aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/rsh-syslog-false-positive.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/rsh-syslog-false-positive.pcap.out')
-rw-r--r--test/results/default/rsh-syslog-false-positive.pcap.out4
1 files changed, 2 insertions, 2 deletions
diff --git a/test/results/default/rsh-syslog-false-positive.pcap.out b/test/results/default/rsh-syslog-false-positive.pcap.out
index c22113c99..30892abb1 100644
--- a/test/results/default/rsh-syslog-false-positive.pcap.out
+++ b/test/results/default/rsh-syslog-false-positive.pcap.out
@@ -7,9 +7,9 @@
00877{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1464076252968094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":303,"pkt_l4_len":283,"thread_ts_usec":1464076252968094,"pkt":"RQABL74gQAA8Bq0hrB9OgawdK8kjTwICdUbV3TedTUKAGABzb+4AAAEBCAoozL94kELhBTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc4OTUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIK"}
01129{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1464076252980094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":490,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":490,"pkt_l4_len":470,"thread_ts_usec":1464076252980094,"pkt":"RQAB6r4hQAA8BqxlrB9OgawdK8kjTwICdUbW2DedTUKAGABzmrEAAAEBCAoozL+EkELhGDwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc5MTArMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyBjbiB1c2VyUGFzc3dvcmQgZ2lkTnVtYmVyIG1vZGlmeVRpbWVzdGFtcCBtb2RpZnlUaW1lc3RhbXAKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk1NzkxNiswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDUgRU5UUlkgZG49ImNuPWludHNpci1hZG1pbnMsb3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc5MjArMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNFQVJDSCBSRVNVTFQgdGFnPTEwMSBlcnI9MCBuZW50cmllcz0xIHRleHQ9Cg=="}
01473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1464076252992093,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"pkt_datalink":12,"pkt_caplen":749,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":749,"pkt_l4_len":729,"thread_ts_usec":1464076252992093,"pkt":"RQAC7b4iQAA8BqthrB9OgawdK8kjTwICdUbYjjedTUKAGABzWYUAAAEBCAoozL+RkELhJDwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NzA5MzUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ2IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKGdpZE51bWJlcj02MDAwMSkob2JqZWN0Q2xhc3M9cG9zaXhHcm91cCkoY249KikoJihnaWROdW1iZXI9KikoIShnaWROdW1iZXI9MCkpKSkiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NzA5NTArMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ2IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyBjbiB1c2VyUGFzc3dvcmQgZ2lkTnVtYmVyIG1lbWJlcnVpZCBtb2RpZnlUaW1lc3RhbXAgbW9kaWZ5VGltZXN0YW1wCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NzA5NTUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ2IEVOVFJZIGRuPSJjbj1pbnRzaXItYWRtaW5zLG91PWdyb3VwZXMsZGM9aW4sZGM9cGhtLGRjPWVkdWNhdGlvbixkYz1nb3V2LGRjPWZyIgo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTcwOTYwKzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NiBTRUFSQ0ggUkVTVUxUIHRhZz0xMDEgZXJyPTAgbmVudHJpZXM9MSB0ZXh0PQo="}
-00361{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253006101,"packet_id":6,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_usec":1464076253006101}
+00361{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253006101,"packet_id":6,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_usec":1464076253006101}
01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1084,"pkt_l4_len":0,"thread_ts_usec":1464076252992093,"pkt":"RQAEPL4jQAA8BqoRrB9OgawdK8kjTwICdUbbRzedTUKAGABzdzIAAAEBCAoozL+dkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5MjgrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NDMrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTg3OTQ5KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NyBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NTMrMDI6MDAgbGRhcDAxIHNsYXA="}
-00361{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101}
+00361{"error_event_id":14,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1464076253008101,"packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101}
01658{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_datalink":12,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1400,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="}
00988{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00857{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/rsh-syslog-false-positive.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":8,"packets-processed":8,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1464076253018101}
Powered by cgit, Themed by Ted Yin.