aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/hislip.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/hislip.pcap.out')
-rw-r--r--test/results/default/hislip.pcap.out54
1 files changed, 54 insertions, 0 deletions
diff --git a/test/results/default/hislip.pcap.out b/test/results/default/hislip.pcap.out
new file mode 100644
index 000000000..542e0e6df
--- /dev/null
+++ b/test/results/default/hislip.pcap.out
@@ -0,0 +1,54 @@
+00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1395234992923478}
+00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1395234992923478,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395234992923478,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51053,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923478,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923478,"pkt":"AOAz2gNE+LFWq9DWCABFAAA0O7NAAIAGAAAKQAB\/CkAASMdtExCcmBGeAAAAAIACIAAVbQAAAgQFtAEDAwgBAQQC"}
+00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1395234992923478,"flow_dst_last_pkt_time":1395234992923722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992923722,"pkt":"+LFWq9DWAOAz2gNECABFAAA0RotAAIAGnvIKQABICkAAfxMQx23MdkTbnJgRn4ASIACfsgAAAgQFtAEDAwgBAQQC"}
+00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1395234992923838,"flow_dst_last_pkt_time":1395234992923722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1395234992923838,"pkt":"AOAz2gNE+LFWq9DWCABFAAAoO7RAAIAGAAAKQAB\/CkAASMdtExCcmBGfzHZE3FAQAQAVYQAA"}
+00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1395234992934658,"flow_dst_last_pkt_time":1395234992923722,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1395234992934658,"pkt":"AOAz2gNE+LFWq9DWCABFAAA\/O7VAAIAGAAAKQAB\/CkAASMdtExCcmBGfzHZE3FAYAQAVeAAASFMAAAEAUlMAAAAAAAAAB2hpc2xpcDA="}
+00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1395234992923478,"flow_src_last_pkt_time":1395234992934658,"flow_dst_last_pkt_time":1395234992923722,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395234992934658,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51053,"dst_port":4880,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1395234992934658,"flow_dst_last_pkt_time":1395234992934831,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1395234992934831,"pkt":"+LFWq9DWAOAz2gNECABFAAA4RoxAAIAGnu0KQABICkAAfxMQx23MdkTcnJgRtlAYAQC1AgAASFMBAAEAAAEAAAAAAAAAAA=="}
+00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1395234992935199,"flow_src_last_pkt_time":1395234992935199,"flow_dst_last_pkt_time":1395234992935199,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395234992935199,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51054,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1395234992935199,"flow_dst_last_pkt_time":1395234992935199,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992935199,"pkt":"AOAz2gNE+LFWq9DWCABFAAA0O7ZAAIAGAAAKQAB\/CkAASMduExA\/hBKNAAAAAIACIAAVbQAAAgQFtAEDAwgBAQQC"}
+00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1395234992935199,"flow_dst_last_pkt_time":1395234992935358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395234992935358,"pkt":"+LFWq9DWAOAz2gNECABFAAA0Ro1AAIAGnvAKQABICkAAfxMQx265zUa9P4QSjoASIAAMngAAAgQFtAEDAwgBAQQC"}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1395234992935453,"flow_dst_last_pkt_time":1395234992935358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1395234992935453,"pkt":"AOAz2gNE+LFWq9DWCABFAAAoO7dAAIAGAAAKQAB\/CkAASMduExA\/hBKOuc1GvlAQAQAVYQAA"}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1395234992950242,"flow_dst_last_pkt_time":1395234992935358,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1395234992950242,"pkt":"AOAz2gNE+LFWq9DWCABFAAA4O7hAAIAGAAAKQAB\/CkAASMduExA\/hBKOuc1GvlAYAQAVcQAASFMRAAAAAAEAAAAAAAAAAA=="}
+00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1395234992935199,"flow_src_last_pkt_time":1395234992950242,"flow_dst_last_pkt_time":1395234992935358,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395234992950242,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51054,"dst_port":4880,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1395234992950242,"flow_dst_last_pkt_time":1395234992950427,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1395234992950427,"pkt":"+LFWq9DWAOAz2gNECABFAAA4Ro5AAIAGnusKQABICkAAfxMQx265zUa+P4QSnlAYAQDKqgAASFMSAAAAR0sAAAAAAAAAAA=="}
+00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1395235022698475,"flow_src_last_pkt_time":1395235022698475,"flow_dst_last_pkt_time":1395235022698475,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395235022698475,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51055,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":30,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1395235022698475,"flow_dst_last_pkt_time":1395235022698475,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395235022698475,"pkt":"AOAz2gNE+LFWq9DWCABFAAA0PRRAAIAGAAAKQAB\/CkAASMdvExDvbkZhAAAAAIACIAAVbQAAAgQFtAEDAwgBAQQC"}
+00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1395235022698475,"flow_dst_last_pkt_time":1395235022698720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395235022698720,"pkt":"+LFWq9DWAOAz2gNECABFAAA0RpZAAIAGnucKQABICkAAfxMQx28K9CXj725GYoASIAD4kQAAAgQFtAEDAwgBAQQC"}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1395235022698838,"flow_dst_last_pkt_time":1395235022698720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1395235022698838,"pkt":"AOAz2gNE+LFWq9DWCABFAAAoPRVAAIAGAAAKQAB\/CkAASMdvExDvbkZiCvQl5FAQAQAVYQAA"}
+00558{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1395235022714192,"flow_dst_last_pkt_time":1395235022698720,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_usec":1395235022714192,"pkt":"AOAz2gNE+LFWq9DWCABFAAA\/PRZAAIAGAAAKQAB\/CkAASMdvExDvbkZiCvQl5FAYAQAVeAAASFMAAAEAUlMAAAAAAAAAB2hpc2xpcDA="}
+00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1395235022698475,"flow_src_last_pkt_time":1395235022714192,"flow_dst_last_pkt_time":1395235022698720,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":23,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":23,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395235022714192,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51055,"dst_port":4880,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1395235022714192,"flow_dst_last_pkt_time":1395235022714357,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1395235022714357,"pkt":"+LFWq9DWAOAz2gNECABFAAA4RpdAAIAGnuIKQABICkAAfxMQx28K9CXk725GeVAYAQAN4gAASFMBAAEAAAEAAAAAAAAAAA=="}
+00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1395235022714729,"flow_src_last_pkt_time":1395235022714729,"flow_dst_last_pkt_time":1395235022714729,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395235022714729,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51056,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":35,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1395235022714729,"flow_dst_last_pkt_time":1395235022714729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395235022714729,"pkt":"AOAz2gNE+LFWq9DWCABFAAA0PRdAAIAGAAAKQAB\/CkAASMdwExDpOBV3AAAAAIACIAAVbQAAAgQFtAEDAwgBAQQC"}
+00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1395235022714729,"flow_dst_last_pkt_time":1395235022714888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1395235022714888,"pkt":"+LFWq9DWAOAz2gNECABFAAA0RphAAIAGnuUKQABICkAAfxMQx3AHu1196TgVeIASIAD7TwAAAgQFtAEDAwgBAQQC"}
+00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1395235022714984,"flow_dst_last_pkt_time":1395235022714888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1395235022714984,"pkt":"AOAz2gNE+LFWq9DWCABFAAAoPRhAAIAGAAAKQAB\/CkAASMdwExDpOBV4B7tdflAQAQAVYQAA"}
+00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1395235022729761,"flow_dst_last_pkt_time":1395235022714888,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1395235022729761,"pkt":"AOAz2gNE+LFWq9DWCABFAAA4PRlAAIAGAAAKQAB\/CkAASMdwExDpOBV4B7tdflAYAQAVcQAASFMRAAAAAAEAAAAAAAAAAA=="}
+00926{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":38,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1395235022714729,"flow_src_last_pkt_time":1395235022729761,"flow_dst_last_pkt_time":1395235022714888,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":16,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":16,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1395235022729761,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51056,"dst_port":4880,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":39,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1395235022729761,"flow_dst_last_pkt_time":1395235022729920,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_usec":1395235022729920,"pkt":"+LFWq9DWAOAz2gNECABFAAA4RplAAIAGnuAKQABICkAAfxMQx3AHu11+6TgViFAYAQC5XAAASFMSAAAAR0sAAAAAAAAAAA=="}
+02223{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1395235022714729,"flow_src_last_pkt_time":1395235117238521,"flow_dst_last_pkt_time":1395235110214979,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":206,"flow_dst_tot_l4_payload_len":168,"midstream":0,"thread_ts_usec":1395235117238521,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51056,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":159,"avg":5871743.5,"max":19038629,"stddev":6792435.0,"var":46137172033536.0,"ent":3.9,"data": [159,255,14777,15032,334,333,217948,3286106,3504126,208187,10280253,10488398,202638,18835935,19038629,211109,3164637,3375690,204865,18603800,18610247,8174306,8385603,202657,7510419,7713129,211316,16164069,16375351,215494,6808240]},"pktlen": {"min":40,"avg":52.4,"max":94,"stddev":10.8,"var":117.4,"ent":5.0,"data": [52,52,40,56,56,64,64,40,56,56,40,56,56,40,94,56,40,56,56,40,56,40,56,56,40,56,56,40,56,56,40,56]},"bins": {"c_to_s": [20,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,0],"entropies": [4.208755016,4.863714218,4.222574711,3.791955471,4.174042225,3.548727512,3.967243671,4.222574711,3.791955471,3.968184710,4.222574711,3.685983658,4.089133739,4.172574520,4.796797752,4.036043644,4.222574711,3.791955471,4.000329494,4.172574997,4.253843784,4.222574711,3.685983658,4.066899776,4.172574997,4.047204494,3.896756172,4.222574711,4.017705441,3.883275986,4.222574711,4.031185627]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+02236{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":131,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1395234992935199,"flow_src_last_pkt_time":1395235156211826,"flow_dst_last_pkt_time":1395235186226505,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":155,"midstream":0,"thread_ts_usec":1395235186226505,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51054,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":159,"avg":11502191.0,"max":30221196,"stddev":11630422.0,"var":135266715041792.0,"ent":4.1,"data": [159,254,14789,15069,362,340,217930,13272901,13259574,13350289,13554941,221344,22465609,22686937,200535,2983558,3184145,214299,30221196,30007213,24848210,24848481,210992,6444733,6655718,200686,18636258,18641456,30200438,29994794,30014723]},"pktlen": {"min":40,"avg":51.8,"max":94,"stddev":10.7,"var":114.4,"ent":5.0,"data": [52,52,40,56,56,64,64,40,56,40,56,56,40,56,56,40,94,56,40,46,52,56,56,40,56,56,40,56,40,46,52,46]},"bins": {"c_to_s": [18,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,0,0,1,0,0,1,0,1,0,1,0,1],"entropies": [4.247216702,4.748329163,4.272574425,3.863384008,4.102613926,3.548727512,3.935993671,4.272574425,4.289557934,4.272574425,3.827669859,4.000329018,4.172574997,4.004225254,4.036043644,4.272574425,4.877751827,4.036043644,4.222574711,4.130999565,4.359120846,4.053419590,3.932470322,4.222574711,4.053419590,4.036043644,4.222574711,4.182415009,4.222574711,4.087521076,4.359120846,4.130999565]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+02234{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":13,"flow_first_seen":1395235022698475,"flow_src_last_pkt_time":1395235189368494,"flow_dst_last_pkt_time":1395235189368700,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":195,"flow_dst_tot_l4_payload_len":208,"midstream":0,"thread_ts_usec":1395235189368700,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51055,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":172,"avg":10752911.0,"max":30224299,"stddev":11913816.0,"var":141939022233600.0,"ent":4.0,"data": [245,363,15354,15637,202654,30224299,30021867,21890463,21890725,221333,2690180,2911516,172,434,30016519,30016515,22101315,22101636,211148,5004629,5215774,205595,30216128,30010867,15065087,15272489,6292463,6085327,219281,2500471,2719758]},"pktlen": {"min":40,"avg":55.1,"max":81,"stddev":11.5,"var":131.2,"ent":5.0,"data": [52,52,40,63,56,40,46,52,66,69,40,66,56,81,40,46,52,66,69,40,66,69,40,46,52,56,46,66,69,40,66,56]},"bins": {"c_to_s": [19,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,0,0,1,0,0,1,1,0,1,0,0,1,0,0,1,0,1,0,0,1,0,1,0,0,1],"entropies": [4.247216702,4.772274017,4.153702736,4.327305794,3.946276665,4.153702736,4.071110249,4.188837051,4.350000858,4.564953327,4.203702450,4.496242523,4.204648972,5.077324390,4.203702450,4.071110249,4.219791889,4.496243000,4.644472599,4.153702259,4.489754677,4.615487099,4.203702450,4.011221409,4.282197952,4.140867233,4.071110249,4.406847000,4.650129795,4.203702450,4.397905827,4.182415009]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+02232{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":155,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1395234992923478,"flow_src_last_pkt_time":1395235216038558,"flow_dst_last_pkt_time":1395235216038493,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":228,"midstream":0,"thread_ts_usec":1395235216038558,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51053,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":181,"avg":14394519.0,"max":30237001,"stddev":13485121.0,"var":181848479105024.0,"ent":4.1,"data": [244,360,10820,11109,202661,4710669,4913387,218770,8156706,8375451,205,492,7975375,7975670,215748,30237001,30021528,30014758,30014761,29999078,29999082,21560664,21560964,181,468,30013098,30013102,30014666,30014661,29999203,29999213]},"pktlen": {"min":40,"avg":54.9,"max":103,"stddev":14.0,"var":195.0,"ent":5.0,"data": [52,52,40,63,56,40,62,103,40,66,56,81,40,66,69,40,46,52,46,52,46,52,66,56,81,40,46,52,46,52,46,52]},"bins": {"c_to_s": [18,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [11,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,0,1,0,0,1,1,0,0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,1,0,1,0],"entropies": [4.208755016,4.825252533,4.272574425,4.371034145,4.066899776,4.272574425,4.273222923,5.284747601,4.051712990,4.490328312,4.289557934,5.102015972,4.172574520,4.544446468,4.669953823,4.101713181,3.885338783,4.203743458,3.928816795,4.203743458,3.928816795,4.203743458,4.355523586,4.253843784,5.102015972,4.222574711,4.130999565,4.349692822,4.130999565,4.349692822,4.087521076,4.349692822]},"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":20,"flow_dst_packets_processed":16,"flow_first_seen":1395234992923478,"flow_src_last_pkt_time":1395235239785411,"flow_dst_last_pkt_time":1395235239785331,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":63,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":228,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51053,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":23,"flow_dst_packets_processed":16,"flow_first_seen":1395234992935199,"flow_src_last_pkt_time":1395235239784812,"flow_dst_last_pkt_time":1395235239784744,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":158,"flow_dst_tot_l4_payload_len":156,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51054,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":27,"flow_dst_packets_processed":20,"flow_first_seen":1395235022698475,"flow_src_last_pkt_time":1395235237017565,"flow_dst_last_pkt_time":1395235237017484,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":26,"flow_dst_max_l4_payload_len":41,"flow_src_tot_l4_payload_len":247,"flow_dst_tot_l4_payload_len":336,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51055,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00971{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":39,"flow_dst_packets_processed":23,"flow_first_seen":1395235022714729,"flow_src_last_pkt_time":1395235237016961,"flow_dst_last_pkt_time":1395235237016867,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":54,"flow_dst_max_l4_payload_len":24,"flow_src_tot_l4_payload_len":302,"flow_dst_tot_l4_payload_len":313,"midstream":0,"thread_ts_usec":1395235239785411,"l3_proto":"ip4","src_ip":"10.64.0.127","dst_ip":"10.64.0.72","src_port":51056,"dst_port":4880,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"HiSLIP","proto_id":"372","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
+00637{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":184,"source":"cfgs\/default\/pcap\/hislip.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4537-4543385d","packets-captured":184,"packets-processed":184,"total-skipped-flows":0,"total-l4-payload-len":1863,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":39,"global_ts_usec":1395235239785411}
+~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
+~~ packets captured/processed: 184/184
+~~ skipped flows.............: 0
+~~ total layer4 data length..: 1863 bytes
+~~ total detected protocols..: 4
+~~ total active/idle flows...: 4/4
+~~ total timeout flows.......: 0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ total memory allocated....: 5349944 bytes
+~~ total memory freed........: 5349944 bytes
+~~ total allocations/frees...: 86233/86233
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~ json message min len.......: 529 chars
+~~ json message max len.......: 2241 chars
+~~ json message avg len.......: 1383 chars
Powered by cgit, Themed by Ted Yin.