summaryrefslogtreecommitdiff
path: root/test/results/default/emotet.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/emotet.pcap.out')
-rw-r--r--test/results/default/emotet.pcap.out12
1 files changed, 6 insertions, 6 deletions
diff --git a/test/results/default/emotet.pcap.out b/test/results/default/emotet.pcap.out
index adf53d357..0d5851977 100644
--- a/test/results/default/emotet.pcap.out
+++ b/test/results/default/emotet.pcap.out
@@ -1,5 +1,5 @@
-00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00786{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645830066121611}
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00786{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1645830066121611}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1645830066121611,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066121611,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1645830066121611,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0wBJAAIAGPvkKAhlmwfwWVN\/dAkvNIWS2AAAAAIAC+vBkZgAAAgQFtAEDAwgBAQQC"}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1645830066121611,"flow_dst_last_pkt_time":1645830066871134,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1645830066871134,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsxzIAAIAGd+HB\/BZUCgIZZgJL392K6SffzSFkt2AS+vDaogAAAgQFtA=="}
@@ -8,7 +8,7 @@
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830067977441,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_usec":1645830067978107,"pkt":"IOUqtpPxAAgCHEeuCABFAAA9wBRAAIAGPu4KAhlmwfwWVN\/dAkvNIWS3iukoFlAY+rqhDQAARUhMTyBbMTczLjY2LjQ2Ljk3XQ0K"}
01000{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":4,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830067978107,"flow_dst_last_pkt_time":1645830068348052,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":21,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":21,"flow_dst_tot_l4_payload_len":214,"midstream":0,"thread_ts_usec":1645830068348052,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1","smtp": {"user":"","password":"","auth_failed":0}}}
02203{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":19,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074471734,"flow_dst_last_pkt_time":1645830074471604,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":698,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":898,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1645830074471734,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":254,"avg":538713.4,"max":3056402,"stddev":774055.0,"var":599161176064.0,"ent":3.7,"data": [749523,749719,1106307,1106777,773,369838,370621,895,325625,326244,506,323,737,841210,842439,907,363,438,3054676,3056402,1628,247201,247778,521,1205120,1205575,420,442964,443628,704,254]},"pktlen": {"min":40,"avg":80.8,"max":738,"stddev":121.9,"var":14849.5,"ent":4.3,"data": [52,44,40,94,61,40,200,52,40,58,72,40,42,40,58,56,40,42,40,80,77,40,86,73,40,87,46,40,48,79,40,738]},"bins": {"c_to_s": [8,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [14,4,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,1,0,1,1,0,1,0,1,1,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,0],"entropies": [4.644789696,4.953416348,4.981687069,5.477373600,5.387795925,4.784183979,5.738989830,5.361793995,4.834184170,5.487123966,5.654376030,4.784183979,4.955064297,4.734184265,5.288679600,5.421465874,4.784183979,4.859826565,4.784183979,5.343945503,5.557319641,4.765312195,5.392617702,5.626545429,4.834184170,5.525993347,5.097266674,4.834184170,5.095175266,5.329178810,4.784184456,5.639209747]},"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1"}}
-00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1648563468993352}
+00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":51,"packets-processed":50,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15889,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1648563468993352}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1648563468993352,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563468993352,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1648563468993352,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0EddAAIAG2c0KAx1laKF\/Ftv1AFBvd7IvAAAAAIAC+vBnEwAAAgQFtAEDAwgBAQQC"}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1648563468993352,"flow_dst_last_pkt_time":1648563469109116,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_usec":1648563469109116,"pkt":"AAgCHEeuIOUqtpPxCABFAAAsoCoAAIAGi4JooX8WCgMdZQBQ2\/UuAEklb3eyMGAS+vAY8wAAAgQFtA=="}
@@ -18,7 +18,7 @@
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":55,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1648563469109583,"flow_dst_last_pkt_time":1648563469109634,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1648563469109634,"pkt":"AAgCHEeuIOUqtpPxCABFAAAooCsAAIAGi4VooX8WCgMdZQBQ2\/UuAEkmb3ez7lAQ+vAu8gAA"}
02190{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":82,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469442201,"flow_dst_last_pkt_time":1648563469442152,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":24498,"midstream":0,"thread_ts_usec":1648563469442201,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":77,"avg":28956.4,"max":204389,"stddev":59845.4,"var":3581476608.0,"ent":2.7,"data": [115764,115896,335,518,204207,77,204389,352,224,565,217,228,441,212,496,705,246,220,470,115050,221,115302,340,251,573,9235,226,9483,474,242,690]},"pktlen": {"min":40,"avg":820.0,"max":1401,"stddev":663.1,"var":439751.8,"ent":4.4,"data": [52,44,40,486,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40,1401,1401,40]},"bins": {"c_to_s": [11,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,18,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.710365295,4.913976669,4.680641174,5.777981758,4.621928692,7.446667671,7.722211838,4.711769104,7.820096016,7.819649696,4.730641365,7.834948540,7.865209579,4.730641365,7.838735580,7.852061272,4.780641079,7.835340023,7.853207111,4.711769104,7.851351738,7.847233772,4.780641079,7.872184753,7.855648994,4.780641079,7.879763126,7.844507217,4.680641174,7.843948364,7.837398529,4.780641079]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fkl.co.ke"}}
00998{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":27,"flow_first_seen":1645830066121611,"flow_src_last_pkt_time":1645830074472054,"flow_dst_last_pkt_time":1645830074472521,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1460,"flow_dst_max_l4_payload_len":160,"flow_src_tot_l4_payload_len":15498,"flow_dst_tot_l4_payload_len":391,"midstream":0,"thread_ts_usec":1648563469606163,"l3_proto":"ip4","src_ip":"10.2.25.102","dst_ip":"193.252.22.84","src_port":57309,"dst_port":587,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"SMTP","proto_id":"3","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":3,"category":"Email","hostname":"opmta1mto02nd1"}}
-00797{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1650490398530577}
+00797{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":109,"packets-processed":108,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":62956,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1650490398530577}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650490398530577,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398530577,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650490398530577,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0\/mJAAIAGv4MKBBRma6Gy0tQvAFBRzVZmAAAAAIAC\/\/+1fwAAAgQFtAEDAwgBAQQC"}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":110,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1650490398530577,"flow_dst_last_pkt_time":1650490398627831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_usec":1650490398627831,"pkt":"AAgCHEeuIOUqtpPxCABFAAAwAABAADIGC+trobLSCgQUZgBQ1C8M9mn7Uc1WZ3ASchDhvAAAAgQFbAEDAwc="}
@@ -28,7 +28,7 @@
02386{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1442,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1442,"pkt_l4_len":1408,"thread_ts_usec":1650490398888771,"pkt":"AAgCHEeuIOUqtpPxCABFAAWU7ZtAADMGF+trobLSCgQUZgBQ1C8M9mn8Uc1XSFAQAO1SvQAASFRUUC8xLjEgMjAwIE9LDQpEYXRlOiBXZWQsIDIwIEFwciAyMDIyIDIxOjMzOjA0IEdNVA0KU2VydmVyOiBBcGFjaGUNClgtUG93ZXJlZC1CeTogUEhQLzUuNi40MA0KQ2FjaGUtQ29udHJvbDogbm8tY2FjaGUsIG11c3QtcmV2YWxpZGF0ZQ0KUHJhZ21hOiBuby1jYWNoZQ0KRXhwaXJlczogV2VkLCAyMCBBcHIgMjAyMiAyMTozMzowNCBHTVQNCkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSJFR2g3eDZhS04zSUxQLmRsbCINCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJpbmFyeQ0KU2V0LUNvb2tpZTogNjI2MDdjMTAzODZhMz0xNjUwNDkwMzg0OyBleHBpcmVzPVdlZCwgMjAtQXByLTIwMjIgMjE6MzQ6MDQgR01UOyBNYXgtQWdlPTYwOyBwYXRoPS8NCkxhc3QtTW9kaWZpZWQ6IFdlZCwgMjAgQXByIDIwMjIgMjE6MzM6MDQgR01UDQpDb250ZW50LUxlbmd0aDogODAyODE2DQpDb25uZWN0aW9uOiBjbG9zZQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LW1zZG93bmxvYWQNCg0KTVqQAAMAAAAEAAAA\/\/8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAANclxdSRMyDkkTMg5JEzIOP45fDkETMg4\/jkkOXhMyDkkTMw4uETIObtVfDsMTMg5u1U8OQxMyDm7VXA75EzIObtVADkATMg5u1UgOSBMyDm7VTg5IEzIObtVKDkgTMg5SaWNoSRMyDgAAAAAAAAAAUEUAAGSGBgAAFV9iAAAAAAAAAADwACIgCwIIAABgBgAA3AUAAAAAAMBwBAAAEAAAAAAAEAAAAAAAEAAAAAIAAAQAAAAAAAAABQACAAAAAAAA0AwAAAQAAPAJDQACAAAAAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAACCMCABjAAAAsF8IANwAAAAAsAkABMwCAAAwCQDgcwAAAAAAAAAAAAAAgAwAhCMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwBgAIDgAAEF8IAEAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAACcXwYAABAAAABgBgAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAgxwCAABwBgAAHgIAAGQGAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAADCTAAAAkAgAADYAAACCCAAAAAAAAAAAAAAAAABAAADALnBkYXRhAADgcwAAADAJAAB0AAAAuAgAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAABMwCAACwCQAAzgIAACwJAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAADxEAAAAgAwAAEYAAAD6CwAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
01444{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":113,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1650490398530577,"flow_src_last_pkt_time":1650490398628513,"flow_dst_last_pkt_time":1650490398888771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":225,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":225,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1650490398888771,"l3_proto":"ip4","src_ip":"10.4.20.102","dst_ip":"107.161.178.210","src_port":54319,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"gandhitoday.org","http": {"url":"gandhitoday.org\/video\/6JvA8\/","code":200,"content_type":"application\/x-msdownload","user_agent":"Mozilla\/5.0 (Windows NT 10.0; Win64; x64; Trident\/7.0; rv:11.0) like Gecko","detected_os":"Windows 10"}}}
00991{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":37,"flow_first_seen":1648563468993352,"flow_src_last_pkt_time":1648563469606163,"flow_dst_last_pkt_time":1648563469559770,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":446,"flow_dst_max_l4_payload_len":1361,"flow_src_tot_l4_payload_len":446,"flow_dst_tot_l4_payload_len":46621,"midstream":0,"thread_ts_usec":1650490398907947,"l3_proto":"ip4","src_ip":"10.3.29.101","dst_ip":"104.161.127.22","src_port":56309,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"fkl.co.ke"}}
-00797{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":123,"packets-processed":122,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1650905413858492}
+00797{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":123,"packets-processed":122,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":71509,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":3,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":31,"global_ts_usec":1650905413858492}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1650905413858492,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":123,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905413858492,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905413858492,"pkt":"IOUqtpPxAAgCHEeuCABFAAA0LKVAAIAGOLEKBBllTWkknMKFAFDxFWwgAAAAAIAC+vC+pQAAAgQFtAEDAwgBAQQC"}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":124,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1650905413858492,"flow_dst_last_pkt_time":1650905414042728,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1650905414042728,"pkt":"AAgCHEeuIOUqtpPxCABFAAA0AABAADEGtFZNaSScCgQZZQBQwoUpbDcH8RVsIYASOQggUwAAAgQFbAEBBAIBAwMH"}
@@ -57,7 +57,7 @@
01361{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":5,"flow_dst_packets_processed":10,"flow_first_seen":1650905413858492,"flow_src_last_pkt_time":1650905414338361,"flow_dst_last_pkt_time":1650905414341100,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":152,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":152,"flow_dst_tot_l4_payload_len":9960,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"77.105.36.156","src_port":49797,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"54": {"risk":"Binary File\/Data Transfer (Attempt)","severity":"Medium","risk_score": {"total":500,"client":370,"server":130}}},"confidence": {"6":"DPI"},"proto":"HTTP","proto_id":"7","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":7,"category":"Download","hostname":"filmmogzivota.rs"}}
01308{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":8,"flow_first_seen":1650905467542773,"flow_src_last_pkt_time":1650905467928862,"flow_dst_last_pkt_time":1650905469191372,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":480,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":722,"flow_dst_tot_l4_payload_len":5784,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49803,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01206{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":7,"flow_first_seen":1650905469778844,"flow_src_last_pkt_time":1650905518385458,"flow_dst_last_pkt_time":1650905473602816,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":553,"flow_dst_max_l4_payload_len":660,"flow_src_tot_l4_payload_len":929,"flow_dst_tot_l4_payload_len":800,"midstream":0,"thread_ts_usec":1650905518385458,"l3_proto":"ip4","src_ip":"10.4.25.101","dst_ip":"138.197.147.101","src_port":49804,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":460,"client":410,"server":50}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-00799{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":169,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1650905518385458}
+00799{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":169,"source":"cfgs\/default\/pcap\/emotet.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":169,"packets-processed":169,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":89856,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":4,"total-updates":0,"current-active-flows":0,"total-active-flows":6,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1650905518385458}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 169/169
~~ skipped flows.............: 0
Powered by cgit, Themed by Ted Yin.