106,6.461272717,6.171940327,6.510017872,6.460319996",RTP,87,0,Acceptable,Media,6,DPI,"" +1,ip4,192.168.195.58,192.168.193.24,udp,32152,9396,finished,32,0,1317801134349579,1317801134969420,1317801134349579,172,0,172,0,5504,0,0,19475,19994.9,20520,142.6,20347.9,5.0,"19831,19959,20146,19907,20018,20014,20011,20005,20001,20003,20045,19895,20035,19968,20008,20010,19972,20003,20520,19475,20014,19970,20034,19981,19987,19986,19966,20048,20036,19972,20021",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.393408298,4.432039738,5.622674942,5.222123623,5.373581886,5.658831120,5.279973507,5.143450737,4.839715958,4.427013874,4.767832279,4.403833866,4.120435238,3.834218979,3.762180805,3.235242844,3.409477234,3.386922836,3.548633337,4.268260479,4.605560303,4.771471977,4.801124096,4.541038036,4.446225643,6.169005394,4.927167892,6.350693703,6.448822498,6.188875198,6.544920921,6.452270985",RTP,87,0,Acceptable,Media,6,DPI,"" +1,ip4,192.168.195.50,192.168.193.24,udp,17732,9400,finished,32,0,1317801134383882,1317801135003916,1317801134383882,172,0,172,0,5504,0,0,19941,20001.1,20100,38.1,1453.4,5.0,"19977,19980,20100,19974,19997,19973,19984,19994,20002,20000,19996,19991,19980,20100,20004,19971,19986,20073,19948,19997,19947,20007,19941,20015,20065,19981,19993,20024,20019,20002,20013",200,200.0,200,0.0,0.0,5.0,"200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200","0,0,0,0,0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.886732578,5.045310974,5.069633007,5.162554741,5.808761120,5.197607994,4.773752689,5.019257545,5.175136566,4.783205986,4.789572239,4.908454418,4.722610474,4.455634594,4.590435505,4.554622650,4.530591965,4.497926712,4.290644169,4.361923218,4.586849689,4.387413979,4.413131237,4.509451866,4.762583256,4.689284325,4.748415470,3.920776129,4.292247295,5.242364883,5.593360424,5.532413960",RTP,87,0,Acceptable,Media,6,DPI,"" +1,ip4,192.168.193.12,192.168.195.50,tcp,2000,51532,finished,18,14,1317801130506133,1317801141425306,1317801141427620,0,0,492,52,1512,244,1,15,704537.4,7045910,1877203.8,3523893788672.0,2.2,"15,57,704,686,19914,3582983,19282,3622236,2065,19,22,17967,15924,20052,36329,2146,19966,30884,40036,6899,19067,13061,64116,28324,103909,42273,80357,6999604,16,5837,7045910",46,96.9,532,93.8,8793.0,4.6,"76,68,72,46,252,46,60,60,46,68,56,64,46,532,46,184,184,46,184,46,88,172,46,92,92,46,92,46,68,68,64,46","10,2,0,0,4,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,0,1,1,1,0,0,0,0,1,0,1,0,0,1,0,1,1,0,1,1,1,0,1,0,0,0,0,1","4.173766136,4.678438187,4.574613094,4.565872192,4.279353142,4.501398087,4.236247540,4.455914497,4.565872669,4.052432537,4.485925674,4.342070580,4.370963097,3.259213448,4.414441586,2.680906296,2.637759447,4.414441109,2.672017574,4.419027328,3.803910494,4.757339001,4.522394180,3.983498335,3.940019846,4.627491474,4.013442516,4.584012985,4.549689770,4.584219933,4.418852329,4.565872192",CiscoSkinny,164,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/skype-conference-call.pcap.out b/test/results/flow-analyse/skype-conference-call.pcap.out new file mode 100644 index 000000000..7752c86cf --- /dev/null +++ b/test/results/flow-analyse/skype-conference-call.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.20,104.46.40.49,udp,49282,60642,finished,16,16,1501061916646303,1501061916821040,1501061916812989,43,0,915,167,6417,1824,0,59,11013.6,100094,22446.4,503839616.0,3.0,"7339,44500,54477,177,54879,336,10342,20091,24441,100094,319,61,211,59,179,235,59,177,199,208,82,2810,14708,381,241,219,267,215,202,197,3718",63,285.5,943,317.0,100457.8,4.3,"132,132,100,100,132,100,136,138,131,123,195,63,155,155,155,155,155,155,155,155,155,155,100,71,943,943,943,943,943,943,155,121","0,1,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,2,12,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0,0","5.475533962,5.430079460,5.716311932,5.616310120,5.445230961,5.668762684,5.554492950,6.549376011,6.536014080,6.412748814,6.806855679,5.203801155,6.467489243,6.520809174,6.645484924,6.590196609,6.458263397,6.501328468,6.432456017,6.550292969,6.547129631,6.477230072,5.552665234,5.568275928,7.755900860,7.787482262,7.793358326,7.793142319,7.798308849,7.784828663,6.622673988,6.318281174",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" diff --git a/test/results/flow-analyse/skype.pcap.out b/test/results/flow-analyse/skype.pcap.out new file mode 100644 index 000000000..5454e73d1 --- /dev/null +++ b/test/results/flow-analyse/skype.pcap.out @@ -0,0 +1,9 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.34,157.56.126.211,tcp,50028,443,finished,18,14,1431969642444382,1431969643732696,1431969643732623,0,0,1317,1440,3197,6571,0,1,83114.7,300868,84343.9,7113900544.0,4.2,"75158,75224,28759,111209,161,82580,77181,227,77415,12662,300868,288212,83419,83480,324,86654,86327,3080,96533,93421,270,253866,5,253632,1,362,87184,86820,115773,3,115745",52,357.8,1492,468.9,219872.6,4.0,"64,56,52,146,1492,72,52,1492,850,52,159,52,111,111,52,281,233,52,681,233,52,249,745,265,52,52,617,153,1369,1492,57,52","10,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","4,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,1,0,0,0,1,0,1,1,0","4.566831589,5.351820469,5.169486523,5.800713062,7.041554928,5.648954391,5.207947731,7.520295143,7.684464455,5.207947731,6.679992676,5.207947731,5.987671375,6.112873554,5.131024837,7.175582409,7.117172718,5.169486523,7.686713219,7.039489746,5.169486523,7.041594028,7.715633392,7.181105614,5.169486523,5.092563629,7.678602695,6.704249382,7.873626232,7.885951519,5.348513603,5.131024361",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,6,DPI,"7" +1,ip4,192.168.0.254,239.255.255.250,udp,1025,1900,finished,32,0,1431969648258514,1431969708341272,1431969648258514,285,0,363,0,10560,0,0,14698,1938153.5,19850743,5863265.0,34377878732800.0,1.7,"15861,16704,16998,17146,15818,17029,16643,16363,16834,19850743,15743,18751,14698,83170,16831,19850724,16057,16593,16866,16918,16233,17002,16501,16455,16854,19850599,16277,16449,16736,16676,16486",313,358.0,391,29.2,851.5,5.0,"319,337,391,383,313,355,387,333,385,379,319,337,391,383,385,379,319,337,391,383,313,355,387,333,385,379,319,337,391,383,313,355","0,0,0,0,0,0,0,0,3,10,6,13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.771956921,5.745192528,5.705901623,5.747788906,5.703627110,5.702535152,5.702753544,5.689080238,5.666057110,5.690359116,5.771956921,5.737018108,5.707276821,5.747788906,5.667453766,5.678885460,5.757758617,5.745192528,5.721078873,5.742736340,5.694825172,5.702535152,5.718088150,5.701518059,5.681470871,5.690359116,5.765686989,5.734481335,5.721078873,5.754981518,5.697237015,5.696901798",SSDP,12,0,Acceptable,System,6,DPI,"" +1,ip4,192.168.1.34,157.56.52.28,tcp,50108,40009,info,16,16,1431969710853799,1431969713563704,1431969713605215,0,0,609,1440,1305,2277,0,6,176171.6,964718,204459.3,41803603968.0,4.2,"243983,244064,543,204260,761004,964718,546,202004,201464,40219,40223,162241,162248,40183,40179,200900,6,200973,204113,204068,127,240781,240640,207489,6,207586,2955,4516,199645,198010,41627",52,164.6,1492,286.0,81813.5,3.9,"64,60,52,124,52,109,52,60,60,52,52,88,120,52,52,91,52,55,52,196,52,56,52,661,52,56,52,1492,106,605,535,52","10,3,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,1","4.654482365,5.212701321,5.101990700,6.432995319,5.118428230,6.083127022,5.116507530,5.534151554,5.402482510,5.231892586,5.118428230,6.070055008,6.375442505,5.116507530,5.156889915,5.975852489,5.062724113,5.142062187,5.193430901,6.836936951,5.140452385,5.287363052,5.118428230,7.709677696,5.065449715,5.231198311,5.125935555,7.866834641,6.284335136,7.671433449,7.556340218,5.014835358",,,,,,,,"" +1,ip4,192.168.1.34,86.31.35.30,tcp,50119,59621,info,20,12,1431969715511238,1431969716485221,1431969716484897,0,0,754,1183,1698,1733,0,3,62827.2,199756,60860.2,3703968000.0,4.2,"83391,83495,120,64053,63956,403,68492,68085,2947,71202,68249,199756,199749,154162,154128,2646,133845,131248,179,107,71,64327,8428,55511,127901,188,164,70489,3,70121,226",52,159.8,1235,252.0,63524.5,4.0,"64,60,52,112,99,52,69,66,52,806,66,52,52,56,1235,52,609,152,130,80,119,109,52,52,132,52,80,73,347,52,52,79","14,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,1,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,1,1,1,0,0,0,1,1,0,0","4.654482365,5.333454132,5.195351601,6.316112518,6.194816113,5.156889915,5.495990753,5.445763588,5.118428230,7.748650074,5.476066589,5.118428230,5.115703106,5.253432751,7.862428188,5.079966545,7.627686024,6.621866226,6.402141094,5.698502541,6.358891010,6.256488323,5.154164791,5.171407223,6.388115883,5.233812809,5.866852760,5.718504906,7.269364357,5.171407223,5.094483376,5.681488514",,,,,,,,"" +1,ip4,192.168.1.34,17.172.100.36,tcp,50128,443,finished,15,17,1431969719110749,1431969720072924,1431969720249898,0,0,626,1440,2665,3500,0,1,67784.6,604696,135914.5,18472736768.0,3.0,"148679,148806,840,151642,7,49,150807,1,231,1,31483,95,153251,682,32561,5239,16750,14,176748,67,2129,1532,4,3534,1,449491,70,604696,5454,16453,7",40,234.9,1480,350.9,123149.1,3.9,"64,46,40,273,46,132,77,40,40,46,77,666,606,46,46,46,46,373,76,40,40,1480,1207,66,40,40,659,618,46,46,373,76","9,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,3,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,1,0,0,1,1,1,0,0,0,0,1,1,1,1","4.566831589,5.009399891,4.831687450,6.027278900,4.565872192,6.096841335,5.810150623,4.781687260,4.831687450,4.838567257,5.654305935,7.685338974,7.680083275,4.565872192,4.609350681,4.652828693,4.522393227,7.430202484,5.691814423,4.731687546,4.781687260,7.874620914,7.827808857,5.536673069,4.831687450,4.781687260,7.725860596,7.639239788,4.609350204,4.565871716,7.405247211,5.760828972",TLS.AppleiCloud,91.143,1,Acceptable,Web,6,DPI,"15" +1,ip4,192.168.1.34,81.83.77.141,tcp,50121,17639,info,19,13,1431969716015431,1431969721054543,1431969721054434,0,0,753,1124,1497,1406,0,104,325100.5,1782015,509745.4,259840393216.0,3.6,"60786,60878,104,60135,60019,392,72414,72021,2895,63202,60274,262292,262312,157419,157474,3644,187775,184138,1852,62855,110047,171036,158,63674,63522,1468105,1782015,746099,1060012,1410290,1410276",52,143.3,1176,243.1,59118.2,3.9,"64,60,52,97,113,52,68,66,52,805,66,52,52,56,1176,52,609,97,88,72,52,95,52,81,80,52,89,52,90,52,91,52","14,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,0,1,1,0,1,0","4.685732365,5.340227127,5.233813286,6.019866467,6.368683815,5.195351601,5.624080658,5.536673069,5.195351601,7.760460854,5.585841656,5.156889915,5.154164791,5.266912937,7.819509983,5.195351601,7.645509243,6.085315704,5.933692455,5.598238945,5.231087685,5.933996201,5.195351601,5.713249207,5.826287746,5.233813286,5.866018772,5.171407223,5.955576897,5.094483852,6.043343544,5.154164791",,,,,,,,"" +1,ip4,192.168.1.34,71.238.7.203,tcp,50117,18767,info,18,14,1431969715510906,1431969745372080,1431969745371963,0,0,777,1024,1536,1336,0,3,1926523.6,25523822,6196933.5,38401982070784.0,2.0,"228112,228245,119,219602,219451,352,214503,214173,209707,209682,96,381818,2061048,2011661,148181,480497,212142,212191,3594,275159,271497,162,220246,3,220142,134,216099,215969,136225,25387599,25523822",52,142.5,1076,232.3,53983.1,4.0,"64,64,52,109,87,52,69,66,52,66,52,56,52,829,52,1076,52,142,52,609,94,120,79,52,98,52,81,108,52,52,67,52","14,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,1,0","4.611437321,4.654482365,4.944975376,6.187591553,5.911162853,5.308815479,5.697440624,5.646447659,5.308815479,5.676750660,5.308815479,5.323077679,5.233812809,7.755376339,5.101185799,7.836594582,5.231892586,6.520278931,5.078045845,7.657844543,5.946936607,6.397566319,5.868788719,5.233813286,6.106810570,5.231892586,5.915599823,6.143779278,5.270353794,5.272274494,5.762140274,5.270353794",,,,,,,,"" +1,ip4,192.168.1.34,71.238.7.203,tcp,50138,18767,info,19,13,1431969771806353,1431969808100305,1431969777317750,0,0,776,1024,1531,1305,0,98,1348559.6,30125563,5301136.0,28102044418048.0,1.9,"214728,214808,140,223488,223372,360,217535,217176,213636,213655,98,315319,2988490,3022192,145311,494208,215912,215930,3576,275623,272053,209,291401,291140,160,74979,137019,211866,164254,30125563,821148",52,141.4,1076,232.5,54056.9,4.0,"64,64,52,92,87,52,69,66,52,66,52,56,52,828,52,1076,52,142,52,608,87,132,81,97,52,81,52,100,52,52,52,52","15,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,1,0,0,1,1,0,1,0,0","4.654482365,4.685732365,4.944975376,5.966120720,5.970302582,5.308815479,5.715485096,5.705540657,5.270353794,5.705540657,5.270353794,5.300843716,5.347277164,7.737775803,5.385738850,7.811435223,5.116507530,6.632953644,5.231892586,7.624665260,6.070933819,6.535917759,5.915600300,6.177032948,5.154969215,5.788875103,5.231892586,6.220213890,5.193430901,5.347277164,5.193430901,5.270353794",,,,,,,,"" diff --git a/test/results/flow-analyse/skype_no_unknown.pcap.out b/test/results/flow-analyse/skype_no_unknown.pcap.out new file mode 100644 index 000000000..c48c5fb08 --- /dev/null +++ b/test/results/flow-analyse/skype_no_unknown.pcap.out @@ -0,0 +1,6 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.34,157.56.126.211,tcp,51230,443,finished,17,15,1431970634729598,1431970635881910,1431970636210299,0,0,1317,1440,3197,6571,0,4,84935.9,302172,91274.9,8331100672.0,4.1,"75602,75664,27532,108847,162,81462,75632,793,76430,15396,302172,286823,74727,74702,490,91055,90550,1676,83562,81907,257,247113,246931,287,176,301,92281,92015,289787,38677,4",52,357.8,1492,468.9,219872.6,4.0,"64,56,52,146,1492,72,52,1492,850,52,159,52,111,111,52,281,233,52,681,233,52,249,745,52,265,52,617,153,1369,52,1492,57","9,1,1,1,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","5,1,0,1,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,1,1","4.566831589,5.231197834,5.207947731,5.674067974,7.049631596,5.565620899,5.131024837,7.511627674,7.685983658,5.092563152,6.689486980,5.207948208,6.034001350,6.063236237,5.131024361,7.255164623,6.962138176,5.078045845,7.665988445,7.021088123,5.092563152,7.174606800,7.695394039,5.169486046,7.219842434,5.169486046,7.676120758,6.637963295,7.867539883,5.207947731,7.870429039,5.313425064",TLS.Skype_Teams,91.125,1,Acceptable,VoIP,6,DPI,"7" +1,ip4,192.168.1.34,17.172.100.36,tcp,51227,443,finished,16,16,1431970637197675,1431970639484015,1431970639483962,0,0,626,607,3514,2368,1,0,147504.1,1077385,322658.5,104108531712.0,2.7,"72,141755,4583,11838,4,158204,0,1417,4,1400,0,933119,61,1077385,3887,16084,4,164206,0,1860,3,1840,0,866377,142,1010555,4963,11788,160778,157,141",40,224.9,666,252.7,63877.7,4.2,"666,608,46,46,373,76,40,40,642,66,40,40,659,616,46,46,373,76,40,40,647,66,40,40,663,542,46,46,373,40,76,40","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,3,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,1,0,0,1,1,0,0,0,0,1,1,1,0,1,0","7.674015522,7.668118000,4.652828693,4.505982399,7.427917480,5.699883461,4.831687450,4.881687164,7.645244122,5.566976070,4.831687450,4.831687450,7.688735008,7.679184437,4.609350681,4.565872192,7.476705551,5.708197594,4.781687260,4.831687450,7.687032700,5.555538654,4.831687450,4.881687164,7.666993618,7.641694546,4.565872192,4.522393227,7.411273003,4.831687450,5.770762444,4.831687450",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.34,111.221.74.48,tcp,51279,40008,info,17,15,1431970682971895,1431970686763311,1431970686763184,0,0,609,1440,1353,2282,0,3,244603.4,1296903,277928.5,77244252160.0,4.1,"1006187,1296903,290818,554,292771,2163,294344,530,293322,292842,39566,39558,253265,253274,40127,40121,350396,3,350380,293934,293924,133,334278,334179,299989,7,300043,2124,4226,292441,290303",52,166.6,1492,288.6,83264.9,3.9,"64,64,60,52,102,52,155,52,60,60,52,52,98,81,52,52,91,52,55,52,196,52,56,52,661,52,56,52,1492,106,603,595","11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0","4.591982365,4.685732365,5.379368782,5.156889439,6.098606110,5.310736179,6.719574928,5.231892586,5.434151649,5.435815811,5.217375278,5.192625999,6.264057159,5.966215611,5.193430901,5.118428230,6.152135849,5.272274494,5.217365742,5.270353794,6.867547989,5.193430901,5.336557388,5.233812809,7.669265747,5.195351124,5.302626133,5.231892586,7.881810188,6.162669659,7.661843300,7.626007080",,,,,,,,"" +1,ip4,192.168.1.34,81.83.77.141,tcp,51294,17639,info,18,14,1431970689672643,1431970693736762,1431970694329250,0,0,752,1124,1528,1371,0,128,281313.8,2004084,501089.8,251090993152.0,3.5,"69753,69875,128,64112,63941,396,65391,64977,1952,66745,64884,268026,267948,126507,126511,3724,173414,169731,172,68870,95737,164424,174,67018,66860,198434,1936170,2004084,795927,1062252,592589",52,143.2,1176,243.0,59065.6,3.9,"64,60,52,117,80,52,68,66,52,804,66,52,52,56,1176,52,608,95,96,78,52,95,52,79,73,52,52,90,52,91,52,97","13,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1","4.623232365,5.300120831,5.195351124,6.325283527,5.743623257,5.195351601,5.572466850,5.597279072,5.156889915,7.729978561,5.597279072,5.156889915,5.192626476,5.302627087,7.848286152,5.195351601,7.719808578,6.123468399,6.165541172,5.733872414,5.115703106,6.010258675,5.118427753,5.870053768,5.680767059,5.156889915,5.192626476,6.012281418,5.209868431,6.007682800,5.156889915,6.122959137",,,,,,,,"" +1,ip4,192.168.0.254,239.255.255.250,udp,1025,1900,finished,32,0,1431970648367692,1431970708344887,1431970648367692,285,0,363,0,10518,0,0,491,1934748.2,19856559,5865016.5,34398418239488.0,1.7,"557,584,518,491,526,99678,590,558,630,19856559,16227,16968,16620,16461,16743,19850608,16179,16542,16730,16663,16557,16953,16553,16675,16584,19850616,15995,16653,16828,16721,16628",313,356.7,391,29.1,844.3,5.0,"319,337,391,383,313,355,387,333,385,379,313,355,387,333,385,379,319,337,391,383,313,355,387,333,385,379,319,337,391,383,313,355","0,0,0,0,0,0,0,0,4,9,7,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.764857769,5.738472939,5.706055641,5.738885880,5.696391106,5.696156025,5.702908993,5.694716930,5.666212559,5.684383869,5.696391106,5.696156025,5.712235928,5.682279587,5.675588608,5.684383869,5.764857769,5.732538223,5.701994896,5.740596294,5.696391106,5.685169697,5.698806763,5.694716930,5.662089348,5.677114964,5.764857769,5.738472939,5.715287209,5.736823559,5.684858322,5.687015057",SSDP,12,0,Acceptable,System,6,DPI,"" diff --git a/test/results/flow-analyse/skype_udp.pcap.out b/test/results/flow-analyse/skype_udp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/skype_udp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/smb_deletefile.pcap.out b/test/results/flow-analyse/smb_deletefile.pcap.out new file mode 100644 index 000000000..9ccb845ea --- /dev/null +++ b/test/results/flow-analyse/smb_deletefile.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.118,192.168.1.187,tcp,56848,445,finished,20,12,1584368315417275,1584368317627960,1584368317628867,0,0,412,500,2972,3826,1,20,142654.1,2158424,529256.2,280112168960.0,1.2,"1172,1225,2157281,2158424,1159,87,1253,1160,7461,9355,1883,124,103,75,20,492,151,550,5618,5637,4741,5866,1131,107,1245,1127,130,997,857,25951,26895",40,252.6,540,190.9,36432.9,4.5,"420,540,40,364,508,40,380,524,40,452,166,40,540,40,144,140,46,144,40,116,40,380,524,40,420,396,40,284,356,40,388,452","10,0,0,2,0,0,0,1,0,0,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,1,2,0,0,0,0,0,1,0,1,1,0,1,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1","3.069277287,3.365245581,4.461769104,2.731584549,2.957580328,4.511769295,2.886561632,3.152696133,4.511769295,2.994292021,3.490118504,4.511769295,2.920198441,4.511769295,3.495491743,3.175110340,4.402616024,3.673908472,4.461769104,3.397419930,4.511769295,2.886561632,3.164842129,4.511769295,3.078800917,2.788191795,4.461769104,2.814971924,2.968542337,4.511769295,2.599048853,2.976962328",NetBIOS.SMBv23,10.41,0,Acceptable,System,6,DPI,"" diff --git a/test/results/flow-analyse/smb_frags.pcap.out b/test/results/flow-analyse/smb_frags.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/smb_frags.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/smbv1.pcap.out b/test/results/flow-analyse/smbv1.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/smbv1.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/smpp_in_general.pcap.out b/test/results/flow-analyse/smpp_in_general.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/smpp_in_general.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/smtp-starttls.pcap.out b/test/results/flow-analyse/smtp-starttls.pcap.out new file mode 100644 index 000000000..aed123c4f --- /dev/null +++ b/test/results/flow-analyse/smtp-starttls.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.0.1,173.194.68.26,tcp,57406,25,finished,15,17,1388017124762850,1388017125217215,1388017125228642,0,0,686,1418,1384,4627,0,26,29682.5,156957,34710.8,1204840832.0,4.2,"11168,11193,11857,11849,79,11152,39169,67072,28169,11489,12210,262,12322,26,24821,37890,13457,11887,11608,11639,11817,51431,103694,156957,13622,11529,11126,16410,67319,42853,94080",52,240.3,1470,368.1,135468.5,4.0,"60,60,52,103,52,80,52,206,62,82,164,1470,1470,52,905,366,262,105,217,113,117,113,52,158,738,52,80,52,128,52,83,133","9,3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,3,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,0,1","4.527644634,5.164738178,4.944975376,5.655648708,4.868052483,4.887005329,4.983437061,5.795777798,5.058248043,5.413370609,5.231037617,6.553743362,7.414661884,4.893245220,7.240818024,7.277081490,6.869879723,5.969118595,6.897389412,6.050327778,6.234992027,6.200943947,4.944975376,6.499523640,7.703155994,4.906513691,5.556689262,4.868052006,6.265826702,4.776611805,5.571072102,6.285814285",SMTPS.Google,29.126,1,Acceptable,Email,6,DPI,"7" +1,ip6,2003:de:2016:125:fc36:8317:4e86:cb72,2003:de:2016:120::a08:53,tcp,7562,25,finished,16,16,1524746968365832,1524746968662121,1524746968661622,0,0,1034,1140,1734,2097,0,2,19099.3,202908,48707.1,2372380928.0,2.8,"744,995,19017,29506,11113,127,1248,999,1000,6126,12754,624,8625,202034,202908,998,7251,6751,7252,7260,1247,2128,2995,378,21009,21750,990,6762,2,6750,736",60,180.5,1200,257.1,66086.8,4.2,"72,72,60,118,110,60,212,70,90,242,1200,186,139,318,227,60,149,103,123,103,95,126,60,1094,60,125,95,104,91,60,91,60","7,4,2,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,4,2,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0","4.281427383,4.959185600,4.579100609,5.619654655,5.411477089,4.829739571,5.596319675,4.894675732,5.166758537,5.366472721,7.601028442,6.201757908,5.921764851,7.156020164,6.896310806,4.658349514,6.097513199,5.672229767,5.596776009,5.715824604,5.162304878,6.073466778,4.799921513,7.803120613,4.833254814,6.058705330,5.062202930,5.764057636,4.995513916,4.579101086,5.463903904,4.446732044",SMTPS,29,1,Safe,Email,6,DPI,"6,15" diff --git a/test/results/flow-analyse/smtp.pcap.out b/test/results/flow-analyse/smtp.pcap.out new file mode 100644 index 000000000..2d2ed729e --- /dev/null +++ b/test/results/flow-analyse/smtp.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,194.7.248.153,172.16.114.207,tcp,2127,25,finished,16,16,934028408568957,934028408659170,934028408659389,0,0,40,84,469,576,0,316,5827.3,55118,11962.2,143094448.0,3.2,"316,1134,19693,31096,24595,55118,2208,21382,1142,1166,1125,1230,1225,1086,1083,1063,1064,1068,1066,1077,1106,1085,1057,1068,1067,1048,1046,1060,1062,1055,1054",46,73.6,124,15.2,230.1,5.0,"46,46,46,124,46,62,46,66,62,84,76,83,79,78,79,78,80,79,79,78,79,78,80,79,78,77,77,76,80,79,78,77","5,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.217956066,4.965921402,4.414441109,5.606353760,4.414441109,5.401541233,4.398030758,5.373719692,5.366997719,5.482748032,5.540370464,5.525596142,5.518477440,5.566954136,5.471196175,5.560668945,5.565314293,5.578667164,5.537589550,5.586310863,5.547144890,5.611951351,5.485757828,5.482342720,5.493423939,5.506668091,5.516471386,5.546820641,5.505877972,5.562905312,5.524069786,5.501934052",SMTP,3,0,Acceptable,Email,6,DPI,"" diff --git a/test/results/flow-analyse/smtps.pcapng.out b/test/results/flow-analyse/smtps.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/smtps.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/snapchat.pcap.out b/test/results/flow-analyse/snapchat.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/snapchat.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/snapchat_call.pcapng.out b/test/results/flow-analyse/snapchat_call.pcapng.out new file mode 100644 index 000000000..bc3da92e7 --- /dev/null +++ b/test/results/flow-analyse/snapchat_call.pcapng.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.169,18.184.138.142,udp,42083,443,finished,16,16,1595865799020160,1595865802042641,1595865802853531,28,0,1350,1350,3902,5824,0,7,221156.5,1447282,397282.2,157833134080.0,3.2,"16846,68,30414,96,24231,5110,25,16,20308,29142,5531,102,7,211,2051,54351,38,19,507575,1447282,48721,53521,57932,1172660,3328,7500,379723,803486,440070,1155688,589800",48,331.9,1378,468.5,219532.9,3.9,"1378,1378,1378,1378,611,64,1378,48,414,56,72,66,66,66,187,86,48,48,48,72,337,289,337,289,72,56,56,72,56,72,72,72","4,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","4,4,0,0,0,0,0,0,2,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0","0,1,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,1,0,1,1,1,1,0,0,0,1,0,0,1,1","2.189238071,7.706800461,4.743436813,3.984874964,7.719462395,5.249389172,7.849965572,5.376628876,7.440353394,5.374054909,5.683540821,5.644934177,5.675237656,5.595766544,6.808179855,6.041157246,5.293295383,5.251628876,5.209962368,5.540976048,7.375632763,7.234831333,7.426898956,7.225734234,5.603883266,5.407986164,5.336557388,5.692057133,5.063577652,5.570461750,5.619208336,5.674763680",QUIC.SnapchatCall,188.255,1,Acceptable,VoIP,6,DPI,"24" diff --git a/test/results/flow-analyse/snmp.pcap.out b/test/results/flow-analyse/snmp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/snmp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/soap.pcap.out b/test/results/flow-analyse/soap.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/soap.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/socks-http-example.pcap.out b/test/results/flow-analyse/socks-http-example.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/socks-http-example.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/softether.pcap.out b/test/results/flow-analyse/softether.pcap.out new file mode 100644 index 000000000..a8278803d --- /dev/null +++ b/test/results/flow-analyse/softether.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.100,130.158.6.113,udp,51381,5004,finished,17,15,1657762868392000,1657907318692000,1657907318946000,1,0,480,328,975,1020,0,257000,36711136.0,1566080232,451865472.0,204182401654456320.0,2.7,"257000,27676000,27674000,26195000,26194000,26159000,26161000,10299000,10301000,14858000,14853000,27814000,27815000,25788000,1540291232,1566080232,18689000,18689000,5427000,5426000,27856000,27856000,26072000,26072000,26524000,26524000,24993000,24993000,25093000,862645000,887738000",29,90.3,508,132.5,17556.2,4.1,"29,56,29,56,29,56,29,56,508,356,29,56,29,56,29,29,56,508,356,29,56,29,56,29,56,29,56,29,56,29,29,56","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,1","4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,4.988168716,4.582120895,5.059597492,5.016859055,4.526149750,4.582120895,5.059597492,4.513154984,5.010403156,4.582120895,4.582120895,5.001649380,5.023393631,4.521674156,4.582120895,5.001649380,4.582120895,5.059597492,4.513154984,5.059597492,4.582120895,5.059597492,4.582120895,5.059597492,4.582120895,4.582120895,4.988168716",Softether,290,1,Acceptable,VPN,6,DPI,"" diff --git a/test/results/flow-analyse/someip-tp.pcap.out b/test/results/flow-analyse/someip-tp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/someip-tp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/someip-udp-method-call.pcapng.out b/test/results/flow-analyse/someip-udp-method-call.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/someip-udp-method-call.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/someip_sd_sample.pcap.out b/test/results/flow-analyse/someip_sd_sample.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/someip_sd_sample.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/sql_injection.pcap.out b/test/results/flow-analyse/sql_injection.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/sql_injection.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ssdp-m-search-ua.pcap.out b/test/results/flow-analyse/ssdp-m-search-ua.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ssdp-m-search-ua.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ssdp-m-search.pcap.out b/test/results/flow-analyse/ssdp-m-search.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ssdp-m-search.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ssh.pcap.out b/test/results/flow-analyse/ssh.pcap.out new file mode 100644 index 000000000..f21fe1d5f --- /dev/null +++ b/test/results/flow-analyse/ssh.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,172.16.238.1,172.16.238.168,tcp,58395,22,finished,18,14,1320435464760244,1320435472330349,1320435469423179,0,0,904,784,1509,1885,0,26,394614.2,2907110,888738.9,789856780288.0,2.5,"26,41,8112,8146,295,788,470,140,1469,1611,306,1791,1560,1614,14729,13069,1842,42337,40496,170,257,393,251,40593,51194,91555,2632288,2632557,1868772,1869058,2907110",52,158.7,956,230.1,52961.8,4.1,"64,60,52,73,52,73,52,956,52,836,52,76,204,52,196,772,52,68,52,100,52,100,52,116,52,132,52,196,52,132,52,196","12,1,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0","4.495864868,5.031404495,4.947339535,5.395304680,4.870416641,5.379396915,4.940637589,5.147055149,4.940637589,5.183596134,4.923395157,4.404554367,6.511710644,4.985801220,6.696379662,7.508841991,4.884933472,4.511087418,4.815073490,5.981212139,4.902175903,6.028761387,4.894361019,6.251031399,4.940637589,6.350845814,4.932822704,6.810175419,4.853535175,6.303876877,4.902175426,6.814750671",SSH,92,1,Acceptable,RemoteAccess,6,DPI,"18,19" diff --git a/test/results/flow-analyse/ssl-cert-name-mismatch.pcap.out b/test/results/flow-analyse/ssl-cert-name-mismatch.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ssl-cert-name-mismatch.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/starcraft_battle.pcap.out b/test/results/flow-analyse/starcraft_battle.pcap.out new file mode 100644 index 000000000..428330260 --- /dev/null +++ b/test/results/flow-analyse/starcraft_battle.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.100,87.248.221.254,tcp,3508,80,finished,16,16,1437389964790451,1437389964979632,1437389964979854,0,0,187,1460,187,20440,0,74,12212.4,72387,23706.7,562007808.0,2.8,"58058,58113,96,58244,14251,72387,112,82,193,195,145,152,166,165,184,184,148,146,165,165,56805,56877,234,178,216,245,157,122,91,74,234",40,685.5,1500,719.0,516967.3,4.1,"52,52,40,227,46,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500,40,1500","15,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.624014378,4.863714218,4.730640888,5.822455883,4.457919598,5.306115150,4.661768913,5.107864380,4.580640793,5.186793804,4.730640888,5.093457222,4.680640697,5.097416878,4.630640984,5.152558804,4.621928215,5.157567024,4.621928215,5.123836517,4.680641174,5.187242508,4.730640888,5.148094177,4.730640888,5.081175804,4.680641174,5.152382851,4.680641174,5.186464310,4.680641174,5.134456635",HTTP,7,0,Acceptable,Download,6,DPI,"4,16" +1,ip4,192.168.1.100,213.248.127.130,tcp,3517,1119,finished,26,6,1437389982130449,1437389982733601,1437389982710820,0,0,195,743,893,1074,0,22,38178.2,166321,53269.1,2837592064.0,3.6,"52549,52614,94628,145687,24327,95105,95914,166321,70940,49609,160290,31197,128649,15235,41,28,25,24,29,35,25,23,24,30,27,23,28,23,22,29,22",40,102.4,783,136.0,18494.5,4.3,"52,46,40,142,46,783,40,220,303,40,235,46,108,42,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63,63","23,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.463548183,4.642490387,4.665311337,5.407479763,4.522393227,7.766187668,4.981687546,7.105029583,7.198122978,4.931687355,6.211636543,4.652828693,5.019042969,4.830181599,5.558794022,5.515064716,5.602522373,5.570774555,5.634266376,5.666012287,5.451573372,5.475538254,5.539031029,5.666014194,5.729505062,5.697759151,5.515064716,5.602520943,5.590539455,5.666013718,5.602520943,5.570777416",Starcraft,213,0,Fun,Game,6,DPI,"" +1,ip4,192.168.1.100,2.228.46.112,tcp,3527,80,finished,12,20,1437389985891466,1437389985995179,1437389985995168,0,0,149,1460,149,26280,0,65,6690.8,34324,13000.1,169003376.0,2.9,"32476,32510,1623,34324,1138,65,33880,153,130,283,141,278,419,213,122,339,108,139,244,139,597,734,100,131,232,130,134,265,32899,285,33184",40,866.8,1500,718.4,516058.3,4.3,"52,52,40,189,46,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40,1500,1500,40","11,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0","0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0","4.545560837,4.801308632,4.730640888,5.763886929,4.501398087,5.907708645,7.721281052,4.730640888,7.812506199,7.777710438,4.730640888,7.794231415,7.742146015,4.680641174,7.749040604,7.800151825,4.680641174,7.781608105,7.754264832,4.730640888,7.783253193,7.795304775,4.730640888,7.746140480,7.751955986,4.680641174,7.805341244,7.749295712,4.730640888,7.808876514,7.796334743,4.680641174",HTTP,7,0,Acceptable,Web,6,DPI,"" diff --git a/test/results/flow-analyse/steam.pcap.out b/test/results/flow-analyse/steam.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/steam.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/steam_datagram_relay_ping.pcapng.out b/test/results/flow-analyse/steam_datagram_relay_ping.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/steam_datagram_relay_ping.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/stun.pcap.out b/test/results/flow-analyse/stun.pcap.out new file mode 100644 index 000000000..635985fe9 --- /dev/null +++ b/test/results/flow-analyse/stun.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip6,3516:bf0b:fc53:75e7:70af:f67f:8e49:f603,2a38:e156:8167:a333:face:b00c::24d9,udp,56880,3478,finished,16,16,1614938022295727,1614938163424247,1614938163431063,20,0,20,44,320,704,0,2867,9105286.0,10358549,2980037.5,8880623976448.0,4.8,"6861,10132226,10132257,10358549,2935,10358540,2867,10055433,10055494,10056921,10056927,10057230,10057183,10053930,10053957,10069481,10069496,10027109,10027105,10027261,10027286,10063952,10063896,10098322,10098363,10035461,10035403,10061356,10061442,10028354,10028259",68,80.0,92,12.0,144.0,5.0,"68,92,68,92,68,68,92,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92,68,92","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","5.422471046,5.541838169,5.422470093,5.514770508,5.451882362,5.451882362,5.536509514,5.536509514,5.481293678,5.593521595,5.451882362,5.558248997,5.393059731,5.558248997,5.510704994,5.571783066,5.352545738,5.460210800,5.451882362,5.514770508,5.422471046,5.550043106,5.422470093,5.541838169,5.451882362,5.550043583,5.451882362,5.593522072,5.451882362,5.541838169,5.393058777,5.528304577",STUN,78,0,Acceptable,Network,6,DPI,"" +1,ip4,192.168.12.169,31.13.86.54,udp,38123,40003,finished,17,15,1629291451242856,1629291458067482,1629291458262623,28,0,140,132,2076,1496,0,34,446593.3,6004359,1462539.6,2139022032896.0,1.9,"11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153",56,139.6,168,32.1,1033.4,5.0,"56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160","1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1","4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147",STUN.FacebookVoip,78.268,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.12.169,142.250.82.99,udp,49153,3478,finished,17,15,1647958145472010,1647958147569135,1647958147445904,65,0,546,1198,2034,2806,0,10,131323.2,835905,227053.5,51553292288.0,3.4,"22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681",62,179.2,1226,221.3,48965.1,4.4,"136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95","0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0","5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762",STUN.GoogleHangoutDuo,78.201,0,Acceptable,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/stun_signal.pcapng.out b/test/results/flow-analyse/stun_signal.pcapng.out new file mode 100644 index 000000000..e8a795c40 --- /dev/null +++ b/test/results/flow-analyse/stun_signal.pcapng.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.12.169,18.195.131.143,udp,43068,61156,finished,16,16,1636901958294242,1636901960601813,1636901960620966,28,0,104,96,1032,1012,0,25,149493.4,679364,200828.1,40331911168.0,3.9,"83894,37,92476,7793,46066,91419,25,37867,39955,9097,41868,367689,125,441001,43,600796,610250,117949,49918,49758,64212,212886,679364,8747,45,503798,102888,200994,101814,9344,62177",56,91.9,132,24.9,621.5,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,84,84,124,92,56,84,56,56,56,124,92,84,56,84","4,3,4,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,4,5,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,0,1,1,0,0,1,1,1,0,0,1,0,0,1","5.768973827,5.811776161,5.931350708,5.819116592,5.739065170,5.636717796,5.871664047,5.907987118,5.819117546,5.781831741,5.903046608,5.775639534,5.668575764,5.083614826,5.811898232,5.271638393,5.861793995,5.810910702,5.781786919,5.698687553,5.893005371,5.819117069,5.083614826,5.770115376,5.235924244,5.200210571,5.083615780,5.835623741,5.811777115,5.606133938,5.119328976,5.779102325",STUN,78,0,Acceptable,Network,6,DPI,"5" +1,ip4,35.158.183.167,192.168.12.169,icmp,,,finished,30,2,1636901936083692,1636901980739508,1636901940925734,56,0,64,104,1760,208,0,15,1596705.0,17079364,3547473.5,12584568750080.0,2.8,"4084,63003,42,180775,3510,1499231,2002773,15,4841966,76,17079364,30045,28084,9989,178591,30710,1472432,2000483,30998,3968781,29896,37348,7808,7927339,28492,35381,6539,7931223,29238,34577,5065",76,81.5,124,11.6,133.8,5.0,"76,76,84,84,76,76,76,76,76,124,124,76,76,84,84,76,76,76,76,76,76,76,84,84,76,76,84,84,76,76,84,84","0,20,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.045846939,5.151109695,5.089153290,5.017724991,5.072162628,5.124794006,5.045846939,5.035913944,5.088545322,5.533661366,5.689179420,4.953483582,4.999665260,4.975942135,4.999751568,4.937100887,4.999665260,5.025980949,5.025980949,4.999665260,4.989732265,4.983282089,4.999751568,4.975942135,5.025980949,5.062229633,5.056357384,5.008738518,4.999665260,5.035913944,5.008738041,5.056357384",ICMP,81,0,Acceptable,Network,6,DPI,"" +1,ip4,192.168.12.169,18.195.131.143,udp,47767,61498,finished,16,16,1636902000073738,1636902002442030,1636902002440493,28,0,104,96,1068,1052,0,43,152743.5,665020,189167.3,35784253440.0,4.0,"68482,50,70303,29273,44732,113365,45,43187,26522,8477,31033,313588,306,410657,43,665020,630540,122450,190474,61616,378076,7868,325508,42160,76005,424878,96788,5410,434339,47676,66176",56,94.2,132,24.6,605.9,4.9,"124,92,124,92,132,132,92,124,92,92,124,92,84,56,84,56,124,92,124,92,84,84,56,56,56,84,124,84,56,92,124,92","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,5,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,0,1,1,0,1,1,0,0,0,1,1,0,1,1,0,0,1,1,0,1,1,0,0,0,1,1,0","5.861794472,5.759229183,5.867881298,5.702216148,5.875429153,5.754216671,5.819118500,5.958508492,5.832649708,5.805582047,5.875729084,5.797377586,5.796609879,5.155043602,5.748991013,5.105850220,5.758409977,5.819116116,5.891858101,5.702215672,5.716967583,5.862202168,5.155044079,5.141563416,5.119328976,5.772800446,5.887964725,5.772800446,5.119329453,5.783843040,5.817300797,5.830357552",STUN.SignalVoip,78.269,0,Acceptable,VoIP,6,DPI,"5" diff --git a/test/results/flow-analyse/syncthing.pcap.out b/test/results/flow-analyse/syncthing.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/syncthing.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/synscan.pcap.out b/test/results/flow-analyse/synscan.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/synscan.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/syslog.pcap.out b/test/results/flow-analyse/syslog.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/syslog.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/targusdataspeed_false_positives.pcap.out b/test/results/flow-analyse/targusdataspeed_false_positives.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/targusdataspeed_false_positives.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/teams.pcap.out b/test/results/flow-analyse/teams.pcap.out new file mode 100644 index 000000000..9c918492d --- /dev/null +++ b/test/results/flow-analyse/teams.pcap.out @@ -0,0 +1,18 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.6,52.113.194.132,tcp,60533,443,info,15,17,1587041676435900,1587041676535873,1587041676535853,0,0,258,1452,757,10509,0,2,6449.2,29755,8827.8,77930416.0,3.7,"12466,12563,1399,13862,1628,233,14289,254,250,114,2,99,4851,16541,1120,12847,339,301,11408,365,232,23032,26,11077,443,29285,29755,471,122,15,537",40,393.9,1492,548.1,300365.6,3.9,"64,52,40,250,46,1492,1492,40,1492,40,1492,257,40,198,46,366,40,109,40,133,78,298,78,46,40,46,556,40,1492,1492,671,40","10,1,1,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,0,0,0,0,1,1,0,1,1,0,1,1,1,0","4.365527153,4.946223736,4.521928787,5.447622776,4.609350681,7.356091499,7.445232391,4.680641174,7.544306755,4.571928501,7.621133804,7.081102371,4.630641460,6.624766827,4.609350681,7.169972897,4.680641174,6.030838013,4.630641460,6.150182247,5.105917454,7.025798798,5.428217888,4.565872192,4.680641174,4.565872192,7.556540489,4.680641174,7.827769756,7.840335846,7.703694820,4.680641174",,,,,,,,"" +1,ip4,192.168.1.6,52.114.77.33,tcp,60532,443,info,23,9,1587041676362386,1587041676859269,1587041676859222,0,0,1428,1440,23115,4254,0,1,32055.5,221245,54144.2,2931591680.0,3.4,"43237,43341,94039,139750,215,45878,125,102,1406,46781,45438,177198,6,1,221245,44042,6,2,2,21255,21237,4,23005,23005,5,2,3,1223,1159,4,3",52,907.9,1492,687.5,472618.5,4.4,"64,60,52,226,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480","5,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0","5,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0,0,0","4.428027153,5.210652828,4.884933472,5.556665897,7.283374786,7.268235207,4.923395157,7.674625397,4.884933472,5.901349068,5.537203789,4.923394680,7.865010738,7.865353107,7.863998413,5.116508007,7.872262955,7.872727394,7.850155830,7.872891426,5.101991177,7.883207798,7.861774921,5.078046322,7.883695126,7.860937595,7.861885548,7.869150639,5.092563629,7.862890244,7.881820202,7.880939960",,,,,,,,"" +1,ip4,192.168.1.6,52.114.77.33,tcp,60535,443,finished,20,12,1587041677042751,1587041677328754,1587041677327352,0,0,1428,1440,15383,4699,0,2,18406.6,49836,21194.3,449200096.0,3.9,"45263,45409,339,49216,21,48838,224,177,1271,46526,45316,1920,4,2,47729,45783,4,2,3,37748,37711,4,8018,8058,5,734,37027,7756,4339,49836,1321",52,680.6,1492,673.1,453031.8,4.2,"64,60,52,258,1492,1375,64,1492,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,825,52,52,52,497,52,83","7,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0","7,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,1,1,1,1,0,0","4.340968132,5.220872402,4.976373672,5.983667850,7.275708199,7.688739777,5.052015305,7.275113583,4.976373672,6.006431580,5.733948708,5.053297043,7.842315674,7.876612663,7.858495712,5.246409416,7.872724533,7.868679523,7.873967648,7.874578953,5.207947731,7.865746021,7.852710724,5.169486046,7.855942726,7.767035484,5.116507530,5.169486046,5.207947731,7.497245789,4.961856842,5.338891983",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" +1,ip4,192.168.1.6,52.113.194.132,tcp,60536,443,info,15,17,1587041677243705,1587041677297348,1587041677349666,0,0,1440,1452,3034,8925,0,3,5148.5,50397,9740.5,94877928.0,3.3,"11421,11522,225,11256,2751,92,13830,124,124,124,3,141,4803,15532,11803,1342,15,233,10,306,235,4,56,10886,31,10351,1699,244,14,50397,30",40,416.0,1492,569.7,324516.5,3.8,"64,52,40,254,46,1492,1492,40,1492,40,1492,257,40,198,46,133,366,109,40,40,78,1480,1047,124,46,78,40,46,46,46,1492,1055","8,1,2,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","7,1,1,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,0,0,0,0,1,1,0,1,1,1,1,1","4.396777153,4.893245220,4.571928501,5.470339298,4.549461365,7.348021507,7.445699215,4.680641174,7.531925678,4.571928501,7.607865810,7.056878567,4.680641174,6.474961758,4.505983353,6.083388805,7.209881783,5.879484177,4.680641174,4.630641460,5.102818012,7.881052494,7.824805737,6.119441986,4.457919598,5.412868977,4.630641460,4.565872192,4.565871716,4.522393703,7.843515396,7.832207680",,,,,,,,"" +1,ip4,192.168.1.6,52.114.77.33,tcp,60543,443,info,21,11,1587041682369801,1587041682803345,1587041682803309,0,0,1428,1440,20291,4254,0,2,27969.4,152917,40324.3,1626047232.0,3.6,"50532,50647,291,64604,72036,210,136507,124,96,1421,68048,86231,152917,2268,6,3,46387,44112,4,2,3,23630,23615,4,20861,20866,7,7,3,845,765",52,819.7,1492,699.2,488828.9,4.3,"64,60,52,258,52,1492,1492,52,1375,52,145,52,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,1480,1480,1480,1480,52,1480","5,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,14,0,0,0","7,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0,0,0,1,0","4.384982109,5.323234558,4.961856842,5.939832211,5.116507530,7.288343430,7.267649651,5.000318527,7.662917614,4.961856842,5.882802486,5.193430901,5.624773026,4.961856842,7.851280689,7.841383457,7.873037815,5.154969692,7.851320267,7.856824398,7.856104374,7.863511562,5.154969215,7.862011433,7.862949848,5.154969215,7.888728619,7.861488342,7.847744942,7.865393639,5.193430901,7.879679203",,,,,,,,"" +1,ip4,192.168.1.6,52.114.77.58,tcp,60545,443,finished,19,13,1587041682698689,1587041683063920,1587041683109441,0,0,1440,1452,2687,6860,0,7,25031.7,201410,47065.5,2215158784.0,3.2,"45653,45756,213,47886,30,47672,17,83,202,104,167,9896,9950,3499,10390,395,51386,37078,221,190,155,7115,7018,1251,1197,79250,201410,7,34,167536,222",40,340.2,1492,510.3,260451.7,3.8,"64,52,40,259,1492,1492,52,40,40,1492,1492,40,453,40,198,133,503,91,40,109,40,78,78,40,479,40,46,1480,150,206,46,82","11,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","3,3,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,0,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,0,1,1","4.396777153,4.984685898,4.571928501,5.447037697,7.103639126,7.377305508,4.748330116,4.680641174,4.521928787,7.565583706,7.619148254,4.680641174,7.502402782,4.680641174,6.615381718,6.130319118,7.576011658,5.374610424,4.630640984,5.982717991,4.530641556,5.189125538,5.402576923,4.680641174,7.496559143,4.680641174,4.505983353,7.866451740,6.633583069,6.711987019,4.522393703,5.435414791",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" +1,ip4,192.168.1.6,52.114.88.59,tcp,60547,443,finished,18,14,1587041683186164,1587041683511604,1587041683511700,0,0,1428,1440,2582,7792,0,2,20999.2,115070,31123.6,968681216.0,3.5,"34191,34298,279,36871,33,36580,20,190,171,120,2,98,1011,12039,309,36028,22727,226,163,129,10387,10298,599,557,77127,91684,7,49137,80440,115070,185",52,377.2,1492,521.7,272149.2,3.9,"64,60,52,273,1492,1492,64,52,1492,52,1492,302,52,178,145,533,103,52,121,52,90,90,52,414,52,52,1480,247,52,227,52,1139","11,1,1,1,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0","3,2,1,0,0,1,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,0,1,0,0,1,0,1,0,1,0,0,1,1,0,1","4.278468132,5.100120544,4.678913116,5.492300034,7.395298958,7.335471153,4.813810349,4.784870625,7.534573555,4.736229897,7.601704121,7.355720520,4.823332310,6.256767273,6.195283890,7.525622368,5.556344509,4.861793995,6.029422760,4.861793995,5.382391453,5.548377514,4.823332310,7.376307011,4.861793995,5.063529015,7.847518921,6.993651390,4.986605644,6.825597286,4.731892109,7.799232483",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" +1,ip4,192.168.1.6,52.113.194.132,tcp,60542,443,info,15,17,1587041682144166,1587041684314927,1587041684501131,0,0,521,1452,1329,7087,0,3,146055.7,2009785,489503.9,239614050304.0,1.7,"12667,12766,154,12385,2459,251,14879,502,529,250,3,817,4854,17134,1376,20,13097,4,249,321,136,11841,14,11155,108,621,112917,113684,1998116,2009785,174632",40,305.2,1492,468.1,219152.8,3.8,"64,52,40,257,46,1492,1492,40,1492,40,1492,181,40,198,46,366,109,40,40,133,78,561,46,78,40,46,46,440,40,342,46,345","9,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,1,0,1,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,1,0,0,0,0,0,1,1,0,1,1,1,0,0,1,1","4.396777153,4.984685421,4.571928501,5.492863178,4.462504387,7.269914627,7.475378990,4.630641460,7.477076530,4.571928501,7.667408466,6.767431736,4.680641174,6.542833328,4.505983353,7.221371651,5.957443714,4.630641460,4.630640984,6.221683502,5.214766979,7.578815937,4.414441109,5.396905422,4.571928501,4.457919598,4.522393703,7.482207775,4.680641174,7.242818356,4.478915691,7.266457558",,,,,,,,"" +1,ip4,192.168.1.6,13.107.18.11,tcp,60549,443,info,18,14,1587041684306115,1587041684950374,1587041684410372,0,0,1440,1452,3472,5797,0,1,24145.7,539594,94604.1,8949939200.0,1.9,"11504,11610,262,11878,32500,90,44163,247,1,223,3839,7741,325,72,14634,1492,13,4159,11,266,6513,474,6734,4309,9884,14215,10718,10725,539594,6,314",40,331.5,1492,473.5,224192.2,3.9,"64,52,40,251,46,1492,1492,40,1492,80,40,198,133,578,172,46,366,109,40,40,78,46,78,40,46,689,40,359,40,1480,694,248","9,1,1,0,2,0,2,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","5,2,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,1,1,0,0,0,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,0,0,0,0","4.428027153,4.893245220,4.521928310,5.397158146,4.505983353,6.671830177,7.464404583,4.630641460,7.577803612,5.737496376,4.680641174,6.516131401,6.154890537,7.647973537,6.500202656,4.505983353,7.196300030,5.817581654,4.611769199,4.561769485,5.250086308,4.457919598,5.392898560,4.630641460,4.522393227,7.690679073,4.680641174,7.335716724,4.680641174,7.846065521,7.720572472,6.957527637",,,,,,,,"" +1,ip4,192.168.1.6,52.113.194.132,tcp,60554,443,info,14,18,1587041685240465,1587041685469669,1587041685469973,0,0,1082,1452,1426,15976,0,3,14797.2,153955,35697.7,1274323968.0,2.8,"12903,12995,473,12371,1988,1502,15362,129,134,115,3,85,21608,33026,11480,11732,109,11784,570,13396,140399,715,153955,248,230,250,250,503,25,129,243",40,585.7,1492,671.4,450756.0,4.0,"64,52,40,226,46,1492,1492,40,1492,40,1492,168,40,147,46,91,46,91,40,1122,46,1492,1492,40,1317,40,1492,1492,40,40,1492,1492","10,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,10,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,1,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1","4.365527153,4.878727913,4.471928596,5.502106190,4.402616024,7.277978420,7.489027023,4.630640984,7.478912354,4.521928310,7.663036823,6.686788082,4.630640984,6.493359089,4.462505341,5.681205750,4.462504864,5.560394764,4.580641270,7.802004814,4.565872192,7.879904747,7.863986492,4.580641270,7.860152721,4.580640793,7.874552727,7.850657463,4.580641270,4.471928596,7.869473934,7.878328800",,,,,,,,"" +1,ip4,192.168.1.6,52.114.77.33,tcp,60559,443,finished,21,11,1587041686239545,1587041686542441,1587041686541501,0,0,1428,1440,14115,4699,0,2,19511.4,52987,22191.7,492470496.0,3.9,"48601,48710,307,51003,89,50699,16,253,253,1686,49778,48144,1391,5,2,50498,49101,4,2,3,37233,37219,5,11525,11515,965,36039,15972,52987,736,111",52,640.9,1492,667.9,446080.7,4.1,"64,60,52,258,1492,1492,64,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,52,985,52,52,497,52,83,52","9,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,1,1,1,0,0,0","4.396777153,5.256567955,4.923395157,6.033491611,7.275527000,7.277948856,5.071470261,4.945419312,7.645617962,4.976373672,5.915142536,5.707202435,4.976374149,7.861220360,7.878036976,7.850315571,5.131024837,7.877380371,7.857055187,7.886486053,7.876827240,5.169486523,7.849795818,7.874622822,5.078045845,7.791067600,5.131024837,5.207948208,7.563468933,5.053297043,5.290699482,4.969671726",TLS.Microsoft,91.212,1,Safe,Cloud,6,DPI,"15" +1,ip4,192.168.1.6,104.40.187.151,tcp,60562,443,finished,19,13,1587041687436782,1587041687725655,1587041687725568,0,0,1313,1440,2206,7143,0,3,18634.2,125561,31723.1,1006353792.0,3.4,"29516,29616,237,45747,220,45693,117,89,54,132,3,86,615,23250,232,30155,31,6115,4,245,22863,22646,1494,1434,2892,30,32749,246,30074,125513,125561",52,345.2,1492,499.9,249913.2,3.9,"64,60,52,266,1492,1492,64,1492,52,52,1492,281,52,145,145,424,103,121,52,52,90,90,52,548,52,1365,135,52,94,52,510,52","12,1,3,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","2,3,1,0,0,0,0,1,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,0,0,1,1,0,1,0","4.365527153,5.169149399,4.868495941,5.580047131,7.357915878,7.526344776,4.919355392,7.363313675,4.945419312,4.786791325,7.588277340,7.143245697,4.983880997,5.918394089,6.257330894,7.398386002,5.555244923,6.105889320,4.945419312,4.945419312,5.368302345,5.567127228,4.945419312,7.528010845,4.983880997,7.854734421,6.103594780,5.100070000,5.655968666,4.983880520,7.545987606,4.861793995",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.6,52.114.77.33,tcp,60561,443,info,20,12,1587041687245112,1587041687718851,1587041687768506,0,0,1428,1440,17623,4254,0,2,32165.6,161774,44327.4,1964919296.0,3.6,"48418,48527,459,88180,136486,113743,249,161774,129,117,1072,74551,73518,1076,4,2,50124,49022,3,3,12,48400,48413,4,15,2,1599,1536,46881,1065,1749",52,736.7,1492,694.0,481656.1,4.2,"64,60,52,258,258,64,1492,1492,52,1375,52,145,103,52,1480,1480,1480,52,1480,1480,1480,1480,52,1480,1480,1480,1480,52,1462,52,52,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0","0,1,0,0,0,1,1,1,0,1,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,1,1,1","4.396777153,5.256567478,4.923395157,5.966666698,5.971492767,5.091578960,7.290405750,7.275161743,4.961856842,7.668800354,5.000318527,6.002202988,5.583368301,4.961856842,7.860765934,7.857263088,7.894361019,5.193430901,7.864349842,7.853641510,7.869278908,7.874048233,5.054101944,7.853607655,7.866478443,7.865472317,7.878810406,5.154969692,7.853725433,5.193431377,5.154969692,5.154969692",,,,,,,,"" +1,ip4,192.168.1.6,52.114.108.8,tcp,60565,443,finished,18,14,1587041691149774,1587041691305451,1587041691582252,0,0,994,1440,2028,8121,0,3,18972.7,276869,49493.9,2449644032.0,2.9,"19199,19302,171,22008,34,21827,18,184,203,246,14,193,1070,12295,280,19893,29,6313,3,603,11971,11399,1472,1415,54998,62106,42,25528,33,18437,276869",52,370.2,1492,512.1,262257.7,3.9,"64,60,52,274,1492,1492,64,52,1492,52,1492,471,52,178,145,525,103,121,52,52,90,90,52,511,52,52,1046,134,52,94,52,1335","11,1,2,1,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,3,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,0,0,1,1,0,0,0,1,0,1,0,1,0,0,1,1,0,1","4.396777153,5.256567478,4.923395634,5.577177048,7.100010395,7.346216679,4.975505829,4.976374149,7.520713806,4.854287148,7.591184139,7.492725372,4.937912464,6.281796932,6.325607300,7.565563679,5.628156662,5.942033768,4.976374149,4.937912464,5.421134472,5.660066128,5.014835358,7.536164761,4.976373672,5.169486523,7.784315586,6.192806721,5.169486523,5.596017838,5.014835358,7.848025322",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" +1,ip4,192.168.1.6,52.114.76.48,tcp,60544,443,finished,16,16,1587041682376166,1587041682938651,1587041692001418,0,0,1060,1452,2113,7396,0,2,328636.7,8978171,1582353.1,2503841415168.0,0.8,"47150,47228,506,44398,29,43913,16,46,186,124,2,213,4,4433,9743,291,46519,32116,477,409,98,18910,1378,20235,62883,403234,424977,8978171,32,9,7",40,339.2,1492,486.1,236250.5,3.9,"64,52,40,276,1492,1492,52,40,40,1492,1492,309,40,40,198,133,568,91,40,109,40,78,46,409,40,46,1100,46,411,415,86,78","10,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,0,0,0,0,1,0,1,0,0,1,1,0,1,0,1,1,1,1,1","4.334277153,4.946223736,4.571928501,5.576080799,7.377434731,7.334023952,4.748329639,4.630640984,4.571928501,7.530410290,7.590536594,7.109602451,4.680641174,4.630641460,6.484649181,6.111595631,7.563093662,5.442209721,4.630641460,5.902398109,4.630641460,5.214766979,4.462505341,7.402733803,4.680641174,4.505983353,7.828750610,4.609350681,7.428915024,7.453095436,5.564571857,5.463537216",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"" +1,ip4,192.168.1.6,52.114.250.123,tcp,50018,443,finished,19,13,1587041693516414,1587041693824623,1587041695435566,0,0,187,1452,477,6361,0,1,71850.4,1566873,274680.6,75449425920.0,1.9,"44968,45079,183,47440,47249,164,13,124,2,107,17,104,3,107,2,120,2,1,8026,8,35,52434,1246,45626,48613,92238,43679,69083,272,113543,1566873",40,256.9,1492,427.0,182315.3,3.7,"64,52,40,227,1492,52,1492,588,52,52,1492,588,52,40,588,166,40,40,40,147,46,85,46,91,40,141,224,40,71,40,46,46","15,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,0,0,0,0,1,1,0,0,1,0,0,0,1,1","4.396777153,4.946223736,4.453056812,5.436062336,7.472877979,4.624014378,7.357961178,6.174726009,4.707639694,4.669178009,7.651301384,7.035131931,4.669178009,4.492897511,7.576755524,6.572272301,4.384184361,4.492897511,4.492897034,6.376044750,4.495644569,5.773638725,4.565871716,5.388861179,4.561769009,6.442826271,6.864662647,4.511769295,5.438062191,4.384184361,4.565872192,4.565872192",TLS.Teams,91.250,1,Safe,Collaborative,6,DPI,"15" +1,ip4,93.71.110.205,192.168.1.6,udp,16332,50016,finished,25,7,1587041695305290,1587041697913583,1587041697668816,38,0,1214,1214,4324,2890,0,1,160381.3,1168245,365653.3,133702352896.0,2.7,"24795,221,101349,1168245,1167037,967065,50759,1119237,13,25,50990,80302,1990,2655,3736,4,1,2,10681,24170,9306,21453,4525,19907,25341,9245,24382,24626,9496,26004,24257",66,253.4,1242,374.4,140199.2,4.0,"140,116,140,116,144,116,138,136,66,1242,1242,136,101,66,1242,1242,70,194,126,94,96,103,108,110,102,98,112,106,103,101,102,102","0,2,16,4,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.443928242,5.441569805,5.550033092,5.533423424,5.469605446,5.457950115,6.418050289,5.494081497,5.274568558,7.835727215,7.805037022,5.427760124,6.064149857,5.328952789,7.830739975,7.834946632,5.426148415,6.862842083,6.378197670,5.942782402,6.043297768,6.096649170,5.395052433,6.251680851,6.123402596,6.007471561,6.260177612,6.012121677,6.079421997,6.215091705,6.135609150,6.155217648",STUN.Skype_TeamsCall,78.38,0,Acceptable,VoIP,6,DPI,"5" diff --git a/test/results/flow-analyse/teamspeak3.pcap.out b/test/results/flow-analyse/teamspeak3.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/teamspeak3.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/teamviewer.pcap.out b/test/results/flow-analyse/teamviewer.pcap.out new file mode 100644 index 000000000..9efe640b3 --- /dev/null +++ b/test/results/flow-analyse/teamviewer.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.0.2.15,162.250.2.170,tcp,35732,5938,finished,15,17,330297046,331331838,331332084,0,0,1460,1460,6059,4420,0,25,66768.7,274397,88285.8,7794386432.0,3.8,"136273,137235,573,1795,12093,11937,35737,56,35774,25,88318,88631,11617,11587,151937,89,151972,35682,35919,255841,274397,18558,256484,257570,1057,306,258,28908,45,29127,29",40,369.0,1500,516.4,266637.3,3.8,"60,44,46,77,40,106,40,1500,418,40,40,88,46,187,46,1500,1276,46,1118,40,1129,1141,40,480,96,40,88,40,1500,415,40,40","5,3,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,2,0,0","11,1,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,0","0,1,0,0,1,0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,0,1,1","4.625016212,4.740079880,4.284006119,4.619223595,4.580641747,3.968942165,4.580641747,7.564378738,7.341676235,4.461769581,4.530641556,4.904301167,4.311073780,3.852114439,4.354552269,7.724319935,7.804080486,4.398030758,7.655926228,4.661769390,7.519716263,7.677883148,4.661769390,6.491265774,4.556527615,4.661769390,3.810093641,4.611769676,7.550663948,7.375458717,4.661769390,4.661769390",TeamViewer,148,1,Acceptable,RemoteAccess,6,DPI,"" +1,ip4,10.0.2.15,93.47.224.241,udp,34417,36037,finished,1,31,520136114,520136114,521274313,96,0,96,1024,96,13050,0,7,36716.1,442863,96766.6,9363771392.0,2.6,"12327,12251,57,40726,3898,3159,6600,81845,9028,72,7415,9247,442863,41858,345075,64,9,8,11,9,7,2034,57,13,9567,57,8,51028,58831,63,12",44,438.8,1052,450.4,202865.5,4.2,"124,124,492,1052,48,84,76,76,76,177,104,52,52,76,76,1052,1052,1052,1052,1052,1052,1052,1052,1052,1052,168,104,104,44,225,117,71","0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,7,4,1,2,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","2.665547609,2.681676626,0.777366042,0.400940508,3.903489351,2.792044401,3.098856926,2.998324156,3.315334082,4.078965187,4.029050350,3.961237431,3.922775745,3.062608480,3.152767181,0.385090381,0.379928052,0.378026903,0.379928052,0.378026903,0.379928052,0.379928052,0.379928052,0.378026903,0.390793800,4.132575512,3.859765768,5.537042618,4.036628723,3.928550959,4.210556507,4.727299213",TeamViewer,148,1,Acceptable,RemoteAccess,6,DPI,"5,30" diff --git a/test/results/flow-analyse/telegram.pcap.out b/test/results/flow-analyse/telegram.pcap.out new file mode 100644 index 000000000..474d09676 --- /dev/null +++ b/test/results/flow-analyse/telegram.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.75,224.0.0.251,udp,5353,5353,finished,32,0,1588779596708234,1588779604771519,1588779596708234,100,0,266,0,5014,0,0,424,260106.0,1089013,238284.9,56779681792.0,4.4,"549364,840,252816,249231,102809,152763,104881,141371,2649,102162,252500,506171,1089013,524484,451,254547,249123,108883,146831,101026,145194,2416,102114,255962,497942,504741,600172,564928,424,248284,249193",128,184.7,294,56.4,3176.8,4.9,"128,219,294,155,139,155,139,197,170,294,139,153,261,128,219,294,155,139,155,139,197,170,294,139,153,197,153,128,219,294,155,139","0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.085784912,5.440144539,5.167281628,5.217712402,4.744915485,5.209679604,4.709530830,5.181225777,5.157635212,5.184309006,4.657408237,4.791635990,5.077552319,5.091682434,5.425326347,5.176321030,5.207327843,4.744915009,5.230615616,4.669892788,5.180718899,5.192929745,5.173479080,4.723919392,4.791635990,5.190871239,4.722968102,5.085784912,5.449277401,5.181741714,5.181521416,4.739484310",MDNS,8,0,Acceptable,Network,6,DPI,"" +1,ip6,fe80::4ba:91a:7817:e318,ff02::fb,udp,5353,5353,finished,32,0,1588779596708683,1588779604771558,1588779596708683,100,0,266,0,5014,0,0,368,260092.7,1088510,238249.1,56762626048.0,4.4,"549636,368,252675,249340,102637,153314,104807,140890,2645,102602,252497,506250,1088510,524637,499,254511,249377,108993,147062,100772,145197,1893,102609,256062,497966,504718,600438,564206,375,249009,248380",148,204.7,314,56.4,3176.8,4.9,"148,239,314,175,159,175,159,217,190,314,159,173,281,148,239,314,175,159,175,159,217,190,314,159,173,217,173,148,239,314,175,159","0,0,0,18,2,6,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.905550957,5.334246159,5.128689289,5.078598976,4.487797260,5.078598976,4.471708298,5.059122086,5.029262066,5.128689289,4.471708298,4.521756649,4.957518101,4.905550957,5.322719574,5.127128124,5.090027332,4.483049393,5.090027332,4.471708298,5.044167519,5.029262066,5.127128124,4.471708298,4.533317089,5.044167519,4.533317089,4.886936188,5.334246159,5.125041962,5.090027332,4.500375748",MDNS,8,0,Acceptable,Network,6,DPI,"" +1,ip4,192.168.1.77,91.108.8.7,udp,23174,521,finished,10,22,1588779616036528,1588779617856756,1588779617876992,32,0,96,192,672,3040,0,658,118086.8,500928,112055.1,12556351488.0,4.4,"33725,303789,500928,195774,135671,308435,212114,658,38919,154099,154494,74510,133656,63749,29902,38640,63854,177395,37753,25997,43596,64156,189778,58771,4478,63507,64504,42995,64523,315929,64393",60,144.0,220,57.3,3288.0,4.9,"68,92,124,68,92,124,124,60,124,76,68,92,220,124,220,124,220,204,124,124,204,220,204,68,92,204,204,188,204,204,124,220","0,5,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,4,4,0,8,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,1,1,0,1,1,1,1,0,1,1,1,1,1,1,0,1","4.868813038,5.080193996,6.484322071,4.938737869,5.058454990,6.613354206,6.541945457,4.581729889,6.581096649,5.095970154,4.909326553,5.058454990,7.109486580,6.431981564,6.988621235,6.484322548,7.029896736,7.015371323,6.468193054,6.439083576,6.959566116,7.054485798,6.952973843,4.898225307,5.050249577,6.888344765,6.828825951,6.886248589,6.965054512,6.968754292,6.432657719,7.008387089",Telegram,185,1,Acceptable,Chat,6,DPI,"" +1,ip4,192.168.1.77,192.168.1.52,udp,23174,31480,info,13,19,1588779617174153,1588779621221417,1588779621214760,48,0,192,240,2016,3216,0,42308,260899.1,1998754,472680.0,223426379776.0,3.6,"176557,505731,492773,1175336,327643,331901,1681273,64229,63452,64312,42308,63943,1998754,63768,58341,64131,69558,64360,57812,43094,58078,62201,58103,63786,58195,64166,58195,62003,69553,66619,57696",76,191.5,268,54.5,2971.8,4.9,"108,108,108,76,92,76,92,220,252,268,252,252,236,204,220,220,220,204,188,220,204,204,204,220,204,204,204,204,220,204,220,220","0,1,2,0,0,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,3,0,0,5,6,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,1,0,0,1,1,1,1,1,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","6.355636597,6.144942760,6.288552284,5.822080135,6.003186226,5.769448280,5.982532501,6.929369450,7.114085197,7.222516537,7.114981174,7.110270023,7.085702419,6.970178127,6.995306969,7.109033108,6.973239422,6.927752018,6.818934441,7.038531780,6.999271870,7.012288094,6.925349712,6.947623730,6.895937443,6.919244766,6.867631435,6.885515690,7.022007465,6.852213383,7.018121719,7.103372574",,,,,,,,"" +1,ip4,192.168.1.77,91.108.8.8,udp,28150,529,finished,23,9,1588779637543816,1588779639059745,1588779639085148,32,0,192,96,3024,688,0,8183,98621.3,504672,137715.2,18965475328.0,4.0,"38704,504672,472194,31371,48787,83063,90104,75511,57499,58021,58053,58125,51991,386634,9517,8470,27260,36050,21667,40197,58112,58011,58152,57862,69999,57869,58016,8183,436304,11258,25605",60,144.0,220,55.4,3064.0,4.9,"68,92,68,124,92,124,124,60,204,204,204,220,204,68,124,124,204,92,124,204,76,204,204,188,204,188,204,204,68,124,124,92","0,5,0,4,0,13,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,4,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,1,0,0,0,0,0,0,0,1,0,0,1,0,0,1,0,0,0,0,0,0,0,0,1,0,1","4.808521748,5.009398460,4.808521271,6.399723530,4.941553116,6.478234291,6.493558407,4.513398170,6.960375786,6.945446968,6.939341545,6.983797073,6.888330936,4.878446102,6.548838615,6.455212116,7.004271030,5.031137943,6.436948776,6.903464317,5.093001842,6.935152531,6.904445171,6.829572678,6.978069782,6.828165054,6.847532749,7.033680439,4.937269211,6.449124336,6.467387676,4.965919971",Telegram,185,1,Acceptable,Chat,6,DPI,"" +1,ip4,192.168.1.77,91.108.8.1,udp,28150,533,finished,8,24,1588779637543824,1588779639102885,1588779639500175,32,0,96,176,480,3200,0,7087,113400.4,504936,151181.6,22855886848.0,4.1,"34096,504936,476895,26281,48588,90140,359286,474896,22927,53992,44091,48774,32735,70515,63740,63677,64572,42031,447918,51385,12513,7087,54201,56023,36226,28925,63945,41904,63934,64562,64617",60,143.0,204,54.2,2943.0,4.9,"68,92,68,124,92,124,60,68,124,92,124,76,124,204,204,188,204,204,204,68,124,204,92,124,204,124,204,204,188,204,188,204","0,5,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,4,5,0,14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,1,1,1,0,1,1,1,1,1,1,1,1","4.966681004,5.096354961,4.937269211,6.506538868,5.044672012,6.487470627,4.580064774,4.937269211,6.484322548,5.052877426,6.310050964,5.093001842,6.474280834,6.938044071,6.986575603,6.864440918,6.966351032,6.935151577,6.996869087,4.937269211,6.502585888,6.988362312,5.031137943,6.294727325,6.920350552,6.415852547,6.915544987,6.900125980,6.926725864,7.031893730,6.898294926,7.013583183",Telegram,185,1,Acceptable,Chat,6,DPI,"" diff --git a/test/results/flow-analyse/telnet.pcap.out b/test/results/flow-analyse/telnet.pcap.out new file mode 100644 index 000000000..b2a28eb13 --- /dev/null +++ b/test/results/flow-analyse/telnet.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.2,192.168.0.1,tcp,1550,23,info,17,15,943755158387203,943755160950568,943755159705066,0,0,85,32,203,139,0,172,125200.9,1232764,336743.6,113396252672.0,2.2,"2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372",52,63.2,137,18.8,354.0,4.9,"60,60,52,79,55,52,55,52,77,116,52,70,61,52,76,52,137,52,55,55,52,64,58,52,67,52,84,52,59,52,58,52","15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0","4.315444469,4.777318954,4.791129112,5.044729233,4.800010681,4.791129112,4.871557236,4.662475586,5.051413059,5.269734383,4.647958755,5.011583805,5.044849873,4.777860641,4.820554256,4.791128635,5.556590080,4.868052006,4.850099087,4.862643719,4.777860641,4.944003105,4.924550533,4.739398956,4.948766708,4.791129112,5.493695259,4.829590797,5.035621166,4.686420441,5.042736053,4.829590321",,,,,,,,"" diff --git a/test/results/flow-analyse/teredo.pcap.out b/test/results/flow-analyse/teredo.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/teredo.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tftp.pcap.out b/test/results/flow-analyse/tftp.pcap.out new file mode 100644 index 000000000..8dae6218e --- /dev/null +++ b/test/results/flow-analyse/tftp.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.10,192.168.0.253,udp,3445,50618,finished,16,16,946730124846355,946730124846355,946730124846355,516,0,516,4,8256,64,0,0,0.0,0,0.0,0.0,0.0,"0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0",46,295.0,544,249.0,62001.0,4.4,"544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46,544,46","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.265709877,3.000972986,4.623624802,3.000972986,4.859318733,3.000972986,4.935849667,2.941084146,4.381216049,2.957494497,4.600720406,3.000972986,4.634294987,3.000972986,4.567757130,3.000972986,4.459813595,3.000972986,4.388016701,2.941084146,4.358253002,3.000972986,4.537627220,2.941084146,4.658279419,2.941084146,4.567505836,3.000972986,4.506970406,3.000972986,4.253873825,3.000972986",TFTP,96,0,Acceptable,DataTransfer,6,DPI,"5" diff --git a/test/results/flow-analyse/threema.pcap.out b/test/results/flow-analyse/threema.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/threema.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tinc.pcap.out b/test/results/flow-analyse/tinc.pcap.out new file mode 100644 index 000000000..37dded29f --- /dev/null +++ b/test/results/flow-analyse/tinc.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,131.114.168.27,185.83.218.112,udp,55655,55655,finished,17,15,1495983428000367,1495983431160747,1495983430158623,148,0,1468,1460,19148,16284,0,23,171568.9,1069532,377387.1,142420983808.0,2.5,"157,27472,47,25,27522,244,68,237,181,126,15445,30,41839,33,23,1057953,304,258,1003680,53,1840,184,45315,102,25,1024085,82,1069532,137,1001358,279",176,1135.2,1496,450.4,202833.5,4.9,"672,720,224,1472,768,216,1256,176,1296,1464,760,672,720,1264,176,1296,1344,1464,1360,1472,1488,1472,1480,1344,1472,1360,1488,1488,1488,1480,1496,1480","0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,2,6,0,0","0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,2,0,0,0,6,0,0","0,0,1,1,1,0,0,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,0,1,1,1,1,1,0,0,0,0","7.665557861,7.732561588,7.082343578,7.846774578,7.752214432,6.906925201,7.855091572,6.755141735,7.856310368,7.846433163,7.747685909,7.710433006,7.733560562,7.868661880,6.790736675,7.858621597,7.869617462,7.873907566,7.874854565,7.877315998,7.870153904,7.874608040,7.878478050,7.845719337,7.883452892,7.855854511,7.886187077,7.874522686,7.870358467,7.871251106,7.874283314,7.868322849",TINC,209,0,Acceptable,VPN,5,DPI (cache),"5" +1,ip4,185.83.218.112,131.114.168.27,udp,55656,55656,finished,12,20,1495983428043218,1495983432571150,1495983432526055,148,0,1444,1452,10944,20512,0,24,290670.0,2412459,558680.6,312123949056.0,2.9,"50,27,594,482,207,142,1049148,39,24,1048033,86,239,119,120,91,44079,43,25,1044735,279,1021999,20586,1001463,275,241,363633,1001240,149,123,2412459,39",104,1011.0,1480,450.3,202783.0,4.8,"752,1472,944,720,1256,1472,944,1056,656,320,1048,176,1296,512,656,320,176,1296,512,1464,1360,1360,1360,1472,1336,1304,104,1480,1464,1328,1376,1360","0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,1,0,2,1,0,0,1,0,0","0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,1,0,1,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,1,2,2,2,0,0,2,3,0,0","0,0,0,1,1,1,1,0,0,0,1,1,1,1,1,1,0,0,0,1,1,0,1,1,1,1,1,1,1,1,0,0","7.690577507,7.881368160,7.775002003,7.728326797,7.851398468,7.867018700,7.774654388,7.831391335,7.688314915,7.329430103,7.812694550,6.669548035,7.843146801,7.557564259,7.679370403,7.194211483,6.957363605,7.850227833,7.572175503,7.873534679,7.858608246,7.866045952,7.839975357,7.845044613,7.866905689,7.841031551,6.193184853,7.882274628,7.896846294,7.859506130,7.852632523,7.876025200",TINC,209,0,Acceptable,VPN,5,DPI (cache),"5" diff --git a/test/results/flow-analyse/tk.pcap.out b/test/results/flow-analyse/tk.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tk.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls-appdata.pcap.out b/test/results/flow-analyse/tls-appdata.pcap.out new file mode 100644 index 000000000..9726e0d6c --- /dev/null +++ b/test/results/flow-analyse/tls-appdata.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.100,52.223.198.7,tcp,58976,443,info,17,15,1643610288722000,1643610304703000,1643610304703000,0,0,1452,2904,4416,30419,1,0,1031032.2,15956000,3917522.5,15346982453248.0,1.0,"2000,15000,3000,0,16000,0,0,0,0,1000,1000,0,0,0,0,0,0,0,0,0,0,0,0,15941000,1000,15956000,5000,0,19000,1000,1000",40,1129.2,2944,1252.1,1567845.6,4.0,"1492,60,46,1492,2944,40,2944,40,40,2944,2871,40,40,40,40,1492,60,46,1492,2944,40,2944,40,2944,1492,60,46,1492,2944,40,2944,40","14,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,9","0,0,1,1,1,0,1,0,0,1,1,0,0,0,0,0,0,1,1,1,0,1,0,1,0,0,1,1,1,0,1,0","7.874306679,5.500818253,4.652828693,7.888679028,7.939795017,4.981687069,7.939328194,4.931686878,4.931686878,7.934259415,7.938295841,4.981687069,4.931687355,4.931687355,4.981687069,7.885500431,5.513399124,4.565871716,7.865909100,7.927158833,4.881687164,7.936643124,4.881687164,7.934941769,7.882087708,5.613399506,4.522394180,7.860544682,7.936390877,4.881687641,7.928893089,4.912815094",,,,,,,,"" diff --git a/test/results/flow-analyse/tls-esni-fuzzed.pcap.out b/test/results/flow-analyse/tls-esni-fuzzed.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls-esni-fuzzed.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls-rdn-extract.pcap.out b/test/results/flow-analyse/tls-rdn-extract.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls-rdn-extract.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_2_reasms.pcapng.out b/test/results/flow-analyse/tls_2_reasms.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_2_reasms.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_2_reasms_b.pcapng.out b/test/results/flow-analyse/tls_2_reasms_b.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_2_reasms_b.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_alert.pcap.out b/test/results/flow-analyse/tls_alert.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_alert.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_certificate_too_long.pcap.out b/test/results/flow-analyse/tls_certificate_too_long.pcap.out new file mode 100644 index 000000000..00734a16b --- /dev/null +++ b/test/results/flow-analyse/tls_certificate_too_long.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.121,52.98.163.18,tcp,53429,443,finished,7,25,1626168078673569,1626168078741395,1626168078741532,0,0,1448,1318,6192,5635,1,0,4380.3,66556,14076.5,198149200.0,1.7,"0,1268,0,1,22712,2791,42219,7,1,1,2,1,1,3,1,2,0,1,1,1,1,2,1,1,1,66556,1,207,4,1,1",40,409.6,1488,443.8,196953.1,4.3,"1488,922,1488,1488,1006,40,40,1358,152,98,255,267,271,267,253,259,273,259,261,261,257,267,259,269,259,100,40,40,240,261,327,82","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0","2,3,0,1,0,0,11,6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,1,1,1,1","7.844867706,7.768162727,7.838919640,7.877963066,7.801912785,4.931687355,4.931687355,7.872855663,6.611027718,5.917587280,7.063786030,7.077864647,7.070313454,7.063032150,7.077404976,7.132514954,7.133229256,7.145859718,7.155868053,7.036940575,7.138390064,7.124177456,7.128092766,7.045049191,6.969915390,5.878566742,4.680641174,4.680641174,7.009124756,7.071732044,7.305675030,5.664766788",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.121,52.98.163.18,tcp,53428,443,finished,12,20,1626168078673880,1626168078802752,1626168078815501,0,0,1448,1312,8443,4308,1,1,8725.6,48024,14356.9,206121952.0,3.3,"1,1055,23210,47617,37039,8,1,2,1,1,11720,448,454,9939,10211,1,619,25332,48024,32224,8,8662,433,9,3,3,2,1,2,508,12955",40,439.2,1488,490.6,240677.5,4.2,"1488,922,1278,40,1278,1352,175,259,438,82,85,40,74,40,52,1488,921,694,40,694,989,431,40,179,239,281,123,82,85,74,40,52","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,2,0,0","4,6,1,0,2,0,2,1,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0","0,0,0,1,0,1,1,1,1,1,1,0,1,0,1,0,0,0,1,0,1,1,0,1,1,1,1,1,1,1,0,1","7.851675034,7.762215614,7.854618549,4.931687355,7.853376865,7.847486019,6.592478275,7.073016644,7.479730606,5.652988434,5.603165150,4.680641174,5.374660492,4.680641174,4.887658596,7.882281303,7.798806667,7.618238926,4.862814903,7.611861229,7.774961472,7.463752747,4.630641460,6.593664169,7.007197857,7.177185059,6.230616570,5.640376568,5.764585972,5.533047199,4.680641174,4.962661743",TLS,91,1,Safe,Web,6,DPI,"" diff --git a/test/results/flow-analyse/tls_cipher_lens.pcap.out b/test/results/flow-analyse/tls_cipher_lens.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_cipher_lens.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_client_certificate_with_missing_server_one.pcapng.out b/test/results/flow-analyse/tls_client_certificate_with_missing_server_one.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_client_certificate_with_missing_server_one.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_esni_sni_both.pcap.out b/test/results/flow-analyse/tls_esni_sni_both.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_esni_sni_both.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_false_positives.pcapng.out b/test/results/flow-analyse/tls_false_positives.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_false_positives.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_invalid_reads.pcap.out b/test/results/flow-analyse/tls_invalid_reads.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_invalid_reads.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_long_cert.pcap.out b/test/results/flow-analyse/tls_long_cert.pcap.out new file mode 100644 index 000000000..aefbd1ef3 --- /dev/null +++ b/test/results/flow-analyse/tls_long_cert.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.126,104.111.215.93,tcp,60174,443,finished,16,16,1553619078033240,1553619078157096,1553619078157742,0,0,836,1448,1610,13760,0,1,8011.5,34221,11402.3,130012760.0,3.6,"25199,25284,303,30105,3339,1074,34221,792,742,1850,1850,782,8352,423,28143,18603,6453,607,7069,119,26007,3,43,25894,1,59,186,154,696,4,1",52,532.9,1500,584.9,342142.3,4.1,"64,60,52,569,52,1500,1500,52,1252,52,841,52,178,145,888,294,52,52,129,52,90,1105,1105,1500,52,52,52,710,52,1500,1500,1500","11,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,1,0,0,0,0,0,0,0,6,0,0","0,1,0,0,1,1,1,0,1,0,1,0,0,0,0,1,0,1,1,0,0,1,1,1,0,0,0,1,0,1,1,1","4.464972496,5.400120735,5.115703106,4.441882610,5.233812809,6.523200512,6.789650440,5.070538998,7.259748936,5.109000683,7.672616482,5.192625999,6.387032032,6.158265114,7.732074261,7.074759483,5.192625999,5.272274494,6.411020756,5.192625999,5.541742325,7.789433956,7.819917679,7.870871544,5.154164314,5.154164314,5.032077789,7.695037842,5.154164314,7.862812519,7.871836662,7.867298126",TLS,91,1,Safe,Web,6,DPI,"" diff --git a/test/results/flow-analyse/tls_missing_ch_frag.pcap.out b/test/results/flow-analyse/tls_missing_ch_frag.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_missing_ch_frag.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_multiple_synack_different_seq.pcapng.out b/test/results/flow-analyse/tls_multiple_synack_different_seq.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_multiple_synack_different_seq.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_port_80.pcapng.out b/test/results/flow-analyse/tls_port_80.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_port_80.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_torrent.pcapng.out b/test/results/flow-analyse/tls_torrent.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_torrent.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_unidirectional.pcap.out b/test/results/flow-analyse/tls_unidirectional.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/tls_unidirectional.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tls_verylong_certificate.pcap.out b/test/results/flow-analyse/tls_verylong_certificate.pcap.out new file mode 100644 index 000000000..ff8030d12 --- /dev/null +++ b/test/results/flow-analyse/tls_verylong_certificate.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.160,151.101.66.49,tcp,54804,443,info,15,17,1578254908457751,1578254908528417,1578254908528437,0,0,517,1368,813,14097,0,2,4559.7,21714,6622.1,43852844.0,3.5,"11591,11712,5740,17683,3137,204,15209,67,53,134,2,140,10611,21714,11194,334,14931,21,2,14564,19,7,256,346,4,564,2,480,517,112,2",52,518.6,1420,615.3,378610.9,4.0,"64,60,52,569,52,1420,1420,52,1420,52,1420,262,52,178,103,52,222,1420,1420,104,52,52,52,1420,1420,104,52,52,1420,52,1420,104","12,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0,0","0,1,0,0,1,1,1,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.398337364,5.146034718,4.868495941,4.434582233,5.025067329,6.773365974,4.940563202,4.983880520,6.553000927,4.900255680,7.433587551,7.043814659,4.983880520,6.336580276,5.976200581,5.022342205,6.883139610,7.866776943,7.867276192,6.143959045,4.906957150,4.791572571,4.731892109,7.850933075,7.865261078,6.040546417,4.906957626,4.906957626,7.852932453,4.823332310,7.877495766,6.208910465",,,,,,,,"" diff --git a/test/results/flow-analyse/toca-boca.pcap.out b/test/results/flow-analyse/toca-boca.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/toca-boca.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/tor.pcap.out b/test/results/flow-analyse/tor.pcap.out new file mode 100644 index 000000000..662fd47f3 --- /dev/null +++ b/test/results/flow-analyse/tor.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.252,38.229.70.53,tcp,51112,443,finished,14,18,1383821668403824,1383821704424659,1383821704566665,0,0,586,1460,4598,5464,0,113,2328505.8,31166013,7549668.5,56997495963648.0,1.9,"143824,144206,386,152663,157,159633,171698,164686,190851,113,190713,627,185098,185495,145105,5747,151688,184201,104686,289985,146556,2535956,2930532,30770666,31166013,871,147027,185685,696487,885191,147130",40,355.8,1500,354.9,125974.5,4.3,"52,52,46,264,40,969,238,99,114,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40","4,0,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1","4.463158131,4.830034256,4.398030758,5.447000027,4.784183979,7.571198463,6.865525723,5.932188988,6.092850685,7.880095005,6.536722183,4.338141918,7.694956303,4.765311718,7.651318550,4.834183693,7.635929585,7.668802738,4.680641174,7.700941086,7.633764267,4.834183693,7.670955658,4.311074257,7.633520603,4.630640984,7.649660587,7.669915199,4.784183979,7.648267269,7.643295765,4.684184074",TLS.Tor,91.163,1,Potentially Dangerous,VPN,6,DPI,"7,16,22" +1,ip4,192.168.1.252,91.143.93.242,tcp,51110,443,finished,14,18,1383821665420161,1383821704889950,1383821704958016,0,0,586,1460,3939,9093,0,120,2548633.8,37995839,9273754.0,86002509021184.0,1.4,"70996,71325,6669,104314,10783,112643,88567,84606,73691,120,73665,754,108431,107711,67797,2260,74630,103567,101811,113368,368689,686539,37720424,37995839,68191,67504,104050,189003,360821,68695,181",40,448.8,1500,476.2,226793.4,4.2,"52,52,46,255,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,626,626,40,626,46,626,40,626,40,626,1500,46,1500,1500","5,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,0,1,0,1,1,1,0,1,1","4.540081501,4.945419312,4.484987259,5.397112370,4.884183884,7.396267891,6.599942207,5.960015774,6.090528011,7.870100975,6.529747963,4.484987259,7.677678108,4.884183884,7.605023384,4.884183884,7.649974346,7.648893833,7.709483624,7.672764301,4.834183693,7.653419495,4.441509247,7.662259102,4.884183884,7.661063194,4.884183884,7.656208992,7.855939388,4.484987259,7.873313904,7.885534286",TLS,91,1,Safe,Web,6,DPI,"7" +1,ip4,192.168.1.252,46.59.52.31,tcp,51111,443,finished,15,17,1383821666407384,1383821774388112,1383821702813857,0,0,586,1460,3946,5300,0,90,4657651.5,71328355,14789051.0,218716025389056.0,1.8,"73367,74408,357,74070,3203,80209,86098,83238,77261,90,76164,838,117183,116350,75240,23977,101877,114494,465564,429267,3455,80828,117031,388775,507320,75910,393949,666205,34353103,34399015,71328355",40,330.6,1500,347.1,120444.2,4.2,"52,52,46,262,40,789,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,40,626,626,40,626,626,40,626,46,626,46,46","6,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,0,0","4.540081024,4.892440796,4.398030758,5.485852242,4.734183788,7.345484734,6.684501171,5.938382626,6.188065529,7.865236759,6.545697212,4.398030758,7.637940407,4.784183979,7.634158611,4.784183979,7.710437775,7.659512520,4.784183979,7.657443523,4.834184170,7.637063503,7.660885811,4.834184170,7.674984455,7.682085514,4.765312195,7.644844532,4.544876099,7.636578560,4.347350597,4.457919598",TLS.Tor,91.163,1,Potentially Dangerous,VPN,6,DPI,"7,16,22" +1,ip4,192.168.1.252,91.143.93.242,tcp,51175,443,finished,14,18,1383822129897135,1383822132138706,1383822132203451,0,0,586,1460,4523,5299,0,146,146706.0,990883,220400.9,48576569344.0,3.9,"64392,65808,9514,82112,4238,79785,91000,88446,79568,146,78186,925,110026,109380,69120,1548,80197,113582,35660,145791,70785,343658,637547,693937,990883,1625,71983,109022,69049,180072,69902",40,348.2,1500,347.1,120448.8,4.3,"52,52,46,253,40,788,174,99,114,1500,142,46,626,40,626,40,626,626,40,626,626,40,626,46,626,40,626,626,40,626,626,40","4,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,1,0,1,1,0,0,1,1,0,1,1,0,1","4.477674961,4.945419312,4.398030758,5.406278133,4.834183693,7.371150017,6.711827278,5.947438717,6.057762146,7.837278366,6.586953163,4.398030758,7.662993908,4.834183693,7.681317329,4.734183788,7.663327694,7.608054161,4.734183788,7.639224529,7.648303986,4.734183788,7.669913292,4.441509247,7.652542591,4.834183693,7.641192913,7.661419868,4.784183979,7.663778782,7.666988373,4.734183788",TLS.Tor,91.163,1,Potentially Dangerous,VPN,6,DPI,"7,16,22" +1,ip4,192.168.1.252,38.229.70.53,tcp,51176,443,finished,14,18,1383822130889737,1383822133768898,1383822133768590,0,0,586,1460,3998,5464,0,215,185742.4,755290,163607.9,26767544320.0,4.5,"143944,144327,714,149478,37247,195972,163599,153986,192261,56166,215,255054,2118,152835,143919,143900,44572,192109,147551,608487,755290,145485,149387,149841,132696,281585,155046,87778,477208,367752,127492",40,337.4,1500,355.4,126324.2,4.2,"52,52,46,250,40,969,238,99,114,40,1500,126,46,626,40,626,40,626,626,40,626,626,40,626,40,626,626,40,626,46,626,52","5,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,1,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,1,0,1,0","4.593060017,4.815517426,4.414441109,5.291395664,4.834184170,7.550148964,6.920053005,5.919612408,6.132238388,4.884183884,7.868963718,6.428377628,4.330940247,7.664852619,4.730641365,7.653878212,4.780641079,7.642474174,7.667881489,4.784183979,7.644913673,7.622496128,4.884183884,7.554065228,4.784183979,7.660291672,7.637899399,4.884183884,7.647337437,4.544876099,7.647919655,4.743239880",TLS,91,1,Safe,Web,6,DPI,"7" +1,ip4,192.168.1.252,212.83.155.250,tcp,51174,443,finished,16,16,1383822129889928,1383822265160118,1383822265159585,0,0,586,1460,2761,5864,0,319,8727092.0,72890007,22568808.0,509351076823040.0,2.1,"59390,61607,13819,72120,2062,62909,63545,60042,79423,319,78805,1749,98338,96626,56518,4501,61844,64873,64036,73717,275721,252847,50798,9733,261423,61538274,61491411,72591366,72890007,3990,98034",40,312.0,1500,345.9,119666.8,4.2,"52,52,46,249,40,783,174,99,114,1500,126,46,626,40,626,40,626,626,626,626,626,46,626,52,626,46,626,46,46,40,40,46","9,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","0,1,0,0,1,1,0,1,0,1,1,0,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0,1,1,0","4.501619816,4.930902481,4.441508770,5.332808495,4.834183693,7.397306919,6.658778667,6.048449516,6.157279968,7.876633167,6.546604156,4.441508770,7.673907757,4.834183693,7.638509750,4.884183884,7.663495541,7.670399189,7.645442486,7.664111614,7.640780926,4.484987259,7.650365353,4.880648136,7.645416737,4.544876099,7.673004150,4.457919598,4.457919598,4.734183788,4.734183788,4.501397610",TLS,91,1,Safe,Web,6,DPI,"7" diff --git a/test/results/flow-analyse/trickbot.pcap.out b/test/results/flow-analyse/trickbot.pcap.out new file mode 100644 index 000000000..16bd1474f --- /dev/null +++ b/test/results/flow-analyse/trickbot.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.12.29.101,82.118.225.196,tcp,61318,7080,finished,9,23,1609266107551500,1609266109737227,1609266110219915,0,0,928,1460,1277,27187,0,6,156585.2,931328,258444.3,66793451520.0,3.3,"245675,245918,203,81,530,37,931085,931328,2339,2280,480234,19,480300,297566,15,8,7,8,7,8,8,7,7,6,9,297680,227938,227937,482874,14,14",40,930.0,1500,662.5,438885.5,4.5,"52,44,40,389,968,40,40,1398,40,1398,40,1500,1323,40,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,276,40,1398,40,1500,1500,1194","7,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,3,0,0,14,0,0","0,1,0,0,0,1,1,1,0,1,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1","4.776611805,4.925117970,4.762815475,5.824206829,6.033888340,4.784183979,4.834183693,7.786707878,4.931687355,7.831421852,4.931687355,7.870709896,7.856476307,4.931687355,7.869441509,7.864507675,7.865448475,7.873723507,7.871662140,7.892165661,7.878643513,7.860257149,7.887190342,7.870031357,7.873756886,7.255901337,4.931687355,7.870108604,4.931687355,7.875472546,7.873021603,7.864452362",HTTP,7,0,Acceptable,Web,6,DPI,"5,12,25" diff --git a/test/results/flow-analyse/tumblr.pcap.out b/test/results/flow-analyse/tumblr.pcap.out new file mode 100644 index 000000000..13e284786 --- /dev/null +++ b/test/results/flow-analyse/tumblr.pcap.out @@ -0,0 +1,12 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::98c7:1593,tcp,42908,443,finished,16,16,1605292103810303,1605292105112205,1605292105112063,0,0,382,1400,607,11474,1,1,83989.1,700859,188930.8,35694845952.0,2.6,"870,91738,194148,2,1,2772,104383,700859,700827,1324,5830,44963,352,357119,395282,1534,2,2,1,1,1,1,2,1529,39,13,18,11,13,13,12",72,449.5,1472,576.4,332266.9,4.0,"454,111,111,72,72,72,111,72,944,72,107,184,72,72,1460,72,84,1472,1472,1472,1472,835,1472,1472,72,72,72,72,72,72,72,72","11,3,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,0","0,0,0,1,1,1,1,0,1,0,0,0,1,1,1,0,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,0","7.475968361,5.973469734,5.991487980,5.083631992,5.055854321,5.055854321,5.836178780,5.218127251,7.768151760,5.245904922,5.915576458,6.683409691,5.034884930,5.073147297,7.871325970,5.162571907,5.437397003,7.868166924,7.884456158,7.861326694,7.846504688,7.733069897,7.846429825,7.853037357,5.218127251,5.218127251,5.218127251,5.218127251,5.218127251,5.190349579,5.245904922,5.190349579",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d28,tcp,43420,443,info,16,16,1605292105170049,1605292105221617,1605292105221612,0,0,160,1400,311,12058,1,1,3326.8,37135,8084.0,65351828.0,2.7,"469,25881,1104,10603,37135,1897,1,1911,13,717,678,9927,9935,107,1,101,8,237,229,116,116,308,309,92,91,472,1,479,15,99,79",72,458.5,1472,599.1,358951.0,3.9,"232,223,72,72,891,72,111,1460,72,72,84,72,1472,72,1472,1460,72,72,84,72,1472,72,1472,72,1460,72,84,1460,72,72,84,72","14,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0","0,0,1,1,1,0,1,1,0,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1,0","6.975117207,6.780508041,5.008678436,4.980900764,7.727560043,5.257209778,5.876837730,7.865436077,5.284987926,5.284987926,5.396960735,5.284987926,7.861420155,5.257210255,7.855777740,7.835244179,5.201654911,5.257210255,5.387974262,5.257210255,7.869387627,5.229432106,7.851236820,5.229432583,7.862463474,5.201654911,5.316545486,7.846337318,5.257210255,5.284987926,5.396960735,5.284987926",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d28,tcp,43434,443,info,16,16,1605292105171046,1605292105231565,1605292105231522,0,0,112,1400,362,16800,1,1,3903.1,45055,9416.3,88667112.0,2.8,"365,4822,355,27249,2992,337,2701,17288,45055,519,518,603,1,579,9,7282,1,7292,34,289,2,248,25,174,1,157,27,1036,1,1005,28",72,608.3,1472,669.7,448506.0,4.1,"184,111,183,172,72,72,72,72,1472,72,1472,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72,1472,1472,72,72","12,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0","0,0,0,0,1,1,1,1,1,0,1,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","6.587406158,5.914531231,6.603403568,6.519369125,4.980900764,4.980900764,4.894209862,4.980900764,7.851428509,5.118321419,7.864492416,5.118321419,7.853987694,7.848294735,5.062766075,5.080059052,7.860019684,7.828007221,5.118321419,5.118321419,7.856985092,7.866126060,5.118321419,5.080059052,7.856244087,7.840456009,5.146099091,5.080059052,7.871989727,7.857123375,5.118321419,5.118321419",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2606:2800:135:155a:23ba:b2a:25ff:122d,tcp,58380,443,finished,16,16,1605292105197307,1605292105347875,1605292105347850,0,0,523,1208,1519,5784,0,0,9713.3,47694,16101.6,259260704.0,3.2,"33179,33247,488,47694,0,47160,1225,37725,2106,0,0,38598,23,3,754,718,796,796,2589,248,171,60,26260,592,1,74,1362,0,0,25234,8",72,300.7,1280,381.9,145812.8,4.1,"80,80,72,589,72,171,72,595,72,1280,1280,1280,72,72,72,544,72,1055,72,146,164,329,128,72,72,72,72,327,327,168,72,72","10,1,2,0,0,0,0,0,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,2,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,1,1,1,0,0,0,1,0,1,0,0,0,0,0,1,1,1,1,1,1,1,0,0","5.295193195,5.637294769,5.563652992,4.598795891,5.459350586,6.223492146,5.497612953,5.044443607,5.487128258,7.814322472,7.863967419,7.842244625,5.591430664,5.503256798,5.563652992,7.612953186,5.591430664,7.763548851,5.563652992,6.558448792,6.685117722,7.291459560,6.278277397,5.487128258,5.487128258,5.431572914,5.487128258,7.317289352,7.268368721,6.510692596,5.591430664,5.563652992",TLS,91,1,Safe,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d03,tcp,56794,443,info,14,18,1605292105669051,1605292105720296,1605292105720289,0,0,130,1400,525,11113,1,0,3305.9,36646,8575.8,73544632.0,2.4,"375,92,385,236,26419,36646,2159,0,376,0,10012,21697,203,197,169,221,0,406,8,175,469,1,0,620,51,101,150,197,535,21,562",72,435.7,1472,586.0,343353.7,3.9,"192,111,201,202,143,108,72,72,72,72,72,1472,72,1472,72,1460,84,1472,72,72,1460,84,1327,103,72,72,111,1460,72,84,1460,72","8,2,1,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,7,0,0,0,0","0,0,0,0,0,0,1,1,1,1,1,1,0,1,0,1,1,1,0,0,1,1,1,1,0,0,1,1,0,1,1,0","6.771437645,5.700867176,6.623061657,6.706957817,6.270517826,5.792555332,5.008678436,5.036456108,5.008678436,5.036456108,5.008678436,7.827867985,5.069574833,7.856517315,5.080059528,7.842531681,5.292736530,7.873940468,5.069574833,5.034988403,7.877679825,5.307831764,7.852031708,5.639400959,5.146099567,5.090544224,5.719091892,7.856316566,5.118321896,5.301723003,7.853841305,5.090544224",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::c000:4d03,tcp,56842,443,finished,16,16,1605292108895208,1605292109072597,1605292109072571,0,0,517,1400,1335,7988,0,0,11443.6,70171,19863.6,394563968.0,3.1,"22637,22712,440,30662,24781,0,1,1,54941,10,7,4,36,7,1509,240,132,59732,70171,1,0,28567,37136,504,0,1,0,1,500,15,4",72,363.8,1472,486.5,236637.8,4.0,"80,80,72,589,72,1472,1472,1368,1472,72,72,72,72,193,72,136,164,403,403,72,72,72,343,72,343,134,103,1472,408,72,72,72","11,0,2,0,0,0,0,0,0,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,1,0,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,4,0,0,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,1,0,0,0,0,0,1,1,1,1,0,1,1,1,1,1,0,0,0","4.750073910,5.171930313,5.147485733,4.504647255,5.036456108,7.837605953,7.857367039,7.841114044,7.873028755,5.147486210,5.119708538,5.175263882,5.147486210,6.592915535,5.147486210,5.952137947,6.489402294,7.443186283,7.431387901,5.036456108,4.980900764,5.008678436,7.119190693,5.175263882,7.234163284,6.096735001,5.624744892,7.869890213,7.348752975,5.175263882,5.175263882,5.175263882",TLS.Tumblr,91.90,1,Fun,SocialNetwork,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::4a72:9a16,tcp,43328,443,info,16,16,1605292121486006,1605292121915646,1605292121915718,0,0,517,1400,1174,11033,0,0,27721.0,189403,49540.4,2454247936.0,3.2,"21421,21468,523,29545,160398,189403,235,0,213,14,842,826,3808,144,202,28681,1,1011,77988,2,103570,74,656,29813,79144,108203,110,95,435,441,86",72,454.0,1472,568.3,322990.4,4.0,"80,80,72,589,72,1472,72,1472,1368,72,72,1073,72,157,163,523,72,72,72,338,142,72,72,102,72,1472,72,1472,72,1472,72,1472","12,0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,6,0,0,0,0","0,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,1,1,1,1,1,0,0,0,1,1,0,1,0,1,0,1","4.847575665,5.264388561,5.273682594,4.570615292,5.139187336,7.183391094,5.218127251,7.306411743,7.637944698,5.179864883,5.245904922,7.569734573,5.218127251,6.162980080,6.493566990,7.590200424,5.139187336,5.139187336,5.083631992,7.038479328,6.319642544,5.162571907,5.162571907,5.715408325,5.083631992,7.863587856,5.218127251,7.862967491,5.245904922,7.863145828,5.190349579,7.850796700",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::9765:789d,tcp,48240,443,info,15,17,1605292102602965,1605292122118409,1605292122118430,0,0,86,1048,132,16768,1,0,1259061.5,19513573,4788586.0,22930555666432.0,1.0,"19473275,346,19513573,0,40000,58,0,14,3,47,46,590,601,1080,1,1,0,1,0,0,1081,15,50,4,2,3,4,112,1,0,1",72,600.1,1120,520.1,270533.2,4.4,"72,158,118,72,1120,72,1120,1120,72,72,1120,72,1120,72,1120,1120,1120,1120,1120,1120,1120,72,72,72,72,72,72,72,1120,1120,1120,1120","13,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,1,1,0,0,1,0,1,0,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,1,1","5.300073624,6.172540188,5.808043480,5.111409664,7.793330193,5.244518280,7.816789150,7.806469440,5.188962936,5.244518280,7.817547321,5.216740131,7.782293320,5.272295952,7.814203739,7.825418949,7.833592415,7.796096325,7.794456482,7.800365925,7.831590176,5.300073624,5.244518280,5.272295952,5.300073624,5.216740608,5.244518280,5.272295475,7.782464504,7.824431896,7.817936897,7.808838844",,,,,,,,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:80b::200a,tcp,38608,443,finished,17,15,1605292122095843,1605292122274057,1605292122274042,0,0,517,1208,982,8808,0,0,11497.2,67472,19899.9,396007328.0,3.2,"67445,67472,269,44078,5271,1,49097,3,94,53,18571,10150,718,42370,0,12940,229,14297,2020,1,16083,2556,1,2570,25,64,1,0,22,4,8",72,378.4,1280,464.3,215557.6,4.1,"80,80,72,589,72,1280,1280,72,72,572,72,136,164,350,72,652,72,103,72,103,72,72,521,1280,72,72,1280,1280,1280,72,72,72","13,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,1,0,0,0,0,1,1,0,0,1,1,1,0,1,1,0,0,1,1,1,0,0,0","4.880388737,5.286173344,5.204868793,4.536604404,5.107836723,7.787920475,7.830109596,5.260424137,5.232646465,7.542898178,5.232646465,6.192057133,6.535644054,7.298229218,5.014019012,7.680838585,5.232646465,5.914041996,5.041796684,5.815946102,5.052281380,5.166606426,7.546278477,7.846930027,5.117859364,5.138828754,7.830280781,7.832926273,7.840851784,5.194384098,5.099461079,5.156121731",TLS.GoogleServices,91.239,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,2a00:1450:4007:809::200e,tcp,49548,443,finished,16,16,1605292122064463,1605292122281616,1605292122282509,0,0,517,1208,962,9011,0,0,14038.7,83018,20606.9,424642560.0,3.6,"30258,30298,226,70679,12575,2,1,83018,62,4,882,32413,0,31475,5911,16277,137,34580,1914,14156,7168,10659,16853,1,0,1,34679,24,2,2,942",72,384.2,1280,474.8,225406.5,4.1,"80,80,72,589,72,1280,1280,311,72,72,72,136,72,652,72,164,103,330,72,103,72,72,72,985,1280,1280,1280,72,72,72,72,1280","12,0,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,1,1,0,1,1,1,1,1,1,0,0,0,0,1","4.836515903,5.311173439,5.222161770,4.516429901,5.097352028,7.813626766,7.833569527,7.238987446,5.249939442,5.211677551,5.222161770,6.183825970,5.163392067,7.648269653,5.182794571,6.507936478,5.802297115,7.243775845,5.097352028,5.700409889,5.249939919,5.097352028,5.163392067,7.756225586,7.832665920,7.840676308,7.826161861,5.222161770,5.222161770,5.166606426,5.183899403,7.820078373",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip6,2a01:cb01:2049:8b07:991d:ec85:28df:f629,64:ff9b::6006:749,tcp,39152,443,finished,17,15,1605292105418417,1605292122813676,1605292122725006,0,0,764,1279,4217,4676,0,98,1119414.5,16588707,4059258.8,16477581213696.0,1.4,"29466,29487,204,37942,9029,46759,696,98,30996,1834,7035,39073,52635,52694,371915,406395,20731,55185,2451,32929,9268,39721,16556740,16588707,11402,43353,16903,58413,9807,93158,46822",72,350.4,1351,367.9,135349.6,4.3,"80,80,72,692,72,342,72,152,489,72,72,359,72,1259,72,824,72,855,72,836,72,342,72,500,72,1351,72,644,72,672,72,656","9,0,1,0,0,0,0,0,0,0,0,0,0,2,0,0,0,1,1,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,0,1,1,1,0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0","4.797575951,5.229953289,5.190349579,7.030211926,4.972520828,6.811050892,5.091930866,6.334684849,7.516590118,5.055853844,5.055853844,7.313119888,5.190349579,7.806543827,5.218127251,7.745193005,5.000298500,7.694315910,5.134794235,7.706961155,5.028076172,7.266840458,5.190349579,7.564545631,4.972520828,7.854704857,5.162571907,7.655811310,5.000298500,7.622268677,5.134794235,7.624323368",TLS,91,1,Safe,Advertisement,6,DPI,"" diff --git a/test/results/flow-analyse/tunnelbear.pcap.out b/test/results/flow-analyse/tunnelbear.pcap.out new file mode 100644 index 000000000..4905c4868 --- /dev/null +++ b/test/results/flow-analyse/tunnelbear.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.8.0.1,104.17.115.40,tcp,45104,443,finished,16,16,1655734524335198,1655734524914388,1655734524915156,0,0,536,3657,2952,9379,0,14,37391.9,265866,60218.7,3626296576.0,3.5,"4811,10763,14,6027,71146,71669,62476,63085,171,99,103,116,2258,2217,58331,58816,497,202,194,148,171,85,633,797,214474,265866,52392,51419,53825,54567,51776",40,426.0,3697,812.3,659832.9,3.5,"60,40,40,557,40,3697,40,133,40,576,40,576,40,305,40,376,361,40,576,40,150,40,40,78,40,1632,40,691,40,352,40,2871","7,1,1,1,0,0,0,0,1,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1","4.505928516,4.461769581,4.584184170,6.096171856,4.530641556,7.154915333,4.484183788,5.938849449,4.530641079,7.408299446,4.530641556,7.614147663,4.580641270,7.362629890,4.511769295,7.075150967,7.354639530,4.461769581,7.592569828,4.461769581,6.475907803,4.530641556,4.584184170,5.252028465,4.480641842,7.871288776,4.584184170,7.643190861,4.584184170,7.059779167,4.584184170,7.871583939",TLS.TunnelBear,91.299,1,Acceptable,VPN,6,DPI,"" +1,ip4,10.8.0.1,104.17.115.40,tcp,45126,443,finished,16,16,1655734525218267,1655734525773780,1655734525773395,0,0,536,749,2295,1194,0,128,35827.1,233720,54909.0,3015001088.0,3.6,"3428,3938,2003,2864,57273,107978,750,51373,305,140,145,128,138,133,50874,51892,1049,50443,50842,196795,233720,37672,51488,50853,51099,141,51026,454,234,444,1019",40,149.7,789,198.3,39337.4,4.1,"60,40,40,557,40,196,40,91,40,576,40,576,40,303,40,118,363,40,78,40,789,40,213,40,78,40,71,40,40,40,40,40","9,2,0,0,0,0,0,0,1,0,1,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0","4.472595215,4.630641460,4.634183884,6.061924934,4.530641556,6.057179928,4.684184074,5.430868149,4.530642033,7.374313831,4.580641747,7.639074802,4.530642033,7.179740906,4.461769581,5.884557247,7.359737873,4.580641747,5.284663200,4.580641747,7.730541706,4.684184074,6.845517159,4.684184074,5.293632984,4.565311909,5.134845257,4.480641842,4.465312481,4.430641651,4.480641842,4.471928596",TLS.TunnelBear,91.299,1,Acceptable,VPN,6,DPI,"" +1,ip4,10.8.0.1,104.17.114.40,tcp,33830,443,finished,15,17,1655734776460292,1655734776909928,1655734777250607,0,0,536,2900,3230,3163,0,25,39998.4,340372,83812.5,7024526848.0,3.0,"4054,5298,2009,3384,237730,240091,25,2380,9328,9409,226,61,1426,1484,112,59,79,69,100518,152574,52262,7046,20588,16017,10024,8002,820,1293,7036,6175,340372",40,240.4,2940,516.4,266681.9,3.5,"60,40,40,557,40,196,40,91,40,93,40,126,40,576,40,576,40,165,40,109,78,40,78,361,40,576,40,148,40,363,40,2940","3,3,1,2,0,0,0,0,0,0,2,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,1,0,1,0,1,1","4.460013390,4.480641842,4.515312195,6.108502865,4.580641747,6.049703121,4.634183884,5.378616810,4.580641747,5.520286560,4.580641747,5.850438595,4.530641556,7.632115364,4.530641556,7.628461361,4.580641747,6.826807022,4.530641556,5.918608665,5.310303688,4.580641747,5.303310871,7.209881783,4.580641747,7.572566509,4.580641747,6.476149559,4.580641747,7.298981190,4.530641556,7.923994541",TLS.TunnelBear,91.299,1,Acceptable,VPN,6,DPI,"" diff --git a/test/results/flow-analyse/ubntac2.pcap.out b/test/results/flow-analyse/ubntac2.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/ubntac2.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/ultrasurf.pcap.out b/test/results/flow-analyse/ultrasurf.pcap.out new file mode 100644 index 000000000..35a4de967 --- /dev/null +++ b/test/results/flow-analyse/ultrasurf.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,65.49.68.25,10.132.0.23,tcp,50053,37898,finished,22,10,1656652731609846,1656652731961797,1656652731903862,1280,0,2576,0,41208,0,1,2,20837.6,150485,35657.5,1271454592.0,3.6,"7,21335,5,10969,29128,61453,2,10832,4,9189,30801,10791,6,19965,5,29291,5,3,3,9324,30618,150485,11,11883,141836,4,17858,20033,9,20018,10094",80,1348.5,2628,1007.2,1014474.8,4.5,"2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10","10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0","7.935860634,7.912645817,7.844571114,7.831790447,7.918263912,7.928714752,5.522979259,5.447978497,7.859277725,7.870418549,7.933502197,5.497979641,7.862855911,7.853259087,7.847196579,7.913461208,5.472979069,5.319669724,5.429106236,5.429106236,7.836807251,5.479106426,7.821085453,7.859042645,7.931487560,5.538542747,5.538542747,7.931249619,7.868795395,7.859850407,7.922960758,7.932232857",UltraSurf,304,1,Acceptable,VPN,6,DPI,"" +1,ip4,10.132.0.23,65.49.68.25,tcp,38120,50053,finished,15,17,1656652778161151,1656652779042511,1656652779222772,0,0,1348,1288,5006,4491,0,2,62676.8,270784,99488.0,9897854976.0,3.4,"211168,260384,4,269572,5,10096,9894,260379,4,20013,20030,10943,4,270784,9694,4,10276,229481,5,19977,40078,29866,14,10092,29929,210869,5,2,9,9396,4",52,349.3,1400,449.6,202163.0,4.0,"60,60,52,569,52,1340,1340,1256,52,52,52,116,138,690,107,87,83,108,83,52,94,1400,86,1148,680,650,52,87,244,187,87,113","7,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0","4,8,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,2,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,1,1,1,1,0,0,1,0,1,0,0,0,1,1,1,1,1,1","4.726680756,5.240227222,5.272274494,6.111527920,5.130220413,7.844857216,7.849434853,7.833609104,5.233813286,5.156889915,5.233813286,6.138292789,6.368075848,7.651264191,6.278759480,5.928515911,5.691242695,6.148318291,5.806828022,5.233812809,5.950813293,7.875130177,5.929117203,7.818894386,7.718791008,7.725904465,5.168681622,5.919838905,6.926432133,6.780454636,5.896851063,6.240451336",TLS,91,1,Safe,Web,6,DPI,"5,24" +1,ip4,10.132.0.23,65.49.68.25,tcp,38152,50053,finished,16,16,1656652831434184,1656652832235258,1656652832454997,0,0,1348,1288,4808,5851,0,2,58770.5,269120,100848.2,10170350592.0,3.1,"209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3",52,385.6,1400,479.7,230117.0,4.1,"60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340","7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1","4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195",TLS,91,1,Safe,Web,6,DPI,"5,24" diff --git a/test/results/flow-analyse/upnp.pcap.out b/test/results/flow-analyse/upnp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/upnp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/viber.pcap.out b/test/results/flow-analyse/viber.pcap.out new file mode 100644 index 000000000..ac91b8317 --- /dev/null +++ b/test/results/flow-analyse/viber.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.0.17,54.230.93.53,tcp,53934,443,info,14,18,1527155641845544,1527155641984215,1527155641981830,0,0,708,1448,1017,20153,0,19,8869.6,47784,14735.4,217133360.0,3.3,"19470,21663,1023,22292,3214,249,21,217,39369,88,574,349,10837,47784,22339,40800,258,54,169,260,19,213,268,217,249,532,41188,70,47,44,1080",52,714.1,1500,673.4,453425.2,4.3,"60,60,52,235,52,1500,1500,1500,397,52,52,52,52,178,294,760,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,794,52,52,52,52,52","11,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0","4.571673393,5.231404781,5.154164791,5.626152039,5.147462368,7.170236111,7.463209152,7.511432171,7.329006195,5.115703106,5.154164791,5.192625999,5.154164791,6.447020531,7.153199196,7.703028202,7.855375767,7.870701790,7.853311062,7.869762897,7.858384132,7.891494274,7.876748085,7.889567852,7.884804249,7.876610279,7.713707447,5.154164791,5.154164314,5.115703106,5.154164314,5.109001160",,,,,,,,"" +1,ip4,192.168.0.17,52.0.253.101,tcp,33208,4244,info,17,15,1527155638428936,1527155670525718,1527155666299937,0,0,530,98,2467,404,1,97,1934444.6,10701681,2902413.2,8424002682880.0,3.5,"54240,95930,270,43992,41788,57048,16087,92087,91609,10563926,10701681,4192149,4152724,4422076,4422070,309467,309552,21641,197002,97,215011,3974475,3934854,3635331,52554,3635290,52615,12721,140816,167507,4361173",52,141.7,582,133.2,17739.8,4.5,"153,108,52,128,52,494,116,52,120,52,149,52,146,52,146,52,391,52,150,52,136,52,146,52,146,410,52,52,150,136,52,582","4,1,6,2,0,0,0,0,0,0,1,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,0,3,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,0,1,0,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,1,1,0,1,0","6.431744576,6.016238213,4.829590321,6.209959030,4.955154419,7.559208393,6.096168518,5.008132935,6.149723053,4.916692734,6.302158833,4.921030998,6.449830055,4.959492207,6.525306225,4.921030521,7.398088932,4.997953892,6.476407528,4.969671726,6.289449215,4.997953892,6.509795189,4.997953892,6.393223286,7.421437263,4.997953892,4.997953892,6.452959538,6.382457256,4.997953892,7.597495079",,,,,,,,"" +1,ip4,192.168.0.17,18.201.4.32,udp,47171,7985,finished,17,15,1527155670640484,1527155675775126,1527155675692683,20,0,257,76,2947,930,0,129,328607.8,525007,210300.8,44226416640.0,4.6,"129,33097,500276,500261,503516,15204,503250,15302,516057,515704,477654,477626,36790,36786,524953,525007,440389,440669,68112,67828,523108,523160,411969,411845,84133,84199,517782,517791,399760,399674,114810",48,149.2,285,100.4,10086.1,4.7,"285,48,104,285,104,48,285,62,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285,104,285,104,48,62,285","6,0,0,0,0,0,0,0,11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","6.429836750,5.092222691,3.431529284,6.457198620,3.469990969,5.092222691,6.466431141,4.018082619,3.469990969,6.511886120,3.469990969,5.092222691,3.985824585,6.440430164,3.469990969,6.468061447,3.419557333,4.967222214,3.953566313,6.441361427,3.450760365,6.449966431,3.469991207,5.050555706,4.018082619,6.492553234,3.489221811,6.449169159,3.469991207,5.050556183,4.018082619,6.452616215",Viber,144,1,Fun,VoIP,6,DPI,"" +1,ip4,192.168.0.17,18.201.4.3,udp,38190,7985,finished,19,13,1527155679411371,1527155683480847,1527155683453495,12,0,257,76,2479,778,0,49,261664.5,531417,244884.4,59968385024.0,4.1,"2549,75,31700,2304,505528,505691,496908,2109,6670,496650,8720,505323,505404,490799,100,14960,490657,15090,513169,513225,531417,103,49,531356,217,492947,492967,448249,97,448143,58424",40,129.8,285,99.7,9932.1,4.6,"285,46,48,104,62,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,285,62,104,285,104,48,40,62,285","10,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,5,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,0,1,1,0,1,0,0,1,0","6.294480801,4.507713318,5.008889198,3.477249622,4.018082619,6.362309933,3.496480465,5.050556183,4.408695221,6.358519077,3.985824585,3.458018780,6.336889267,3.458018780,4.967222214,4.408695221,6.270152092,3.909132719,3.438787937,6.396345615,3.496480465,5.008889198,4.408695221,6.346873283,3.855867863,3.496480465,6.368536949,3.477249622,5.008889198,4.408695221,3.985824585,6.367835045",Viber,144,1,Fun,VoIP,6,DPI,"" diff --git a/test/results/flow-analyse/vnc.pcap.out b/test/results/flow-analyse/vnc.pcap.out new file mode 100644 index 000000000..5ca2bdafe --- /dev/null +++ b/test/results/flow-analyse/vnc.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,95.237.48.208,192.168.2.110,tcp,59791,6900,finished,17,15,1476111264364066,1476111265262808,1476111265262852,0,0,35,34,287,185,0,1,57984.8,545295,113391.3,12857594880.0,3.2,"524,38820,49897,50306,38760,37061,157832,7049,164493,745,37544,181,35,36356,3,37327,1189,1,198,747,2,747,516,199031,310273,46,50,545295,719,22308,59473",40,56.6,75,12.8,163.2,5.0,"52,52,46,52,52,48,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,40,63,40,70,68,72,46,46,67,40","12,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","13,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,1,1,1,0,0,0,1","4.631521702,4.863714218,4.609350204,4.985801697,5.140452385,4.993162155,4.757925987,4.730641365,5.272469521,4.609350204,5.640918255,5.577627659,5.864722729,5.438069820,4.565871716,5.780129910,4.730641365,5.837696075,5.730319500,4.671928406,5.671802044,5.704510212,4.621928692,5.604105949,4.671928406,5.568077564,5.579674721,5.540976048,4.522393703,4.478915215,5.614377499,4.671928406",VNC,89,0,Acceptable,RemoteAccess,6,DPI,"5,30" +1,ip4,95.237.48.208,192.168.2.110,tcp,51559,6900,finished,18,14,1476111286462067,1476111287358990,1476111287224950,0,0,35,34,287,185,0,2,53542.1,538844,125065.9,15641482240.0,3.0,"107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724",40,56.8,75,12.6,158.0,5.0,"52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67","13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0","4.518056870,4.878231525,4.652828693,5.022342682,5.176993847,4.993162155,4.698037148,4.711769104,4.609350204,4.730641365,5.204673767,4.652828693,5.591832638,5.651554108,5.655132294,5.470327854,4.565871716,5.718621254,4.680641174,5.781727314,5.694025517,4.621928692,5.533761978,5.648954391,5.381884575,4.621928692,5.550290108,5.491440296,5.523682594,4.505982876,4.565872192,5.593677998",VNC,89,0,Acceptable,RemoteAccess,6,DPI,"5,30" diff --git a/test/results/flow-analyse/vrrp3.pcapng.out b/test/results/flow-analyse/vrrp3.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/vrrp3.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/vxlan.pcap.out b/test/results/flow-analyse/vxlan.pcap.out new file mode 100644 index 000000000..ae5f18ad6 --- /dev/null +++ b/test/results/flow-analyse/vxlan.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.22.5,192.168.22.4,udp,36286,4789,finished,32,0,1639650442941597,1639650443255719,1639650442941597,74,0,1454,0,35959,0,0,10,10133.0,140558,31047.2,963930240.0,2.2,"10532,1402,105,10,11439,530,9521,113264,10571,140558,101,64,3057,190,558,175,1284,181,1316,3621,187,402,189,2282,184,313,186,833,189,694,184",102,1151.7,1482,546.6,298767.6,4.8,"110,102,1482,1482,570,102,271,102,554,102,1482,1482,856,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482,1482","0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.583852291,5.651705265,7.826985836,7.861832619,7.623077869,5.619890690,7.052967072,5.635924816,7.564305782,5.565874100,7.866837978,7.859116077,7.762131214,7.859333515,7.877618790,7.863654613,7.851696491,7.874659538,7.855105877,7.845957756,7.883800030,7.862126827,7.878228188,7.846958637,7.850887299,7.866386890,7.866912842,7.871983051,7.852091789,7.857552052,7.852843761,7.854843616",VXLAN,64,0,Acceptable,Network,6,DPI,"" +1,ip4,192.168.22.4,192.168.22.5,udp,40646,4789,finished,32,0,1639650442931548,1639650443264733,1639650442931548,74,0,392,0,3106,0,0,4,10747.9,150839,30032.6,901957440.0,2.5,"10329,305,11530,200,4,1301,10031,41817,81536,403,150839,3109,802,1504,1403,3811,602,2508,504,1003,903,802,707,803,710,2107,301,402,2307,401,201",102,125.1,420,68.2,4655.6,4.8,"110,102,420,102,102,102,166,267,102,102,285,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102,102","0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5.313875198,5.603603840,6.154091835,5.623211861,5.630611897,5.623211384,6.288531303,6.880884647,5.615810394,5.596202850,7.036987305,5.564387798,5.603603840,5.596202850,5.623211384,5.564388275,5.583995819,5.556987286,5.591396332,5.603603840,5.576594353,5.623211384,5.544780254,5.603603840,5.603603840,5.623211384,5.642818928,5.588801384,5.603603363,5.635418415,5.635418415,5.655025959",VXLAN,64,0,Acceptable,Network,6,DPI,"" diff --git a/test/results/flow-analyse/wa_video.pcap.out b/test/results/flow-analyse/wa_video.pcap.out new file mode 100644 index 000000000..cd7a7e9be --- /dev/null +++ b/test/results/flow-analyse/wa_video.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.12,157.240.20.53,tcp,49355,5222,info,19,13,1561455767339689,1561455770332620,1561455769794560,0,0,548,1388,1640,5261,1,0,175735.5,2404473,473951.1,224629620736.0,2.4,"51726,176830,2,0,439642,1227815,753,306057,108901,2404473,241,10,252,9,41,323,133116,635,40681,277,7651,7949,1743,1602,528764,1087,660,696,654,2651,2561",52,268.4,1440,335.2,112371.9,4.2,"600,52,1440,155,508,508,332,189,225,1440,52,52,64,52,52,52,64,228,228,52,52,228,52,404,52,214,212,206,206,206,206,206","11,0,0,0,5,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,0,0,1,1,4,0,0,1,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,1,0,1,0,0,0,0,0,0,0,0","7.608484745,5.077241421,7.865381718,6.691146851,7.578685284,7.572544098,7.307354450,6.700509548,7.001189232,7.865732670,4.976373672,5.053297043,5.138105392,5.091758728,5.053297043,5.091758728,5.157560349,6.986247063,7.012214661,5.053297043,5.053297043,6.984363556,5.053297043,7.459637642,5.053297043,6.913162708,6.866742134,6.851969242,6.911801815,6.922309875,6.837723732,6.965609550",,,,,,,,"" +1,ip4,192.168.2.12,31.13.86.48,udp,53688,3478,finished,23,9,1561455769789452,1561455770782169,1561455770781798,6,0,472,472,8102,1614,0,95,64034.3,550126,135549.6,18373693440.0,3.1,"95,13142,1109,548212,794,550126,16210,117,20333,106,23568,573,14505,979,116,79305,29641,99,23164,167,19951,342,24390,3500,104447,150456,15882,197610,75380,2499,68245",30,331.6,500,205.8,42355.1,4.7,"154,154,72,72,154,500,72,500,500,500,500,500,500,34,500,500,30,500,500,500,500,500,500,500,154,72,48,500,48,500,500,48","3,0,0,4,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,4,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,1,1,0,1,1,0","6.493677139,6.519650936,5.235420704,5.263198376,6.488775253,7.446858406,5.290976048,7.477643013,7.460317135,7.514078140,7.471118450,7.444753170,7.528831959,4.569532394,7.478866100,7.484198570,4.453236580,7.470160961,7.456147671,7.450516224,7.440128803,7.495639801,7.433229923,7.431243420,6.496860504,5.263197899,3.812905788,7.345452785,3.812905550,7.413387775,7.430417538,4.208755493",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" +1,ip4,192.168.2.12,91.252.56.51,udp,53688,32641,finished,26,6,1561455781352254,1561455783672290,1561455783683909,44,0,1118,182,15240,615,0,139,150054.5,1979427,383224.6,146861080576.0,2.7,"707140,619781,619147,1979427,36290,69699,132037,26361,100137,1489,36501,24632,139,224,338,341,10692,26140,102372,15137,296,563,516,886,169,757,7597,915,148,631,131189",72,523.5,1146,432.0,186635.8,4.5,"72,72,72,72,72,72,72,156,72,165,150,130,899,899,899,898,1146,194,143,198,1022,1022,1022,1022,1022,1020,150,920,920,920,1048,210","0,6,0,2,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0,7,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,2,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,1,0,0,1,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1","5.551460743,5.652086735,5.531393051,5.607016087,5.440350056,5.499580860,5.568753719,6.624680996,5.697700977,6.683998108,6.496982574,6.426134586,7.747357368,7.800405025,7.780704021,7.774211884,7.821574688,6.735989094,6.400922298,6.908179283,7.822691441,7.800770760,7.811967850,7.818122864,7.793910027,7.785738468,6.611948967,7.770941734,7.800857544,7.760899067,7.788744450,6.986406326",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5" diff --git a/test/results/flow-analyse/wa_voice.pcap.out b/test/results/flow-analyse/wa_voice.pcap.out new file mode 100644 index 000000000..f12ff6af2 --- /dev/null +++ b/test/results/flow-analyse/wa_voice.pcap.out @@ -0,0 +1,6 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.12,157.240.20.53,tcp,49355,5222,finished,17,15,1561455688704143,1561455689377891,1561455689390636,0,0,286,1388,776,6993,0,1,43878.7,304081,76394.5,5836114944.0,3.2,"40742,137033,170366,304081,130232,56,30959,5260,28,391,1,177,42,1186,210132,335,9,41,206,11,311,41447,129925,50,6,6,5,1043,24269,131853,38",52,295.4,1440,467.5,218553.5,3.8,"64,60,52,308,52,109,103,137,1440,92,1440,155,1440,164,1440,52,52,52,52,52,52,52,1045,84,98,119,82,111,52,338,52,52","11,3,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0","0,1,0,0,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,1","4.472632408,5.115064144,5.014835358,7.171360493,5.130219936,6.068146706,5.962917328,6.548506737,7.870247841,5.888707161,7.854815006,6.678243637,7.877118111,6.722311020,7.881030083,5.014835358,5.014835358,4.976373196,5.091758251,5.091758251,5.130219936,5.008132935,7.805761337,5.645539761,5.925289631,6.203728676,5.699334145,6.150419712,4.961856842,7.298644066,5.038780212,4.955154419",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" +1,ip4,192.168.2.12,31.13.86.51,tcp,50503,443,finished,17,15,1561455689909150,1561455690224696,1561455690224643,0,0,517,1388,1331,7979,0,0,20356.1,163286,46938.1,2203181824.0,2.5,"19749,127653,2783,126251,2925,28,22,21046,163,145211,12,6,5,40,5,163286,2,38,0,250,1,16,17472,279,12,8,2386,284,150,389,567",52,343.6,1440,489.7,239839.3,3.9,"64,60,52,569,52,1440,1440,335,52,52,116,98,95,87,388,311,52,223,126,83,52,100,484,52,52,52,52,1440,52,1440,1440,83","10,3,1,0,0,0,0,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,1,0,1,1,0","4.453177452,5.156567574,5.038779736,4.954115391,5.062724590,7.845219135,7.875988007,7.363695621,5.038779736,5.077241421,6.006405830,6.022478580,5.964075089,5.738524437,7.327147007,7.233700752,5.115703106,6.979569435,6.337362766,5.826725960,5.032077789,6.041212559,7.548195839,4.923395157,4.961856842,5.000318050,4.947339535,7.873440742,5.038779736,7.854992867,7.876389503,5.699865818",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" +1,ip4,192.168.2.12,157.240.20.52,tcp,50504,443,finished,16,16,1561455707474558,1561455707778028,1561455707778471,0,0,517,1388,928,9370,0,5,19593.0,129132,30818.3,949767616.0,3.5,"37234,38970,11147,51469,985,103,11,42805,136,34645,3771,380,216,299,76165,5,34895,421,279,3605,27,2938,1342,3436,77447,53735,129132,1406,40,219,120",52,374.4,1440,526.3,277041.4,3.9,"64,60,52,569,52,1440,1440,333,52,52,116,98,95,87,244,223,126,52,52,83,52,83,52,87,52,52,502,52,1440,1440,1440,1440","10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,1,0,0,1,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,0,0,0,1,1,0,0,0,1,1,0,1,0,1,1,0,1,1,1,1","4.421927452,5.127645493,4.947339535,4.844649315,5.024262905,7.828526497,7.880538940,7.342582226,4.947340012,4.947340012,6.096442223,5.933140755,5.903703690,5.761512756,7.014289856,6.959705353,6.368111134,4.923395157,4.923395157,5.597574711,5.062724590,5.763532162,4.985801220,5.859550953,4.947339535,4.985801220,7.559065819,4.947340012,7.871157646,7.859573364,7.846300602,7.844365597",TLS.WhatsApp,91.142,1,Acceptable,Chat,6,DPI,"" +1,ip4,192.168.2.12,31.13.86.48,udp,56328,3478,finished,12,20,1561455706912375,1561455731523132,1561455731536124,6,0,126,278,792,1833,0,1,1588209.8,12196243,3050402.8,9304956469248.0,3.2,"61,13448,128,12194152,12196243,104402,58,105108,1,108628,104619,3043264,3048902,3100925,3096031,3015294,3016553,2001940,2156,107078,164036,190107,88523,28769,198646,133957,3008088,90958,35571,314,36546",30,110.0,306,87.2,7598.9,4.6,"154,154,72,72,34,30,154,154,72,72,34,30,34,30,34,30,34,30,74,54,232,261,240,150,306,234,302,34,30,154,154,72","6,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,6,0,1,0,0,3,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,1,1,0,1,0,0,1","6.541143417,6.523254871,5.258596897,5.258596897,4.628356934,4.453236580,6.497281075,6.520071030,5.203041553,5.130857468,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,4.628356934,4.453236580,5.668909073,5.185353279,6.995151520,7.135284424,7.074851990,6.635347366,7.304471493,6.999480724,7.242955685,4.628356934,4.453236580,6.523254871,6.523254871,5.230819225",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"" +1,ip4,91.252.56.51,192.168.2.12,udp,32704,56328,finished,18,14,1561455730495456,1561455733316995,1561455733325980,26,0,171,273,1873,1869,0,2,182324.6,1203723,228895.9,52393320448.0,4.2,"578236,623635,1203723,72457,167216,11596,115693,158378,2,172820,173607,169808,156213,136586,155315,179817,99336,157427,38286,163380,181314,166574,142422,2967,25967,115313,6126,171847,106305,56249,143448",54,144.9,301,51.7,2672.5,4.9,"72,72,72,72,72,72,199,260,150,161,301,137,159,159,133,149,136,150,172,164,155,159,164,170,150,54,150,150,156,150,139,179","1,4,0,8,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,2,0,4,6,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,0,0,1,0,0,1,0,1,0,1,0,1,1,0,1,0,1,0,1,1,0,0,0,1,0,0,1","5.523683071,5.551460743,5.523683071,5.586590290,5.513198376,5.558812618,6.900094032,7.080634594,6.725411892,6.561889648,7.326864719,6.497554302,6.712717533,6.644547939,6.493841648,6.572838783,6.470429420,6.565414429,6.709655762,6.771090984,6.675994873,6.701801777,6.747565746,6.673988342,6.480553150,5.199332237,6.648680687,6.585022449,6.694502831,6.592251301,6.568360806,6.807644844",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5" diff --git a/test/results/flow-analyse/waze.pcap.out b/test/results/flow-analyse/waze.pcap.out new file mode 100644 index 000000000..9115ac426 --- /dev/null +++ b/test/results/flow-analyse/waze.pcap.out @@ -0,0 +1,6 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.8.0.1,65.39.128.135,tcp,54915,80,finished,16,16,1435587867755556,1435587873023451,1435587873023894,0,0,263,11779,263,60924,0,2041,339878.5,3680611,884676.9,782653259776.0,2.8,"3747,3915,21835,22372,3677989,3680611,286073,284297,338879,393453,330278,329396,54620,2041,179324,179523,2610,51219,50746,3092,28507,76268,51141,51323,122745,73523,10248,59104,52582,58295,56477",40,1952.7,11819,3090.5,9551440.0,3.5,"60,40,40,303,40,1408,40,2776,40,5512,40,8248,40,2673,40,1408,40,1408,40,9616,40,2776,40,5512,40,5512,40,2776,40,11819,40,40","15,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,10","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.427644730,4.730641365,4.680641174,5.499622345,4.630641460,7.039453506,4.630641460,6.947220325,4.630641460,5.584113598,4.680641174,6.835184574,4.680641174,6.998500347,4.580641747,3.024588346,4.630641460,6.950185776,4.730640888,6.195324898,4.680641651,6.552656651,4.680641174,1.660765886,4.730641365,1.651001215,4.730640888,1.384768248,4.611768723,1.660717368,4.680640697,4.680641174",HTTP,7,0,Acceptable,Download,6,DPI,"4" +1,ip4,10.8.0.1,46.51.173.182,tcp,36100,443,info,16,16,1435587868634159,1435587873119875,1435587873120117,0,0,536,5461,3221,13199,0,169,289408.8,1658841,505049.6,255075106816.0,3.3,"1230,10859,357221,367097,474392,475318,8069,9038,265872,317654,51992,865,554,304,254,1430075,1483289,119461,172808,51439,51948,1420,901,467,433,340,381,1601922,1658841,169,57061",40,553.8,5501,1270.8,1615041.0,3.0,"60,40,40,222,40,3187,40,366,40,274,189,40,576,40,101,40,5501,40,189,40,576,40,576,40,576,40,101,40,4397,40,189,40","5,2,0,0,3,1,0,0,0,0,1,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,1,0,0,1,0,1,0,1,0,1,0,1,1,0,0,1","4.346510887,4.684184074,4.665311813,5.227974892,4.665312290,7.402610779,4.615312099,7.299519062,4.665312290,7.035841465,6.858353615,4.615312099,7.612000942,4.665312290,6.077723026,4.615312099,7.960921764,4.665311813,6.823141098,4.596440315,7.582696438,4.615312099,7.667782307,4.615312099,7.607909679,4.665312290,6.192669392,4.665312290,7.950992584,4.615312099,6.755126476,4.615312099",,,,,,,,"" +1,ip4,10.8.0.1,52.17.114.219,tcp,39021,443,finished,16,16,1435587878215938,1435587880855977,1435587880856912,0,0,536,21888,1024,56070,0,475,170355.3,415925,135089.4,18249146368.0,4.4,"1325,1585,226918,227495,336533,387205,51299,1169,297221,297772,252519,309444,358705,415925,755,475,490,567,254342,305451,51846,52474,211304,161331,247956,249119,81326,79510,208662,209727,563",40,1824.8,21928,4660.8,21723256.0,2.6,"60,40,40,222,40,1408,40,2163,40,174,40,274,40,189,40,576,40,63,40,1408,40,12352,40,5512,40,21928,40,11345,40,40,40,40","12,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,5","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,0,1,1","4.438340664,4.834184170,4.684184074,5.259868145,4.715312481,7.222858906,4.734184265,7.563067913,4.665312290,6.516509533,4.784184456,7.076688766,4.734184265,6.928961754,4.784184456,7.607337475,4.734184265,5.572360516,4.734184265,7.872128963,4.734184265,7.984007359,4.734184265,7.969620705,4.634184361,7.992324829,4.734184265,7.982760429,4.734183788,4.665311813,4.684184074,4.734184265",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7" +1,ip4,10.8.0.1,176.34.186.180,tcp,36312,443,info,17,15,1435587878606407,1435587882306533,1435587880854651,0,0,536,11132,1238,41633,0,330,191882.9,1449192,279549.5,78147936256.0,3.8,"2413,2787,291811,292494,279839,332432,52742,50748,425063,475681,259886,310653,731,51371,620,734,450,330,293909,545953,252820,1543,20204,21185,56923,56823,156171,205918,52727,4217,1449192",40,1380.3,11172,2994.0,8963944.0,2.9,"60,40,40,222,40,1052,40,2519,40,174,40,274,40,576,40,389,40,77,40,10160,40,8136,40,1052,40,11172,40,1052,40,6576,40,40","12,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,0","4.438340187,4.834184170,4.784184456,5.232826710,4.734184265,7.011441231,4.784184456,7.575597763,4.634184361,6.629845142,4.684184074,7.007690430,4.734184742,7.624808311,4.784184456,7.415266037,4.734184742,5.664109230,4.734184265,7.981531620,4.784184456,7.979642391,4.734184265,7.801960945,4.715312004,7.982071400,4.834183693,7.818040848,4.834183693,7.971698284,4.715311527,4.765311718",,,,,,,,"" +1,ip4,10.8.0.1,46.51.173.182,tcp,36102,443,finished,16,16,1435587868635666,1435587884544120,1435587884544651,0,0,501,3606,1600,8366,0,413,1026369.1,5890947,1778823.2,3164212035584.0,3.4,"9060,9459,461199,462055,319157,370793,51463,554,58722,59273,267346,318521,5838678,5890947,1921,3057,232692,285896,1892628,1892382,50926,52168,293028,345106,632,413,1258587,1309974,5014758,5014527,51517",40,352.1,3646,731.9,535720.0,3.4,"60,40,40,222,40,1052,40,2175,40,366,40,274,40,221,40,541,40,93,40,1052,40,3646,40,189,40,301,40,317,40,77,40,40","10,0,0,0,1,2,0,0,1,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,2,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,1","4.325758457,4.734184265,4.684184074,5.244800568,4.615312099,7.020944595,4.734184265,7.476994514,4.634184361,7.276714802,4.665312290,7.041373253,4.734184265,6.961156845,4.734184265,7.528326035,4.684184551,6.083172798,4.734184265,7.792463779,4.734184265,7.940383911,4.734184265,6.823890686,4.734184265,7.240302563,4.734184265,7.320995331,4.734184265,5.654304981,4.615312099,4.665312290",TLS.Waze,91.135,1,Acceptable,Web,6,DPI,"7,8" diff --git a/test/results/flow-analyse/webex.pcap.out b/test/results/flow-analyse/webex.pcap.out new file mode 100644 index 000000000..e3c0709d8 --- /dev/null +++ b/test/results/flow-analyse/webex.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.8.0.1,64.68.105.103,tcp,41346,443,info,17,15,1444570624853841,1444570626601155,1444570626600999,0,0,536,2720,2935,8179,0,160,112724.9,557327,156273.3,24421341184.0,3.7,"6506,6734,160,592,505708,557327,57852,60147,905,55625,257454,309311,10052,61432,845,730,299224,351252,55954,56159,800,52876,398,2835,268644,322298,52259,51930,18450,69467,546",40,387.9,2760,588.9,346810.6,3.8,"60,40,40,235,40,2760,40,1259,40,350,40,83,40,576,40,124,40,1400,40,809,40,576,40,314,40,1400,40,748,40,576,40,504","9,0,1,0,0,0,1,0,1,1,0,0,0,0,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,1","0,1,0,0,1,1,0,1,0,0,1,1,0,0,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0","4.446510792,4.665312290,4.665311813,5.481472969,4.665312290,7.284092903,4.765311718,7.073906422,4.661769390,7.186378956,4.565312386,5.608655453,4.561769009,7.664141655,4.515312195,6.329119682,4.565312386,7.871033669,4.715311527,7.782140255,4.765311718,7.598457336,4.615312099,7.304864407,4.665312290,7.852759361,4.665311813,7.733906269,4.715312004,7.600008011,4.511769772,7.572229862",,,,,,,,"" +1,ip4,10.8.0.1,64.68.105.103,tcp,41348,443,finished,16,16,1444570627404164,1444570629212279,1444570629155254,0,0,536,17966,2270,46819,0,156,114813.1,455330,125812.7,15828844544.0,4.1,"5615,6788,156,1539,404661,455330,597,51300,245810,245870,436,307,223296,274841,51601,360,302,283113,286107,84087,131768,50921,51207,56841,56675,181041,181034,56067,58557,54529,58449",40,1574.7,18006,3700.1,13691057.0,2.9,"60,40,40,267,40,169,40,83,40,576,40,519,40,1644,576,40,489,40,6840,40,1400,40,9463,40,1400,40,1400,40,18006,40,6857,40","10,1,0,0,0,0,0,1,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5","0,1,0,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.356566429,4.715312004,4.561769009,5.864259720,4.665312290,6.372766018,4.661769390,5.627577305,4.615312099,7.622731686,4.665312290,7.582412243,4.665312290,7.886265755,7.619030476,4.596440315,7.578122616,4.665312290,7.973325729,4.580641270,7.853340149,4.611769199,7.978787899,4.611769199,7.859783649,4.661769390,7.879327297,4.611769199,7.990196228,4.611769199,7.971776009,4.661769390",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"15" +1,ip4,10.8.0.1,64.68.105.103,tcp,41358,443,finished,16,16,1444570633357298,1444570635772189,1444570635721813,0,0,536,8847,959,33212,0,383,154174.4,1031495,247176.8,61096366080.0,3.8,"3053,3185,1891,2192,397016,448096,52033,52145,383,52378,209850,261823,51847,1288,975,979869,1031495,52580,53500,94069,93832,53071,53864,119063,117547,148351,147839,51431,51376,96737,96627",40,1108.5,8887,2294.9,5266403.5,3.1,"60,40,40,103,40,1400,40,2619,40,366,40,99,576,40,74,40,1400,40,8157,40,1400,40,8887,40,173,40,1400,40,6717,40,1400,40","12,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,0,0,4","0,1,0,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.446510792,4.665312290,4.665311813,5.339869976,4.565312386,7.238214016,4.665312290,7.216020107,4.615311623,7.281401634,4.615312576,5.978787422,7.616997242,4.515312195,5.692360401,4.565312386,7.861890793,4.665311813,7.976788044,4.665311813,7.858300209,4.715312004,7.979997158,4.665311813,6.756694794,4.615312099,7.862811089,4.611769199,7.975809574,4.715312004,7.874713421,4.715312004",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" +1,ip4,10.8.0.1,62.109.224.120,tcp,51155,443,finished,16,16,1444570669745822,1444570675008962,1444570675008306,0,0,474,10527,863,17665,0,142,339536.2,2214636,547768.4,300050219008.0,3.7,"14198,16626,142,3176,966820,968167,50625,52096,160025,217339,56893,151808,203416,506402,456173,506119,506174,257962,307348,51007,1799,210726,261737,55501,54303,51893,51311,2214636,2165090,3222,2890",40,619.6,10567,1915.7,3669828.5,2.5,"60,40,40,103,40,3947,40,366,40,99,514,40,258,40,1010,40,10567,40,157,40,274,40,109,40,205,40,385,40,546,40,588,40","13,1,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,1,1,1,0,1,1,1,0,0,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2","0,1,0,0,1,1,0,0,1,1,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0","4.471673965,4.784184456,4.784183979,5.354527950,4.684184074,7.260420322,4.784183979,7.246551991,4.734184265,5.886437893,7.525208473,4.734184265,7.158136368,4.734184265,7.747338772,4.784183979,7.959521770,4.784183979,6.617527962,4.784183979,7.154652596,4.834184170,6.117394924,4.834184170,6.934138775,4.784184456,7.251028061,4.734184742,7.541121960,4.784183979,7.600737572,4.834183693",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" +1,ip4,10.8.0.1,62.109.224.120,tcp,51154,443,finished,16,16,1444570669736143,1444570675113022,1444570675113218,0,0,536,3907,4673,3966,0,309,346901.8,2270107,598058.5,357673959424.0,3.3,"9053,24144,367,16512,915259,917382,50710,52699,154574,206585,52440,7882,9392,3319,2120,963298,961965,473,411,393,309,561975,562100,368561,368512,670,601,2270083,2270107,1037,1021",40,310.6,3947,685.4,469733.5,3.5,"60,40,40,103,40,3947,40,366,40,99,546,40,576,40,122,40,576,40,576,40,386,40,386,40,576,40,154,40,576,40,250,40","3,1,1,1,0,0,1,0,0,0,3,0,0,0,0,1,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.446510792,4.734184742,4.596439362,5.373945713,4.734184742,7.261288166,4.765311718,7.251562119,4.784184456,6.015275955,7.613259315,4.784184456,7.593419075,4.784184456,6.485950947,4.784184456,7.627359390,4.784184456,7.574399471,4.784184456,7.380361080,4.784184456,7.422137737,4.734184265,7.643012047,4.734184265,6.542441368,4.734184265,7.559129715,4.734184265,7.015539169,4.784184456",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" +1,ip4,10.8.0.1,62.109.229.158,tcp,51857,443,finished,16,16,1444570716599098,1444570719040525,1444570720047703,0,0,378,3907,1559,4630,0,213,190001.0,1366658,352312.5,124124102656.0,3.4,"4232,4962,6442,7614,1312624,1366658,17526,71444,145665,198977,339,53733,129549,180935,213,51454,121214,172258,51492,51164,125484,176177,50764,50844,546,1023,264310,263832,849,855,1006853",40,234.0,3947,677.2,458632.1,3.1,"60,40,40,227,40,3947,40,366,40,99,40,114,40,77,40,418,40,109,40,529,40,130,40,194,40,162,40,162,40,146,40,109","7,0,2,3,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","10,2,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1","0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,0,1,0,1,0,1,0,1,0,1,1","4.459092140,4.834184170,4.784183979,5.220240593,4.734184265,7.263404846,4.784183979,7.281803131,4.784184456,5.980217934,4.834184170,6.198987961,4.784184456,5.680279255,4.834183693,7.512312412,4.784184456,6.181793690,4.784184456,7.433725834,4.784183979,6.433676720,4.784184456,6.824645042,4.734184265,6.550875664,4.634184361,6.555935860,4.784184456,6.391854286,4.734184265,6.211565018",TLS.Webex,91.141,1,Acceptable,VoIP,6,DPI,"7,8" diff --git a/test/results/flow-analyse/websocket.pcap.out b/test/results/flow-analyse/websocket.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/websocket.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/wechat.pcap.out b/test/results/flow-analyse/wechat.pcap.out new file mode 100644 index 000000000..f36f30abc --- /dev/null +++ b/test/results/flow-analyse/wechat.pcap.out @@ -0,0 +1,18 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.103,203.205.151.162,tcp,54089,443,finished,16,16,1492167353687624,1492167356095248,1492167356095234,0,0,1240,5826,4717,16498,0,287,155330.1,410564,180667.8,32640860160.0,3.8,"361610,361650,376,378130,3564,381307,56857,56856,287,287,2657,376606,375028,3327,373835,38287,2818,410564,21157,3298,393374,30885,401110,383706,785,383140,2859,2894,5754,1113,1113",52,715.5,5878,1101.2,1212669.6,3.9,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,219,52,1225,429,52,250,1140,1480,1480,52,1480,1480,52,5878,52","9,0,0,1,0,0,0,1,0,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,1,0,0,0,0,0,0,0,0,0","4,1,0,0,0,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,1","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,1,1,0,1,1,0,1,0","4.726680756,5.187538624,5.014835835,5.834213257,5.171407223,6.822011948,4.961856842,7.516278267,5.025067806,7.308955193,4.986606121,6.311928749,5.841652393,7.825830460,7.553427219,5.094483852,7.883197308,6.999384403,4.986606121,7.834380150,7.373102665,5.171406746,7.071372032,7.838574886,7.869080067,7.888019085,4.948144436,7.880359650,7.858109951,5.025067806,7.967877865,5.132945538",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54094,443,finished,18,14,1492167378674770,1492167386718697,1492167385566065,0,0,1240,1688,8227,6835,0,435,481781.3,4544256,1044110.9,1090167570432.0,3.2,"359228,359315,435,360585,1948,362066,491,468,3580,359717,357128,3318,369214,32832,2766,400529,15038,3260,381959,38044,403106,2395,369120,36996,438834,4139732,3287,4544256,34139,398836,1152600",52,523.2,1740,556.0,309130.7,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,221,52,1225,429,52,250,1292,527,52,988,52,1292,527,52,989,52,1220","7,0,0,1,0,0,0,1,0,0,0,1,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0","6,1,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0","4.605928421,5.108290672,5.014834881,5.876290798,5.094483376,6.803863049,5.053297043,7.616803169,4.972088814,6.308379173,5.995617867,7.811126232,7.530417919,5.171407223,7.866411686,7.065956593,5.063529015,7.814155579,7.416600704,5.171407223,7.067113400,7.817794323,7.516748905,5.171407223,7.779650211,5.025067329,7.859876633,7.574586868,5.176993370,7.802303791,5.025067806,7.850266933",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54095,443,finished,18,14,1492167378926091,1492167387133549,1492167385164247,0,0,1240,8225,6431,15757,0,438,465987.6,3383945,827194.4,684250497024.0,3.4,"353750,353837,953113,1178147,225005,127739,4445,132165,453,438,626,638,1531,362180,361114,370977,4561,375090,3297,3310,3017858,3341,3383945,31235,408978,7414,382158,34643,434308,1925965,3353",52,746.1,8277,1463.3,2141136.5,3.6,"60,60,52,290,60,52,52,1480,52,1480,52,312,52,178,103,1139,1480,1480,52,8277,52,1292,527,52,1363,1225,429,52,250,52,1292,527","9,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0","5,1,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,4,0,0,1","0,1,0,0,1,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,0,1,1,0,0,1,1,0,0,0","4.726680756,5.187539101,5.014835358,5.881073475,5.174957275,4.976373672,5.171406746,6.805123806,4.976373672,7.508996010,5.025067806,7.162304878,5.025067806,6.445491314,5.965487480,7.807569027,7.879969597,7.864712715,4.986606121,7.977176189,5.025067806,7.830005169,7.567298412,5.094483376,7.875021458,7.841088295,7.461124897,5.132945061,7.021474361,5.025067806,7.846213341,7.502761364",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,203.205.151.162,192.168.1.103,tcp,443,54058,finished,16,16,1492167353674975,1492167387855952,1492167387536614,0,0,198,1188,1584,9504,1,67,2194923.0,11774429,3337575.2,11139408723968.0,3.8,"67,1713342,2033838,5903,326356,805535,1165376,11414547,11774429,393649,716591,9325022,9647966,1906296,2225757,6412,325847,425651,784494,2983400,3342263,487827,806732,9168,328050,421461,782117,1181667,1542348,420552,739953",52,398.5,1240,492.5,242574.8,4.0,"250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52,250,52,1240,52","8,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,1,1,0","7.178055763,5.101991177,7.840975285,5.162476063,7.144028187,5.025067806,7.842404366,5.138531685,7.054569721,5.063529491,7.824712276,5.138531685,7.172506809,5.171406746,7.844462872,5.138531685,7.113152027,5.041504860,7.832453728,5.100070000,7.041498184,5.094483852,7.836290359,5.138531685,7.090556145,5.132945538,7.813812256,5.138531685,6.974005222,5.118428230,7.850635529,5.124014854",TLS,91,1,Safe,Web,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54097,443,finished,19,13,1492167400812629,1492167418885540,1492167414163142,0,0,1240,1688,8690,5502,0,652,1013658.8,6862195,1947754.9,3793749016576.0,3.1,"362688,362730,698,359771,652,359747,1773,1754,3156,359980,358071,7205,373852,64622,431388,4503,369570,39986,442333,4042219,3253,4448907,74384,439211,6493521,3286,6862195,32133,397513,4719084,3239",52,496.0,1740,523.8,274414.8,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1220,521,52,283,1292,527,52,988,52,1220,511,52,283,52,1292,527,52,989,52,1220,516","7,0,0,1,0,0,0,1,0,0,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,2,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0","4.693346977,5.208290577,5.053297043,5.889862537,5.094483852,6.800672054,5.014835835,7.599623203,4.948144436,6.376589775,6.023739815,7.844972134,7.566354275,5.091758728,7.215152264,7.841954708,7.609091282,4.979098797,7.780104637,5.063529015,7.807397842,7.520520687,4.948143959,7.157586575,5.026988506,7.822068691,7.580903053,5.176993370,7.824234486,5.025067329,7.837800980,7.490112305",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54098,443,finished,19,13,1492167401063693,1492167421570947,1492167421929069,0,0,1240,1688,7047,5272,0,539,1334601.0,6095000,2041764.4,4168801845248.0,3.5,"346826,346918,899535,1092804,193235,160456,1799,162254,554,539,2941,351941,387151,4178860,3305,4577735,29191,386626,5733723,3651,6095000,83021,440653,5485473,3274,5845918,30151,387318,1889056,2742,2249980",52,437.7,1740,521.0,271486.5,4.1,"60,60,52,290,60,52,52,1480,52,1740,52,178,103,52,1292,527,52,989,52,1220,508,52,283,52,1292,527,52,989,52,1220,513,52","9,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0","7,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1","0,1,0,0,1,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1","4.760014057,5.220871925,5.000318050,5.874381065,5.254205227,5.053296566,5.118428230,6.815816879,4.983880520,7.609316826,4.930902004,6.376590252,5.910619259,5.025067806,7.831663132,7.556474686,4.961856365,7.782391071,4.983880520,7.816404343,7.565681934,5.094483852,7.163718224,5.063529015,7.819398880,7.535512924,5.132945538,7.794347763,5.101990700,7.811570168,7.574221134,5.100070000",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,172.217.22.14,tcp,38657,443,finished,16,16,1492167342893680,1492167433192261,1492167433240018,0,0,829,1418,1283,5138,0,53,5827255.0,45056034,15096891.0,227916113772544.0,2.0,"48172,48219,208,52487,725,52995,2368,2380,502,490,4525,7884,13634,51249,2766,53,28029,293,26129,2791,10149,38903,378,801,249,45379,2766,45043937,45047542,45056034,45052882",52,253.2,1470,422.2,178253.9,3.7,"60,60,52,274,52,1470,52,1470,52,1428,52,137,97,881,322,100,86,52,82,52,82,558,52,90,90,86,52,52,52,52,52,52","10,3,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","8,3,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,0,0,1,1,1,0,0,1,1,1,0,1,0,0,1,1,0,1,0,1","4.605927944,5.281730652,4.945419312,5.680894375,5.026988029,6.433983326,4.853978634,7.138501167,4.858624458,7.442424297,4.897086143,6.106687546,5.925421238,7.741159916,7.131931782,5.977149487,5.818537235,4.911602974,5.724431038,4.988526344,5.642052650,7.611984253,4.873141289,5.899595737,5.749487400,5.581253052,4.988526344,5.026988029,4.858624458,5.026988029,4.897086143,5.026988029",TLS.Google,91.126,1,Acceptable,Web,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54099,443,finished,16,16,1492167452759446,1492167455588916,1492167455588897,0,0,1240,1688,6267,10981,0,470,182545.8,469392,189984.8,36094242816.0,4.0,"366115,366204,470,368626,765,368875,8160,8175,3097,367881,365600,3239,378746,92724,1992,469392,27762,1703,407097,30016,408635,3752,397818,10943,404654,396022,789,396156,518,1239,1756",52,591.5,1740,612.0,374517.1,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1480,330,52,1225,429,52,250,1225,429,52,250,1140,1480,1480,52,1480,1480,52","7,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0","5,1,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,6,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,1,1,0,1,1,0","4.693346977,5.074957371,4.839769840,5.845041752,5.171406746,6.800355911,5.053297043,7.610657692,4.986605644,6.235470772,5.957188606,7.840703964,7.543376446,5.056021690,7.864466667,7.286510468,5.025067329,7.818862438,7.434236050,5.041504860,7.005474091,7.809962749,7.378694057,5.056022167,7.067446709,7.836442947,7.850297451,7.840147018,4.909682751,7.856178284,7.859716892,4.986605644",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54103,443,info,15,17,1492167454818522,1492167456832685,1492167456833193,0,0,1088,3068,2540,21943,0,485,129962.4,646724,181880.5,33080510464.0,3.5,"360844,360859,1106,320164,2049,321124,836,835,489,485,2516,331784,329811,339551,757,339771,547,4542,5088,2482,2487,1143,1132,271360,646724,757,376133,549,914,1456,539",52,817.6,3120,861.6,742326.2,4.2,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1140,1480,1480,52,1480,1480,52,2908,52,3120,52,1140,1480,1480,52,1480,1480,52,1480","11,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0","2,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,11,0,0,2","0,1,0,0,1,1,0,1,0,1,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,1,1,0,1,1,0,1","4.726680756,5.220871925,5.014835358,5.858064651,5.079967022,6.831523418,5.053297043,7.519194603,5.025067329,7.301003456,5.025067329,6.369594574,5.816505909,7.860216618,7.880475521,7.853042603,5.063529015,7.867065430,7.870931625,5.025067806,7.935112953,5.025067806,7.943042755,4.986606121,7.835324287,7.881664753,7.863303185,5.017560005,7.863364220,7.864516258,5.132945061,7.866506577",,,,,,,,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54101,443,finished,17,15,1492167454457964,1492167457755437,1492167457756747,0,0,1240,1688,6267,9439,0,383,212782.5,951677,233185.6,54375542784.0,4.0,"378875,378978,383,354036,2419,355982,2806,2818,1046,367448,367322,4404,365806,31144,394889,3196,367851,55930,2766,420112,17934,846,381296,34840,434328,543113,951677,371599,549,523,1340",52,543.3,1740,599.1,358890.2,4.1,"60,60,52,290,52,1480,52,1740,52,178,103,1225,429,52,250,1292,527,52,1480,216,52,1225,429,52,250,52,1140,1480,52,1480,52,1480","8,0,0,1,0,0,0,1,0,0,0,2,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,2,0,1,0,0,0,0,0,0,0,0,0","5,1,0,0,0,1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,1,0,0,0,1,1,0,0,1,0,1,0,1","4.714098930,5.162375927,5.053297043,5.901997566,5.094483376,6.795276642,5.014835358,7.609866619,4.988526344,6.379345417,6.050486088,7.830496788,7.398893356,5.094483852,7.075847626,7.833686829,7.562863827,5.130220413,7.881128788,6.984771252,5.025067329,7.832070827,7.381729126,5.056022167,7.076413155,5.025067806,7.815702915,7.858382225,5.063529015,7.880737305,5.063529015,7.870216846",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54113,443,finished,17,15,1492167639887918,1492167648260043,1492167648882009,0,0,1240,1428,6405,7218,0,441,560200.5,6615415,1552002.6,2408711979008.0,2.6,"315233,315308,441,318358,1918,319817,471,453,1116,1109,2559,316619,315146,4640,327259,29671,2699,353912,21653,4624,349989,32226,392645,18020,3295,380639,36894,359501,6259002,6615415,265584",52,478.2,1480,547.1,299293.4,4.1,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,250,52,1292,527,52,989,52,1113,52,1480","8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0","6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,0,1,1,0,0,1,1","4.726680279,5.174957275,5.014835358,5.912752151,5.171406746,6.803393364,5.091758728,7.515910149,5.101990700,7.309720993,5.063529491,6.343719959,6.031068325,7.837167740,7.550827026,5.056021690,7.882212639,6.268015385,4.972088814,7.844335079,7.397187710,5.132945061,7.032490730,4.986606121,7.848376274,7.566510677,5.171406746,7.791433334,5.101990700,7.786844254,5.101990700,7.872010231",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54117,443,finished,18,14,1492167695237173,1492167705300255,1492167705261666,0,0,1240,1428,7069,5502,0,370,647986.3,7806976,1838759.0,3381034745856.0,2.5,"325248,325323,463,328002,697,328217,391,370,3942,3944,2661,325903,324620,3183,337595,77061,411866,3780,340251,28032,402656,7430680,3764,7806976,79928,412549,2872,372,340125,30342,405762",52,445.3,1480,494.6,244586.2,4.2,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1220,524,52,283,1292,527,52,988,52,1220,519,52,283,52,1292,527,52,989,52","8,0,0,1,0,0,0,1,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,0,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0","4.726680756,5.166786671,4.923395157,5.822334766,5.056022167,6.820251465,4.976373672,7.498965263,5.063529015,7.153721809,4.986605644,6.368108273,5.946069717,7.809127331,7.498535156,5.079966545,7.165245056,7.848978043,7.591750145,5.132945061,7.798501968,5.025067329,7.830883980,7.537351131,5.094483852,7.078479767,5.063529015,7.846497536,7.503941059,5.100070000,7.783425808,5.025067329",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,224.0.0.251,udp,5353,5353,finished,32,0,1492167338426301,1492167713329924,1492167338426301,40,0,40,0,1280,0,0,304,12093665.0,183800554,33303494.0,1109122757951488.0,2.6,"304,1000351,2000370,14687423,324,1000207,2000433,21831590,431,1000458,2000811,26318928,434,1000298,2000470,41917186,377,1000169,2000682,183800554,363,1000944,2000954,33299722,386,1000653,2000531,29036990,312,1000238,2000730",68,68.0,68,0.0,0.0,5.0,"68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68,68","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4.271901131,4.271901131,4.271901131,4.242489338,4.271901131,4.271901131,4.271901131,4.271901131,4.271901131,4.271901131,4.271901131,4.271901131,4.242489338,4.242489338,4.242488861,4.271901131,4.271900654,4.271900654,4.231388092,4.271900654,4.271901131,4.242489815,4.242488861,4.271901131,4.271901131,4.271901131,4.271901131,4.271901131,4.271901131,4.271901131,4.224178791,4.224178791",MDNS,8,0,Acceptable,Network,6,DPI,"" +1,ip6,fe80::7a92:9cff:fe0f:a88e,ff02::fb,udp,5353,5353,finished,32,0,1492167338426352,1492167713329983,1492167338426352,40,0,40,0,1280,0,0,285,12093665.0,183800433,33303466.0,1109120811794432.0,2.6,"285,1000432,2000369,14687365,298,1000306,2000399,21831547,409,1000568,2000773,26318883,413,1000363,2000495,41917120,347,1000193,2000827,183800433,319,1000975,2001003,33299664,360,1000743,2000515,29036936,291,1000323,2000677",88,88.0,88,0.0,0.0,5.0,"88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88,88","0,32,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181,3.772605181",MDNS,8,0,Acceptable,Network,6,DPI,"" +1,ip4,192.168.1.103,203.205.151.162,tcp,54119,443,finished,17,15,1492167720101930,1492167729700517,1492167729700473,0,0,1240,1428,6405,7217,0,333,619262.2,7132743,1664228.6,2769657004032.0,2.7,"356187,356245,409,353317,672,353556,677,668,333,334,2390,365567,364474,5597,381303,26713,2760,403898,13549,5018,378842,57192,418881,4165,370546,28172,433154,6695589,7132743,143519,540660",52,478.2,1480,547.1,299307.7,4.1,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1292,527,52,1480,112,52,1225,429,52,249,1292,527,52,989,52,1113,52,1480,52","8,0,0,1,0,0,0,1,0,0,0,1,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,0,2,0,0,0,0,0,0,0,0,0","6,2,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,1,1,1,0,0,0,1,1,0,0,1,1,0,0,1,1,0","4.614099026,5.054205418,4.784065247,5.803813457,5.041504860,6.789727688,4.976373672,7.508995056,4.909682751,7.239485741,4.948143959,6.283991337,5.914185047,7.847993851,7.497515678,5.056021690,7.882184505,6.223571301,4.818242073,7.846398354,7.468954086,5.094483852,7.143380165,7.812929153,7.551878452,5.132945061,7.789383411,4.948144436,7.801686287,4.986605644,7.883557796,4.871221066",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.147.171,tcp,58038,443,finished,19,13,1492167776953879,1492167781392220,1492167781372855,0,0,1240,1688,8609,6923,0,433,285719.9,2508511,565344.7,319614582784.0,3.4,"266637,266706,433,272250,1305,273110,594,572,2940,271769,269630,3217,281421,29714,327642,3217,299639,37418,350851,50937,3180,368575,30208,307140,2227616,3191,2508511,50935,328714,16106,3139",52,537.9,1740,561.4,315202.6,4.2,"60,60,52,290,52,1480,52,1740,52,178,103,1292,527,52,1357,1225,429,52,250,52,1292,527,52,990,52,1292,527,52,1367,52,1225,429","7,0,0,1,0,0,0,1,0,0,0,2,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,3,0,0,0,0,0,0,0,0,0","6,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,1,0,0,1,0,0,1","0,1,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0","4.726680279,5.287539005,5.053297043,5.856728077,5.094483852,6.784938335,4.976374149,7.592500210,4.986606121,6.312986374,5.936172009,7.837973118,7.533455849,5.132945538,7.845239639,7.816359520,7.375327110,5.132945538,7.120093346,4.986605644,7.828961372,7.600332737,5.079966545,7.769877911,4.933627129,7.832687378,7.593090057,5.138531685,7.868632793,4.933627605,7.822371960,7.393807888",TLS.WeChat,91.197,1,Fun,Chat,6,DPI,"" +1,ip4,192.168.1.103,203.205.147.171,tcp,58040,443,info,20,12,1492167865975033,1492167868793020,1492167868783731,0,0,1428,1428,12291,3489,0,11,181506.0,1577028,351924.9,123851137024.0,3.2,"268280,268366,474,270444,798,270739,392,385,993,969,2788,273097,271415,164,26,13,12,11,1155,289376,22800,22424,9724,380702,1255603,4960,1577028,73342,350958,5989,3258",52,545.6,1480,599.0,358844.3,4.1,"60,60,52,290,52,1480,52,1480,52,312,52,178,103,1232,1480,1480,1480,1480,1480,315,52,52,52,143,52,1220,513,52,283,52,1292,527","7,0,0,1,0,0,0,1,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,1,0,0,0,0,0,5,0,0,0","6,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0","0,1,0,0,1,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,1,1,0,0,0","4.680765629,5.154205322,4.884933472,5.839785576,5.017560482,6.813761711,4.831954956,7.514670849,4.842186928,7.190687180,4.895165443,6.306419849,5.873158932,7.841919422,7.869560242,7.865934372,7.865987301,7.878506184,7.864762306,7.242313385,4.964581966,4.834680080,4.895165443,6.393952847,4.986606121,7.814539909,7.515988827,5.061608315,7.244477749,4.895165443,7.844690800,7.504737377",,,,,,,,"" diff --git a/test/results/flow-analyse/weibo.pcap.out b/test/results/flow-analyse/weibo.pcap.out new file mode 100644 index 000000000..6430977b6 --- /dev/null +++ b/test/results/flow-analyse/weibo.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.105,93.188.134.137,tcp,51698,80,finished,16,16,1463089071613246,1463089072230888,1463089072285673,0,0,450,2872,450,12066,0,21,41615.1,482409,113790.6,12948298752.0,2.5,"29171,29227,299,28208,454492,482409,111,67,13207,13244,85,48,39,29,8363,8394,90,62,24,21,24,24,26,28,15403,15440,68319,68302,68,48,54797",52,448.1,2924,693.4,480801.9,3.7,"60,60,52,502,52,57,64,1488,64,1488,64,54,72,1064,64,58,64,2924,64,280,72,54,72,1488,64,805,52,58,52,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","7,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,5,0,0,1","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650921822,5.164738178,4.955154419,5.863212585,5.062724113,5.110764980,5.095714092,7.852671146,5.095714092,7.868416309,5.090925217,5.103754044,5.134892464,7.806054115,5.090925217,5.161320686,5.102720261,7.921360016,5.071470261,7.246528625,5.126376152,5.103754044,5.164638519,7.842597485,5.090925217,5.819731712,5.091758728,5.208817959,5.022342682,7.853945732,4.945419312,7.862434864",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35804,80,finished,16,16,1463089072445053,1463089073026834,1463089073029617,0,0,432,2872,432,20099,0,38,37624.0,314329,71528.6,5116344832.0,3.5,"26765,26778,207,31365,283150,314329,2585,2590,16662,16689,12849,12816,59,38,45726,45760,5061,5035,70980,70980,5479,5518,32285,32296,43007,42980,3236,3222,2548,2543,2807",52,696.7,2924,831.3,691142.8,4.0,"60,60,52,484,52,566,52,1488,52,2924,52,1488,52,1064,64,1488,52,879,52,566,64,2924,64,1488,64,1488,64,1488,64,1488,64,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,2","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.617588520,5.152156830,5.032077789,5.890464306,5.154164791,5.706288815,4.916693211,7.828411579,4.937911987,7.932244301,5.014835358,7.871539593,4.923395157,7.816699505,4.954130173,7.861829758,4.937912464,7.715563297,5.014835358,5.713728428,5.028425217,7.912923336,4.977720261,7.829431534,5.059675217,7.853170395,5.059675217,7.876567841,5.090925217,7.873678684,5.028425217,7.863162994",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35803,80,finished,16,16,1463089072445019,1463089073075846,1463089073079547,0,0,420,4308,420,24521,0,151,40817.9,400547,92805.4,8612838400.0,3.2,"26749,26781,151,28232,372448,400547,6653,6652,6583,6577,15474,15480,6563,6553,9179,9174,23391,23365,49260,49303,71669,71670,3337,3323,2937,2940,2804,2796,5515,5515,3734",52,833.8,4360,1162.9,1352437.0,3.8,"60,60,52,472,52,567,52,1488,52,4360,52,1488,52,4360,52,2924,52,567,64,567,64,1488,52,1488,52,1488,64,1488,64,1488,64,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,3","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.571673870,5.052156448,4.931210041,5.882226944,4.985801697,5.695990562,4.801308155,7.757262230,4.853979111,7.951329231,4.892440796,7.858428955,4.808815479,7.951515198,4.892440796,7.937272549,4.892440796,5.696815968,5.006755829,5.720534801,5.006755829,7.871479034,4.906957626,7.880197525,4.945419312,7.866903305,5.026210785,7.865207672,4.994960785,7.858891964,4.994960785,7.845516682",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35805,80,finished,16,16,1463089072445071,1463089073791996,1463089073794639,0,0,459,1436,869,13850,0,259,86983.6,438815,119331.4,14239989760.0,3.8,"26772,26783,259,31384,276129,307295,6901,6886,153887,153903,2935,2946,375915,438815,4367,67220,2924,2959,31457,31439,138473,138467,6109,6114,4495,4505,193484,193526,28775,28708,2661",52,514.0,1488,578.7,334896.4,4.1,"60,60,52,462,52,563,52,1012,52,563,64,1012,64,511,52,480,52,1488,52,480,64,1488,52,1488,52,1488,52,1488,64,1488,52,1488","14,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,0,0,0,0,0,0,0,0,0,0,0,0,2,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,7,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.717588902,5.118823528,5.032077789,5.908517361,5.014835358,5.756928444,5.008133411,7.799871445,4.969672203,5.727755070,5.022979259,7.804618359,4.991729736,5.911708832,5.115703106,5.816450596,5.000318527,6.365411758,5.053297043,5.822424412,5.122175217,7.722197533,5.053297043,7.724967480,5.091758728,7.731284142,5.053297043,7.722201347,5.153425217,7.742957592,5.053297043,7.725163937",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35807,80,finished,16,16,1463089073321163,1463089073801051,1463089073804152,0,0,484,1436,484,18086,0,142,31060.5,183686,54622.5,2983621632.0,3.4,"62151,62179,142,161101,22711,183686,5733,5740,2565,2546,10538,10551,5220,5299,3225,3182,2451,2404,5526,5539,2866,2854,2576,2563,4789,4821,162100,162064,26294,26318,3143",52,633.2,1488,674.0,454231.7,4.1,"60,60,52,536,52,479,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,479,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.684255600,5.152156830,4.993616104,5.845283031,5.077241421,5.771981716,5.032077789,7.798841476,5.014835358,7.818611622,5.091758728,7.745497227,5.091758728,7.718579292,5.091758728,7.835317612,5.014835358,7.586729527,5.091758728,7.852894306,5.053297043,7.826751709,5.091758728,7.851661682,4.969671726,7.833436489,5.053297043,5.785848141,5.090925217,7.852241993,5.014835835,7.846589088",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" +1,ip4,192.168.1.105,93.188.134.246,tcp,35809,80,finished,16,16,1463089073334322,1463089073888564,1463089073891278,0,0,473,1436,473,18114,0,137,35845.1,252228,55584.3,3089619200.0,3.8,"50173,50197,137,181460,70884,252228,2685,2690,2552,2523,4210,4257,31840,31804,8134,8135,11411,11401,8727,8746,2645,2641,7148,7148,13606,13617,66334,66313,92394,92405,2753",52,633.7,1488,673.8,454044.4,4.1,"60,60,52,525,52,493,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,1488,52,493,64,1488,52,1488","15,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1","4.650922298,5.152156830,4.993616104,5.858173847,5.077241421,5.751578331,5.032077789,7.309309959,5.014835358,7.854790211,5.053297043,7.861942291,4.976373672,7.880206108,5.014835358,7.834024906,4.976373672,7.858521461,5.000318050,7.864043236,5.053297043,7.880113125,4.937911987,7.884674549,4.923395157,7.850847721,5.014835358,5.755910873,5.090925217,7.855472088,5.053297043,7.856210232",HTTP.Sina(Weibo),7.200,0,Fun,SocialNetwork,6,DPI,"" diff --git a/test/results/flow-analyse/whatsapp.pcap.out b/test/results/flow-analyse/whatsapp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/whatsapp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/whatsapp_login_call.pcap.out b/test/results/flow-analyse/whatsapp_login_call.pcap.out new file mode 100644 index 000000000..5c618d742 --- /dev/null +++ b/test/results/flow-analyse/whatsapp_login_call.pcap.out @@ -0,0 +1,7 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.4,17.178.104.12,tcp,49201,443,info,18,14,1432582227604482,1432582229309355,1432582229616362,0,0,1440,1440,6486,6050,0,9,119895.3,712466,179472.3,32210292736.0,3.4,"281831,283163,8705,294373,1121,35,286034,828,475,587,39758,240,307,326381,1436,373,2981,289942,5828,471,9,317531,1875,68938,587,382640,405162,707,17,712466,1952",40,432.9,1480,595.1,354099.2,3.8,"64,52,40,230,1480,1480,571,40,40,40,40,307,46,77,40,40,40,83,40,1480,1480,153,40,40,1480,1196,40,1480,1480,153,40,40","9,1,0,2,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0","8,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,0,0,1,1,1,1,0,0,0,0,1,1","4.541277409,4.887659073,4.715312004,5.559735775,7.184122086,7.417570591,6.899518967,4.931687355,4.881687641,4.931686878,4.765311718,7.230942249,4.759187222,5.742031574,4.834183693,4.834183693,4.834183693,5.811724186,4.931686878,7.864183426,7.878191471,6.699968815,4.684184074,4.684184074,7.862710953,7.817599297,4.931687355,7.865705967,7.847981453,6.673823357,4.784183979,4.834183693",,,,,,,,"" +1,ip4,192.168.2.4,184.173.179.37,tcp,49202,5222,finished,17,15,1432582227643274,1432582230649748,1432582230614203,0,0,201,78,1159,445,0,0,192819.5,709350,172077.7,29610717184.0,4.4,"153871,242175,244771,708056,709350,35643,213202,306,145666,324955,262756,250323,148242,98446,249378,163432,164508,351063,174021,177975,4,178327,331,171720,16,302683,276,301856,4,0,204047",52,102.8,253,60.8,3698.6,4.8,"64,60,52,52,218,130,73,52,52,253,84,71,73,52,227,84,52,118,84,184,84,84,186,52,85,85,252,52,85,85,85,118","9,0,2,0,2,2,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","4,10,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,1,0,0,0,1,0,1,0,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1,1,0","4.535581589,5.323234558,5.284870625,5.118428230,6.648615837,6.247110844,5.434191704,5.231892109,5.169486046,7.074976444,5.807060719,5.762281895,5.680767059,5.207947731,7.065171242,5.820694447,5.246409416,6.336829185,5.802911282,6.766283989,5.781786919,5.740469933,6.833239079,5.270353794,5.863435745,5.886964798,7.017980099,5.284870625,5.854554653,5.807495594,5.816376686,6.257439613",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" +1,ip4,192.168.2.4,17.173.66.102,tcp,49204,443,finished,17,15,1432582230648273,1432582231572130,1432582231504448,0,0,1440,948,5225,2717,0,15,57420.4,246332,88943.3,7910914560.0,3.4,"139279,206534,8183,215650,62,2706,195534,776,251,20,1876,267,2144,191589,2382,13135,3735,6431,14684,18,200945,301,63298,290,2226,246332,5270,14887,15,241033,179",40,289.3,1480,408.5,166890.9,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,517,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.510027409,4.810735703,4.684184074,5.952049732,4.734184265,5.970739841,5.673912525,4.881687164,4.931687355,4.715708733,5.638134956,7.848487854,7.566340446,7.617396355,4.784183979,4.784183979,4.715312004,4.784183979,4.684184551,7.790213585,7.442604542,4.812815189,4.762814999,7.877933502,7.577860355,7.608998775,4.634183884,4.734184265,7.790307522,7.455507755,4.831687450,4.831687450",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15" +1,ip4,192.168.2.4,91.253.176.65,udp,51518,9344,finished,17,15,1432582258730153,1432582260754649,1432582260775626,26,0,309,289,3471,2001,0,44,131289.3,352421,70223.6,4931354624.0,4.7,"85532,95222,66134,60379,102693,208383,184141,159624,139073,188537,352421,23426,152856,55080,31139,91630,61,141160,44,163250,159227,188593,161930,163639,162107,156758,164890,143228,181638,163297,123877",50,199.0,337,98.8,9763.6,4.8,"72,72,328,72,72,301,211,297,234,301,206,134,50,235,185,134,123,54,246,54,260,120,337,103,301,103,305,229,306,317,315,291","1,2,1,1,0,1,1,1,7,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,3,1,1,1,3,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,0,1,0,1,0,0,1,1,0,1,0,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1","5.642145634,5.662571430,7.306882858,5.607016087,5.619208336,7.276579380,6.918804169,7.219153404,7.014481544,7.348511696,6.906354427,6.461464405,5.083854198,6.954874992,6.766034603,6.415629864,6.367953777,5.205786228,7.119737148,5.148316383,7.136041164,6.350277901,7.294374466,6.069901943,7.367813587,6.103599548,7.328564644,7.015753746,7.285601139,7.344736099,7.265763760,7.231878281",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.2.4,91.253.176.65,udp,52794,9665,finished,16,16,1432582303300524,1432582305119064,1432582305008654,26,0,278,200,1888,1727,0,40,113763.5,307394,86013.0,7398240768.0,4.5,"304269,307394,8384,89918,31917,6521,226162,154173,40,188009,271,163937,163420,160100,21775,153703,73,168136,122602,138908,158523,186698,16232,65895,114250,83709,193240,164541,1311,77123,55436",54,141.0,306,58.8,3453.3,4.9,"72,72,72,72,72,134,124,306,167,54,232,134,228,212,103,134,151,54,172,156,161,172,156,134,114,140,205,140,209,54,134,171","1,3,0,6,3,1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,2,2,3,4,2,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,1,1,0,0,1,0,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,1,0,0","5.586590290,5.634793758,5.591430664,5.548327923,5.614367962,6.343744755,6.353155136,7.262660980,6.708292484,5.199332714,6.977910042,6.582841873,7.061330318,6.964643955,6.193738461,6.469698906,6.640622616,5.205786228,6.713893890,6.594544411,6.678621769,6.732760429,6.737264633,6.418371201,6.335039139,6.527385712,6.871919632,6.504805565,6.851323605,5.199332714,6.565941334,6.741304874",STUN.WhatsAppCall,78.45,0,Acceptable,VoIP,6,DPI,"5" +1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,finished,17,15,1432582355253275,1432582356195572,1432582356100109,0,0,1440,948,5224,2717,0,11,57713.9,271808,91895.6,8444797952.0,3.3,"139873,225073,4218,228888,70,2672,200693,278,1388,194,2268,310,435,198176,1008,14244,4721,5042,13250,23,199875,308,34695,427,52,217025,5837,15994,11,271808,275",40,289.3,1480,408.5,166876.7,3.9,"64,52,40,267,40,132,77,40,40,46,77,1480,516,596,40,40,40,40,40,988,386,40,40,1480,526,596,40,40,988,386,40,40","9,1,0,0,0,0,0,1,0,0,0,0,0,0,1,1,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0","9,1,1,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,1,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0","4.478777409,4.849197388,4.715312004,5.931038380,4.784183979,6.049894810,5.799257278,4.881687164,4.881687164,4.802665710,5.737505436,7.869925976,7.601890564,7.659376144,4.834184170,4.884183884,4.884183884,4.834183693,4.834183693,7.790913582,7.529675484,4.881687164,4.931687355,7.881880760,7.552830696,7.654625893,4.834183693,4.884183884,7.775795460,7.413623333,4.931687355,4.881687164",TLS.AppleStore,91.224,1,Safe,SoftwareUpdate,6,DPI,"15" diff --git a/test/results/flow-analyse/whatsapp_login_chat.pcap.out b/test/results/flow-analyse/whatsapp_login_chat.pcap.out new file mode 100644 index 000000000..cb6811915 --- /dev/null +++ b/test/results/flow-analyse/whatsapp_login_chat.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.4,17.173.66.102,tcp,49205,443,finished,17,15,1432582381179399,1432582384764367,1432582384691063,0,0,1440,948,11339,3880,1,3,228923.6,3030585,711161.6,505750847488.0,2.0,"307,68,156057,6041,20562,3,205015,214,59650,355,76,237850,6388,13739,3,246436,156,2803227,690,58,155,163,149,3030585,5762,13968,11,3,10327,10365,268249",40,515.6,1480,518.7,269058.2,4.2,"1480,517,596,40,40,986,386,40,40,1480,524,596,40,40,988,386,40,40,1480,517,596,1480,1240,1240,40,40,988,386,40,40,40,113","4,0,1,0,0,0,0,0,0,0,0,0,0,0,2,1,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,4,0,0","9,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,1,1,1,1,0,0,0,0,0,1,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,0","7.845222473,7.564460754,7.723596096,4.884183884,4.784184456,7.802291870,7.349081993,4.781687260,4.881687164,7.891665459,7.618573189,7.589188576,4.834184170,4.884183884,7.765514851,7.364068508,4.931687355,4.931687355,7.868970394,7.635158062,7.659084320,7.869641304,7.832291603,7.869807243,4.884183884,4.884183884,7.782162189,7.393073082,4.765311718,4.815311432,4.815311432,6.363091469",TLS,91,1,Safe,Web,6,DPI,"" diff --git a/test/results/flow-analyse/whatsapp_voice_and_message.pcap.out b/test/results/flow-analyse/whatsapp_voice_and_message.pcap.out new file mode 100644 index 000000000..9bb5bee38 --- /dev/null +++ b/test/results/flow-analyse/whatsapp_voice_and_message.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,10.8.0.1,184.173.179.46,tcp,35480,443,finished,17,15,1432820558921094,1432820571925000,1432820571924969,0,0,356,415,984,706,0,61,838960.6,10748901,2599895.5,6759456964608.0,2.2,"61035,61126,147705,147918,346802,397248,61,50507,310058,310119,199799,397950,91,198181,50507,50568,386718,386688,54077,104523,50476,50446,398316,399963,10696747,10748901,336,153,244,335,183",40,93.4,455,97.6,9526.4,4.5,"60,40,40,217,40,118,40,70,40,63,40,209,40,72,40,90,40,396,40,63,40,61,40,455,40,119,40,119,40,119,40,119","9,2,4,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","12,0,1,0,0,1,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,1,1,0,0,1,0,1,0,1,1,0,1,0,1,0,0,1,0,1,0,1,0","4.392425537,4.511769295,4.684184074,6.627061367,4.630641460,6.138794422,4.734184265,5.591402531,4.580641747,5.220905781,4.561769485,6.947570324,4.734183788,5.719834328,4.580641747,5.914073467,4.630641460,7.386677742,4.580641747,5.362121105,4.684184074,5.274999619,4.734184265,7.486519814,4.615312099,6.287545204,4.580641747,6.290473938,4.580641747,6.273667336,4.580641747,6.324087143",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" +1,ip4,10.8.0.1,173.192.222.189,tcp,42241,5222,finished,15,17,1432820633802533,1432820634797314,1432820634796460,0,0,245,505,707,814,0,122,64151.9,457947,103861.5,10787211264.0,3.7,"1312,2441,29816,31189,401459,457947,56427,244,122,152,50476,50415,214,112548,112763,50812,57282,6500,274,183,50385,50538,122,50415,131042,50415,131164,122,50507,50629,793",40,88.2,545,100.3,10067.6,4.4,"60,40,40,214,40,118,40,545,70,40,40,63,40,40,65,40,62,121,40,285,40,62,64,40,94,40,58,91,40,209,40,40","10,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","14,0,1,0,0,1,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,1,0,1,0,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,0","4.459092617,4.680641651,4.784183979,6.607134819,4.630641460,6.115448475,4.665311813,7.571388721,5.552047253,4.580641270,4.630640984,5.367652893,4.630641460,4.834183693,5.504653454,4.580641747,5.300499439,6.294820786,4.630641460,7.156640053,4.530641556,5.393635750,5.481855392,4.630641460,5.938459396,4.680641651,5.375223160,5.945579052,4.611769676,6.961353779,4.834183693,4.665311813",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" +1,ip4,10.8.0.1,158.85.58.109,tcp,49721,5222,finished,16,16,1432820681899121,1432820685106122,1432820683287396,0,0,245,254,672,751,0,91,148234.7,1768433,316376.5,100094115840.0,3.4,"2014,2563,34089,34790,390289,440887,50599,183,91,50446,50537,139282,139252,92,50506,50445,92,51240,51147,213,122,77789,128296,50873,179230,229706,260559,260559,50476,50476,1768433",40,85.1,294,70.4,4957.0,4.6,"60,40,40,214,40,118,40,294,70,40,63,40,65,40,62,121,40,62,285,40,40,40,209,98,40,99,40,165,40,62,40,76","11,2,1,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","11,1,1,1,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,1,0,1,0,1,0,1,1,0,1,1,0,1,0,0,1,0,1,1,0,1,0,1,0,0","4.471673489,4.680641651,4.734183788,6.810238838,4.680641651,6.078742027,4.665311813,7.177294731,5.455548763,4.680641651,5.570110321,4.730641842,5.523809433,4.730641842,5.470327377,6.416762829,4.730641842,5.470327854,7.190139771,4.730641842,4.884183884,4.884183884,6.934513569,6.068694592,4.730641842,6.043103695,4.815311432,6.668905258,4.815311432,5.405810833,4.765311718,5.731334686",WhatsApp,142,1,Acceptable,Chat,6,DPI,"" diff --git a/test/results/flow-analyse/whatsappfiles.pcap.out b/test/results/flow-analyse/whatsappfiles.pcap.out new file mode 100644 index 000000000..af8cf32f6 --- /dev/null +++ b/test/results/flow-analyse/whatsappfiles.pcap.out @@ -0,0 +1,3 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.29,185.60.216.53,tcp,49674,443,finished,20,12,1519924083411187,1519924108832377,1519924084217928,0,0,1398,1398,5152,3695,0,4,846062.3,24639770,4345174.0,18880535724032.0,0.5,"89960,91931,2998,95622,1439,1232,31,95929,999,78942,282792,460945,6,97926,4,3994,6995,998,5,4,115136,17,1231,43,102916,998,41079,24639770,4996,5995,2998",52,329.1,1450,491.8,241822.2,3.8,"64,60,52,295,52,1450,1450,464,52,52,52,178,310,133,52,52,105,102,94,235,90,52,90,52,162,52,52,52,275,1450,1450,1450","9,4,0,1,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0","5,1,1,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0","0,1,0,0,1,1,1,1,0,0,0,0,1,1,0,0,0,0,0,0,0,1,1,1,1,0,0,1,0,0,0,0","4.421927452,5.154205322,5.000318527,5.630068779,5.156889915,6.911639214,7.331070900,7.439278603,5.077241421,5.077241421,4.892748356,6.281505585,7.104421139,6.400995731,4.993616104,5.038779736,5.644111633,5.709043026,5.428511143,6.868546009,5.439019203,5.156889439,5.895723343,5.156889439,6.637435913,5.038779736,5.077241421,5.156889915,7.004677773,7.873590469,7.843841553,7.873690605",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" +1,ip4,192.168.2.29,185.60.216.53,tcp,49698,443,finished,13,19,1519924240121220,1519924240317078,1519924240518900,0,0,517,1398,975,12875,0,4,19146.4,107518,30886.0,953946176.0,3.3,"56726,60954,999,65972,116,64953,998,4998,4,994,4,59896,50958,5,7285,18,4137,107,10987,4,86355,107518,6,1398,909,1355,1209,1240,1010,1222,1201",52,485.4,1450,599.2,359069.1,4.0,"64,60,52,569,52,198,52,103,105,102,94,276,133,52,90,52,90,52,94,52,52,52,1450,220,1450,1268,1450,1450,1450,1450,1450,1450","6,5,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","5,2,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,8,0,0,0,0","0,1,0,0,1,1,0,0,0,0,0,0,1,0,0,1,1,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1","4.484427452,5.220872402,5.062724590,6.536932945,5.310736179,6.547456264,5.115703106,5.511427402,5.798887253,5.734943390,5.532109261,7.100424290,6.478804111,5.091758728,5.529591560,5.233812809,6.065113068,5.272274971,6.031597137,5.091758728,5.070539474,5.272274971,7.882384777,7.084619522,7.865714073,7.857034683,7.885036469,7.857791901,7.873408318,7.856501579,7.894844532,7.850902557",TLS.WhatsAppFiles,91.242,1,Acceptable,Download,6,DPI,"" diff --git a/test/results/flow-analyse/whois.pcapng.out b/test/results/flow-analyse/whois.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/whois.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/windowsupdate_over_http.pcap.out b/test/results/flow-analyse/windowsupdate_over_http.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/windowsupdate_over_http.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/wireguard.pcap.out b/test/results/flow-analyse/wireguard.pcap.out new file mode 100644 index 000000000..fc658c048 --- /dev/null +++ b/test/results/flow-analyse/wireguard.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,139.162.192.157,192.168.0.14,udp,51820,36116,finished,19,13,1563973554628757,1563973564026392,1563973564026499,96,0,800,272,4816,2160,0,23,606302.4,5525882,1489465.9,2218508681216.0,2.5,"23,158,13304,82421,23440,98,92806,699,114421,124480,180,238536,14265,86010,36434,91,108248,778,113616,3087006,3060616,97488,183654,5525873,24,5525882,16499,87990,44371,59,115907",124,246.0,828,181.0,32764.0,4.7,"828,172,124,300,124,316,172,124,284,124,652,172,124,300,124,348,172,124,284,124,172,140,172,140,684,172,124,300,124,556,172,124","0,0,0,6,7,0,0,0,0,1,1,0,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,0,7,1,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,0,0,1,1,0,1,0,0,1,0,0,1,1,0,0,0,1","7.721926689,6.520606995,6.064967632,7.277743816,6.125530243,7.157748699,6.507213116,6.119441986,7.162059307,6.042750835,7.643404961,6.557894707,6.103312969,7.165712357,6.014130592,7.252914429,6.580285549,6.200272083,7.152356148,6.059064388,6.527978897,6.293422222,6.622408867,6.284528732,7.697811604,6.593225002,6.135756016,7.191918850,6.052976608,7.621836662,6.581598282,6.206175327",WireGuard,206,1,Acceptable,VPN,6,DPI,"" diff --git a/test/results/flow-analyse/wow.pcap.out b/test/results/flow-analyse/wow.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/wow.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/xdmcp.pcap.out b/test/results/flow-analyse/xdmcp.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/xdmcp.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/xiaomi.pcap.out b/test/results/flow-analyse/xiaomi.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/xiaomi.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/xss.pcap.out b/test/results/flow-analyse/xss.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/xss.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/youtube_quic.pcap.out b/test/results/flow-analyse/youtube_quic.pcap.out new file mode 100644 index 000000000..6a46292d2 --- /dev/null +++ b/test/results/flow-analyse/youtube_quic.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.7,216.58.198.33,udp,56074,443,finished,13,19,1489363823738796,1489363823844687,1489363823852784,38,0,1350,1350,3698,22654,0,6,7092.9,47402,13323.0,177502752.0,3.3,"43682,599,47402,292,154,45,22593,22345,6,41882,73,4311,1249,5208,1009,1199,2078,995,1205,2173,1079,939,1972,1276,1007,2312,930,1274,2300,574,7716",59,851.5,1378,620.1,384534.2,4.5,"1378,1378,1378,1378,445,163,164,63,1378,59,69,69,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1378,1378,66,1016,1378","0,8,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0","1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,16,0,0,0,0,0","0,1,1,0,0,0,0,1,1,1,0,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1","2.490298986,7.548896313,2.557327986,5.454246521,7.513552189,6.657486916,6.667313099,5.203137398,7.879892826,5.320584774,5.540966511,5.620818138,7.837260723,7.846781731,5.625435352,7.860443115,7.869290352,5.595131874,7.865964890,7.867100716,5.462482452,7.871220112,7.858954430,5.583694935,7.863245964,7.872319698,5.564828873,7.868106365,7.885589600,5.529245377,7.780364990,7.853522778",QUIC.YouTube,188.124,1,Fun,Media,6,DPI,"" diff --git a/test/results/flow-analyse/youtubeupload.pcap.out b/test/results/flow-analyse/youtubeupload.pcap.out new file mode 100644 index 000000000..2e4bb89f9 --- /dev/null +++ b/test/results/flow-analyse/youtubeupload.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.27,172.217.23.111,udp,51925,443,finished,22,10,1511102576794424,1511102580012300,1511102579994904,35,0,1350,1350,18813,4860,0,80,207043.7,1883081,509890.4,259988193280.0,2.4,"56118,973,59784,1844,356,60874,87,57514,351,30658,1096880,488,1126775,721,1825776,1883081,71241,80,128481,3345,2763,363,669,1041,1120,1220,1141,1157,1131,1161,1163",44,767.8,1378,621.3,386013.8,4.4,"1378,1378,1378,66,1378,410,1378,59,69,66,58,44,597,69,63,330,64,140,44,69,373,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378,1378","0,6,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,13,0,0,0,0,0","4,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,0","0,1,1,0,0,0,1,1,0,0,1,1,1,0,0,0,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0","2.572486401,7.537513733,7.402596951,5.250994682,4.556015491,7.434559345,7.870773315,5.447868824,5.731709003,5.771669865,5.450197697,4.967351913,7.653637886,5.570558548,5.691562653,7.349846363,5.524900436,6.587018490,4.967351913,5.749753952,7.464030743,7.863305569,7.871096611,7.856682777,7.872458458,7.853973389,7.869896412,7.852776527,7.860300064,7.865760326,7.833461761,7.854090214",QUIC.YouTubeUpload,188.136,1,Fun,Media,6,DPI,"" diff --git a/test/results/flow-analyse/z3950.pcapng.out b/test/results/flow-analyse/z3950.pcapng.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/z3950.pcapng.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/zabbix.pcap.out b/test/results/flow-analyse/zabbix.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/zabbix.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/zattoo.pcap.out b/test/results/flow-analyse/zattoo.pcap.out new file mode 100644 index 000000000..bab73746f --- /dev/null +++ b/test/results/flow-analyse/zattoo.pcap.out @@ -0,0 +1 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks diff --git a/test/results/flow-analyse/zcash.pcap.out b/test/results/flow-analyse/zcash.pcap.out new file mode 100644 index 000000000..1eac87589 --- /dev/null +++ b/test/results/flow-analyse/zcash.pcap.out @@ -0,0 +1,2 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.2.92,178.32.196.217,tcp,55190,9050,finished,18,14,1514196094240063,1514196187394861,1514196187518495,0,0,260,303,1724,1124,0,24,6013975.0,50191373,12033642.0,144808530149376.0,3.2,"82662,82715,169,82626,1477,83954,12149836,12261597,111733,2618837,2732392,113543,6931182,7043979,112799,7848884,7848880,48786215,308388,319989,608003,50191373,143,24,41664,210617,4833234,4833228,8034710,8116947,41430",52,142.6,355,98.9,9779.1,4.7,"60,60,52,312,52,355,52,235,115,52,235,115,52,235,115,52,305,52,235,235,235,235,64,64,64,115,52,305,52,235,52,115","9,0,0,0,0,8,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","6,5,0,0,0,0,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,0,1,1,0,0,1,0,0,1,0,0,1,0,1,0,0,0,0,0,1,1,1,1,0,1,0,0,1,1","4.771797657,5.333454132,5.171406746,6.152554512,5.168681622,5.319005013,5.053297043,5.511947632,5.527595043,5.053297043,5.498871803,5.546218395,5.156889915,5.566714287,5.501477242,5.094483376,5.293007374,4.926119804,5.440917015,5.447358608,5.455869675,5.449427605,5.128524780,5.159774780,5.159774780,5.546219349,5.041504383,5.292303562,5.209868431,5.539683342,5.248330116,5.587565422",Mining,42,0,Unsafe,Mining,6,DPI,"5,22" diff --git a/test/results/flow-analyse/zoom.pcap.out b/test/results/flow-analyse/zoom.pcap.out new file mode 100644 index 000000000..6abbec486 --- /dev/null +++ b/test/results/flow-analyse/zoom.pcap.out @@ -0,0 +1,4 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.117,52.202.62.236,tcp,54866,443,info,15,17,1569520470022260,1569520470618561,1569520470618526,0,0,810,1452,2209,17680,0,3,38469.9,210729,59394.9,3527759616.0,3.3,"112386,112530,31116,143960,1761,226,34,114802,166,170,7182,2922,121940,111900,4272,3,116559,98015,494,36,210729,39,183,114,242,129,123,246,127,13,148",40,663.0,1492,660.1,435695.1,4.2,"64,52,40,557,46,1492,1492,1492,40,1292,40,40,231,91,40,731,850,46,1492,1492,1492,40,40,1492,1492,40,1492,1492,40,1492,445,40","11,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","3,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,11,0,0","0,1,0,0,1,1,1,1,0,1,0,0,0,1,0,0,0,1,1,1,1,0,0,1,1,0,1,1,0,1,1,0","4.416232109,4.853979111,4.521928310,4.120527744,4.501398087,7.132670879,7.329687119,7.314774990,4.730641365,7.640571117,4.630640984,4.680641174,6.885639668,5.726258755,4.730641365,7.684801102,7.726203442,4.457919598,7.862352848,7.860615253,7.859583378,4.680641174,4.621928692,7.878399849,7.862105846,4.680641174,7.872378349,7.851402760,4.630641460,7.881779194,7.526136398,4.561769009",,,,,,,,"" +1,ip4,192.168.1.117,109.94.160.99,tcp,54871,443,finished,18,14,1569520471189039,1569520471662963,1569520471590160,0,0,1440,1440,3063,8708,0,1,28227.3,156067,40349.6,1628089600.0,3.8,"31621,31782,223,32749,1986,135,18,34538,3,10485,3,10554,60088,93852,33789,375,31290,30856,4598,4,36582,6223,38193,156062,156067,114,1,94,10606,59053,3101",52,420.5,1492,552.4,305116.1,3.9,"64,60,52,569,52,1492,1492,1268,52,52,1492,79,52,178,294,52,192,118,52,1492,533,52,90,52,1317,52,1492,146,52,90,202,223","10,1,0,1,2,1,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","4,1,2,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,4,0,0","0,1,0,0,1,1,1,1,0,0,1,1,0,0,1,0,0,1,0,0,0,1,1,0,1,0,1,1,0,0,0,0","4.428027153,5.266787052,5.014835358,4.340119362,5.209868431,7.128724575,7.325717926,7.321290493,5.014835358,5.053297043,7.580979347,5.559112549,5.053297043,6.556212902,7.136325836,5.130220413,6.862732410,6.273187160,5.053297043,7.864217758,7.611272335,5.132945538,5.887335777,5.091758728,7.866543293,5.130220413,7.874340057,6.566402435,5.130220413,5.819303036,6.871904373,6.960445881",TLS.Zoom,91.189,1,Acceptable,Video,6,DPI,"15" +1,ip4,192.168.1.117,109.94.160.99,udp,58327,8801,finished,3,29,1569520471748648,1569520471785584,1569520472033049,13,0,107,1029,183,26845,0,28,10365.7,35562,8525.9,72690992.0,4.5,"31967,28,32217,4719,35562,13763,10264,10242,9996,63,10130,10327,9979,9966,107,9866,10246,10252,10251,126,10146,9980,10130,10478,32,9954,10261,9714,10315,406,9850",41,872.8,1057,383.7,147246.2,4.8,"135,63,46,41,91,71,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057,1057","1,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","1,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,26,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,1,0,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.872597694,4.834421635,4.434307098,4.564153194,5.116748810,4.833924294,0.510210812,0.504684150,0.513590038,0.511697888,0.528077245,0.513589978,0.515482187,0.515482187,0.513590038,0.532575667,0.515482187,0.508318722,0.515482187,0.512875855,0.532575667,0.515482187,0.511697948,0.511697888,0.513590038,0.532575667,0.515482187,0.513589978,0.510983646,0.515482187,0.532575667,0.515482187",Zoom,189,1,Acceptable,Video,6,DPI,"" diff --git a/test/results/flow-analyse/zoom2.pcap.out b/test/results/flow-analyse/zoom2.pcap.out new file mode 100644 index 000000000..8884144f8 --- /dev/null +++ b/test/results/flow-analyse/zoom2.pcap.out @@ -0,0 +1,5 @@ +flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks +1,ip4,192.168.1.178,144.195.73.154,tcp,50076,443,finished,17,15,1642965458402978,1642965459315313,1642965459315763,0,0,1440,1440,3004,9722,0,1,58874.8,198571,83051.8,6897604608.0,3.4,"174660,174776,564,174002,1305,35,10,9,175382,5,1,23625,1263,198571,173076,348,174461,174128,5783,7,187559,672,15,182407,110,83,84,878,803,496,2",52,450.3,1492,547.4,299645.5,4.0,"64,60,52,569,52,1492,1492,1268,814,52,52,52,52,178,103,52,208,127,52,1492,767,52,1492,442,52,200,52,102,1330,52,1330,256","11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0","3,1,1,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,3,0,0","0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,1,0,1,0,0,1,0,1,1","4.254878044,5.233453751,5.053297043,4.421474934,5.063529015,7.154266357,7.350361347,7.483180046,7.590131760,5.022342205,4.983880997,5.022342205,4.983880520,6.548796177,5.785968304,4.855899334,6.773957253,6.347529888,5.014834881,7.875683308,7.723464012,5.132945061,7.879707336,7.463565826,4.976374149,6.741343498,5.014835358,5.970962524,7.852532387,5.014835358,7.852782249,6.910366535",TLS.Zoom,91.189,1,Acceptable,Video,6,DPI,"15" +1,ip4,192.168.1.178,144.195.73.154,udp,60653,8801,info,5,27,1642965459595620,1642965459884168,1642965460094905,123,0,128,1036,630,21016,0,21,25414.0,166585,40490.2,1639456256.0,3.6,"101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205",46,704.7,1064,464.6,215864.3,4.6,"151,151,72,46,156,156,72,46,156,88,88,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,1064,88,1064,1064,1064,1064,1064,1064,1064","0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1","5.840515137,5.848702431,4.861306667,4.234366894,5.447824001,5.554306984,4.833528996,4.321323395,5.629264832,4.681292534,4.672410965,0.559972763,0.556576610,0.564253807,0.560080409,0.590531707,0.561960101,0.563839793,0.561959982,0.563839793,0.597341061,0.588497758,0.561959982,0.561959982,4.750781059,0.551231861,0.590992451,0.553111553,0.553111553,0.561959982,0.561959982,0.599220753",,,,,,,,"" +1,ip4,192.168.1.178,144.195.73.154,udp,58117,8801,info,12,20,1642965460219455,1642965460877104,1642965460887928,88,0,161,136,1490,1734,0,12,42778.1,176446,48878.6,2389121792.0,4.1,"98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502",46,129.0,189,35.8,1279.8,4.9,"151,151,72,46,156,156,72,46,156,88,88,161,164,154,149,145,116,88,149,92,143,144,134,135,166,189,116,150,148,143,144,116","0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1","5.774950981,5.795780182,4.871791363,4.390829086,5.589504242,5.647461891,4.816236019,4.390829086,5.513776779,4.672714233,4.717865467,5.984676361,5.988471985,5.890224934,5.750802994,5.721282959,5.103803158,4.742203236,5.809841633,4.711098671,5.716365814,5.704583168,5.625706196,5.615069389,6.022024632,6.167570114,5.279437542,5.717482567,5.684329510,5.700431347,5.688298225,5.216770172",,,,,,,,"" +1,ip4,192.168.1.178,144.195.73.154,udp,57953,8801,info,15,17,1642965460359314,1642965461085374,1642965461081424,27,0,143,75,1257,755,0,8,46715.2,187597,42950.9,1844783744.0,4.3,"102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582",46,91.1,171,44.6,1993.4,4.8,"153,153,72,46,163,163,72,46,163,163,163,103,103,55,55,171,55,55,103,55,103,103,55,55,55,55,103,55,55,55,55,55","7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0","5.810314178,5.912507057,4.833528996,4.303872585,5.517835140,5.506913185,4.805751324,4.390829086,5.576398373,5.539088726,5.561493397,4.442456245,4.487634182,3.597789288,3.852133274,5.482311726,3.597789288,3.888496876,4.520360470,3.744285822,4.494622231,4.547106743,3.853325367,3.707922220,3.961224079,3.671558619,4.547106743,3.924860477,3.671558380,3.888496876,3.924860477,3.707922220",,,,,,,,"" diff --git a/test/run_tests.sh b/test/run_tests.sh index 30efe03e4..988b96417 100755 --- a/test/run_tests.sh +++ b/test/run_tests.sh @@ -9,6 +9,7 @@ NETCAT_EXEC="$(which nc) -q 0 -l 127.0.0.1 9000" JSON_VALIDATOR="$(realpath "${3:-"${MYDIR}/../examples/py-schema-validation/py-schema-validation.py"}")" SEMN_VALIDATOR="$(realpath "${4:-"${MYDIR}/../examples/py-semantic-validation/py-semantic-validation.py"}")" FLOW_INFO="$(realpath "${5:-"${MYDIR}/../examples/py-flow-info/flow-info.py"}")" +NDPISRVD_ANALYSED="$(realpath "${6:-"$(dirname ${nDPId_test_EXEC})/nDPIsrvd-analysed"}")" IS_GIT=$(test -d "${MYDIR}/../.git" -o -f "${MYDIR}/../.git" && printf '1' || printf '0') function usage() @@ -21,6 +22,7 @@ usage: ${0} [path-to-nDPI-source-root] \\ path-to-nDPId-JSON-validator defaults to ${JSON_VALIDATOR} path-to-nDPId-SEMANTIC-validator default to ${SEMN_VALIDATOR} path-to-nDPId-flow-info defaults to ${FLOW_INFO} + path-to-nDPIsrvd-analysed defaults to ${NDPISRVD_ANALYSED} EOF return 0 } @@ -28,6 +30,9 @@ return 0 test -z "$(which flock)" && { printf '%s\n' 'flock not found'; exit 1; } test -z "$(which pkill)" && { printf '%s\n' 'pkill not found'; exit 1; } test -z "$(which nc)" && { printf '%s\n' 'nc not found'; exit 1; } +test -z "$(which ss)" && { printf '%s\n' 'ss not found'; exit 1; } +test -z "$(which cat)" && { printf '%s\n' 'cat not found'; exit 1; } +test -z "$(which grep)" && { printf '%s\n' 'grep not found'; exit 1; } if [ $# -eq 0 -a -x "${MYDIR}/../libnDPI/tests/pcap" ]; then nDPI_SOURCE_ROOT="${MYDIR}/../libnDPI" @@ -233,6 +238,58 @@ done cat <<EOF +----------------------- +-- Flow Analyse DIFF -- +----------------------- + +EOF + +if [ -x "${NDPISRVD_ANALYSED}" ]; then + cd "${MYDIR}" + for out_file in results/*.out; do + result_file="$(basename ${out_file})" + printf "%-${LINE_SPACES}s\t" "${result_file}" + cat "${out_file}" | grep -vE '^~~.*$' | ${NETCAT_EXEC} & + nc_pid=$! + while ! ss -4 -t -n -l | grep -q '127.0.0.1:9000'; do sleep 0.5; printf '%s\n' 'Waiting until socket 127.0.0.1:9000 is available..' >>"/tmp/nDPId-test-stderr/${result_file}"; done + ${NDPISRVD_ANALYSED} -s '127.0.0.1:9000' -o "/tmp/nDPId-test-stdout/${result_file}.csv.new" 2>>"/tmp/nDPId-test-stderr/${result_file}" 1>&2 + kill -SIGTERM ${nc_pid} 2>/dev/null + wait ${nc_pid} 2>/dev/null + if [ ! -r "${MYDIR}/results/flow-analyse/${result_file}" ]; then + printf '%s\n' '[NEW]' + test ${IS_GIT} -eq 1 && \ + mv -v "/tmp/nDPId-test-stdout/${result_file}.csv.new" \ + "${MYDIR}/results/flow-analyse/${result_file}" + TESTS_FAILED=$((TESTS_FAILED + 1)) + elif diff -u0 "${MYDIR}/results/flow-analyse/${result_file}" \ + "/tmp/nDPId-test-stdout/${result_file}.csv.new" >/dev/null; then + printf '%s\n' '[OK]' + rm -f "/tmp/nDPId-test-stdout/${result_file}.csv.new" + else + printf '%s\n' '[DIFF]' + diff -u0 "${MYDIR}/results/flow-analyse/${result_file}" \ + "/tmp/nDPId-test-stdout/${result_file}.csv.new" + test ${IS_GIT} -eq 1 && \ + mv -v "/tmp/nDPId-test-stdout/${result_file}.csv.new" \ + "${MYDIR}/results/flow-analyse/${result_file}" + cat "/tmp/nDPId-test-stderr/${result_file}" + TESTS_FAILED=$((TESTS_FAILED + 1)) + fi + done + + for out_file in ${MYDIR}/results/flow-analyse/*.out; do + result_file="$(basename ${out_file})" + if [ ! -r "${MYDIR}/results/${result_file}" ]; then + printf "%-${LINE_SPACES}s\t%s\n" "${result_file}" "[MISSING]" + TESTS_FAILED=$((TESTS_FAILED + 1)) + fi + done +else + printf '%s\n' "Not found or not executable: ${NDPISRVD_ANALYSED}" +fi + +cat <<EOF + -------------------------------- -- SCHEMA/SEMANTIC Validation -- -------------------------------- |