aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/pps.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/pps.pcap.out')
-rw-r--r--test/results/default/pps.pcap.out10
1 files changed, 5 insertions, 5 deletions
diff --git a/test/results/default/pps.pcap.out b/test/results/default/pps.pcap.out
index aba22716a..e33288f92 100644
--- a/test/results/default/pps.pcap.out
+++ b/test/results/default/pps.pcap.out
@@ -223,7 +223,7 @@
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":1,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353152692906,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLGwAAAER1wTAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00963{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1041,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353152692906,"flow_src_last_pkt_time":1467353152692906,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":133,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":133,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":133,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353152692906,"l3_proto":"ip4","src_ip":"192.168.5.57","dst_ip":"239.255.255.250","src_port":59648,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"239.255.255.250:1900"}}
-01406{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1042,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}}
+01515{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1042,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_src_packets_processed":8,"flow_dst_packets_processed":1,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353152590330,"flow_dst_last_pkt_time":1467353152945958,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":8367,"flow_dst_tot_l4_payload_len":1260,"midstream":1,"thread_ts_usec":1467353152945958,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download","hostname":"bcu.ff.avast.com","http": {"url":"bcu.ff.avast.com\/bc2","code":200,"content_type":"application\/octet-stream","user_agent":"{D699054D-1699-47D2-9B2B-E96F438C1160}","request_content_type":"application\/x-enc"}}}
00695{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1044,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_src_last_pkt_time":1467353155693528,"flow_dst_last_pkt_time":1467353152692906,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":175,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":175,"pkt_l4_len":141,"thread_ts_usec":1467353155693528,"pkt":"AQBef\/\/6GF4PUugBCABFAAChLG0AAAER1wPAqAU57\/\/\/+ukAB2wAjbKhTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSG9zdDoyMzkuMjU1LjI1NS4yNTA6MTkwMA0KU1Q6dXJuOnNjaGVtYXMtdXBucC1vcmc6ZGV2aWNlOkludGVybmV0R2F0ZXdheURldmljZToxDQpNYW46InNzZHA6ZGlzY292ZXIiDQpNWDozDQoNCg=="}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1467353155790340,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":629,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":629,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":629,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1467353155790340,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"202.108.14.219","src_port":50487,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1045,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_src_last_pkt_time":1467353155790340,"flow_dst_last_pkt_time":1467353155790340,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":683,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":683,"pkt_l4_len":649,"thread_ts_usec":1467353155790340,"pkt":"TF4M6gNlABxCjnAxCABFAAKdDjtAAIAG3SfAqHMIymwO28U3AFCNS81scTxdzlAYAQSLywAAR0VUIC9jb3JlP3Q9MiZjaGlwaWQ9SW50ZWwlMjhSJTI5JTIwQ29yZSUyOFRNJTI5JTIwaTUlMkQyNTU3TSUyMENQVSUyMCU0MCUyMDElMkU3MEdIeiZ0bT0xNSZyYT0xJmlzaGNkbj0yJnBmPTIwMSZwPTExJnAxPTExNCZwMj0zMDAwJnNka3RwPTEmYzE9NiZyPTUwMDQ5NDYwMCZhaWQ9NTAyOTU5OTAwJnU9YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4mcHU9Jm9zPXdpbmRvd3Mmdj01JTJFMiUyRTE1JTJFMjI0MCZrcnY9MiUyRTAlMkUxMDImZHQ9Jmh1PS0xJnJuPTE0NjczNTMxNTUmaXNsb2NhbD0wJmFzPWQxOWY2NDA0N2I2NDFjZDZmZjA5NmIwNGZiMmEzMGI1JnZlPTNjYzBjOGZhMzcyNjI1ZTY0MTQzMTQ0ODE2ZjNlOTY4JnBlPWM5NWQ5OTJlMjk4NTZkYzg0ZjJlOTkwN2EyZTRiMjgyJnZmcm09JmNobD0maGNkbnY9MTAuMC4wLjI5MyZ0cGNkPTAmaXNkcm09MSZodD0wIEhUVFAvMS4xDQpVc2VyLUFnZW50OiBRWS1QbGF5ZXItV2luZG93cy8yLjAuMTAyDQpIb3N0OiBtc2cuNzEuYW0NCkFjY2VwdDogKi8qDQpBY2NlcHQtRW5jb2Rpbmc6IGd6aXAsIGRlZmxhdGUNCnF5aWQ6YWFvZWZkdHFnZmRlcHhjMnRudjNwaXVjZ2NiNGVvZm4NCnF5cGlkOl8yMDEyDQpxeXBsYXRmb3JtOjAtMg0KDQo="}
@@ -522,7 +522,7 @@
01403{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":1259,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1467353202192448,"flow_src_last_pkt_time":1467353202370500,"flow_dst_last_pkt_time":1467353202428117,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":63,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":302,"flow_src_tot_l4_payload_len":2737,"flow_dst_tot_l4_payload_len":302,"midstream":1,"thread_ts_usec":1467353202428117,"l3_proto":"ip4","src_ip":"77.234.41.35","dst_ip":"192.168.115.8","src_port":80,"dst_port":49174,"l4_proto":"tcp","ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":33,"category":"Cybersecurity","hostname":"su.ff.avast.com","http": {"url":"su.ff.avast.com\/R\/A3gKIDljY2I3ODkyM2NiMTRlMTBiNzRmZGQ3OTE4ODdhNDZlEgQCMAYWGKAEIgH_KgcIBBDmzNlDKgcIAxCrn_tBMgoIBBDmzNlDGIAKOM2RhFhCICsB593vKxQ6cVzAgCL_b9XWlsFQVx754ZgCHv1XaVp1SICCmAg=","code":0,"content_type":"","user_agent":"","request_content_type":"application\/octet-stream"}}}
00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136834457,"flow_src_last_pkt_time":1467353136834572,"flow_dst_last_pkt_time":1467353136834457,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"222.26.193.119","src_port":22793,"dst_port":7133,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
-01219{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
+01328{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"finished","flow_src_packets_processed":11,"flow_dst_packets_processed":12,"flow_first_seen":1467353151975342,"flow_src_last_pkt_time":1467353164710742,"flow_dst_last_pkt_time":1467353165019943,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":177,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1260,"flow_dst_max_l4_payload_len":1260,"flow_src_tot_l4_payload_len":10429,"flow_dst_tot_l4_payload_len":14221,"midstream":1,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"77.234.40.96","src_port":50486,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"4": {"risk":"Binary App Transfer","severity":"Severe","risk_score": {"total":150,"client":135,"server":15}},"11": {"risk":"HTTP Susp User-Agent","severity":"High","risk_score": {"total":310,"client":275,"server":35}},"47": {"risk":"HTTP Obsolete Server","severity":"Medium","risk_score": {"total":510,"client":435,"server":75}}},"confidence": {"6":"DPI"},"proto":"HTTP.Cybersec","proto_id":"7.283","proto_by_ip":"AVAST","proto_by_ip_id":307,"encrypted":0,"breed":"Safe","category_id":7,"category":"Download"}}
00992{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136835111,"flow_src_last_pkt_time":1467353136835529,"flow_dst_last_pkt_time":1467353136835111,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"115.157.62.243","src_port":22793,"dst_port":29006,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1261,"source":"cfgs\/default\/pcap\/pps.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1467353136833392,"flow_src_last_pkt_time":1467353136833582,"flow_dst_last_pkt_time":1467353136833392,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":24,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":24,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":48,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1467353203157237,"l3_proto":"ip4","src_ip":"192.168.115.8","dst_ip":"111.250.102.66","src_port":22793,"dst_port":1107,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
@@ -667,9 +667,9 @@
~~ total active/idle flows...: 107/107
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 8267866 bytes
-~~ total memory freed........: 8267866 bytes
-~~ total allocations/frees...: 151816/151816
+~~ total memory allocated....: 7900071 bytes
+~~ total memory freed........: 7900071 bytes
+~~ total allocations/frees...: 146219/146219
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 509 chars
~~ json string max len.......: 2351 chars
Powered by cgit, Themed by Ted Yin.