aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/stun.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/stun.pcap.out')
-rw-r--r--test/results/default/stun.pcap.out16
1 files changed, 8 insertions, 8 deletions
diff --git a/test/results/default/stun.pcap.out b/test/results/default/stun.pcap.out
index d05820277..be41c0e0e 100644
--- a/test/results/default/stun.pcap.out
+++ b/test/results/default/stun.pcap.out
@@ -27,7 +27,7 @@
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938022295727,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAcI38AAQAAIRKkQkJxcUN2YzZ5L2tJZQ=="}
00997{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022295727,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022295727,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1614938022295727,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938022302588,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0NvABAQAYIRKkQkJxcUN2YzZ5L2tJZQABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="}
-00983{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356444167246,"flow_dst_last_pkt_time":1595356444391402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01014{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1595356443140497,"flow_src_last_pkt_time":1595356444167246,"flow_dst_last_pkt_time":1595356444391402,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":360,"flow_dst_tot_l4_payload_len":240,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","src_port":43016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}}
01049{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1595356444494918,"flow_src_last_pkt_time":1595356444494918,"flow_dst_last_pkt_time":1595356444494918,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":88,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1614938022302588,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"74.125.247.128","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}}},"confidence": {"6":"DPI"},"proto":"ICMP","proto_id":"81","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938022302588,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":82,"pkt_l4_len":28,"thread_ts_usec":1614938032427953,"pkt":"AAAAAAAAAAQADrOzht1gAAAAABwRPzUWvwv8U3XncK\/2f45J9gMqOOFWgWejM\/rOsAwAACTZ3jANlgAc7vkAAQAAIRKkQjNwdjFXT0JUck9YUg=="}
00599{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1614938032427953,"flow_dst_last_pkt_time":1614938032434845,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_usec":1614938032434845,"pkt":"AAAAAAAAAAMAYN1Qht1kgAAAADQRNCo44VaBZ6Mz+s6wDAAAJNk1Fr8L\/FN153Cv9n+OSfYDDZbeMAA0AmsBAQAYIRKkQjNwdjFXT0JUck9YUgABABQAAt4wIAEWcAAM6wRwr\/Z\/jkn2Aw=="}
@@ -45,7 +45,7 @@
00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451254377,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":178,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":178,"pkt_l4_len":144,"thread_ts_usec":1629291451258494,"pkt":"CL6sCxdumt9Y+uvcCABFAACkVYNAAEARojHAqAypHw1WNpTrnEMAkHyWAAMAdCESpEI1elVqTVhIdmV3K3MAGQAEEQAAAAAGABBNZjJoOUhpNWFQTVJwbEYxABQAD3R1cm5lci5mYWNlYm9vawAAFQAoYmIwMzFkNjFjY2MxYmU4MmUyNDAxNDQzNWVkNTJmMjZmYmE2MjQ4MwAIABSHhqaIN2rgJVJbblyGsNjNga5wAA=="}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":4,"flow_src_last_pkt_time":1629291451258494,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":118,"pkt_l4_len":84,"thread_ts_usec":1629291451270324,"pkt":"mt9Y+uvcCL6sCxduCABFAABoR\/RAAFURmvwfDVY2wKgMqZxDlOsAVNHFAQMAOCESpEI1elVqTVhIdmV3K3MAIAAIAAEKiHw9RkMAFgAIAAHzDz4f8nQADQAEAAADhAAIABQOnZFMqSzdx5eUgJnLKFvGMJq2Uw=="}
00697{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":5,"flow_src_last_pkt_time":1629291457262853,"flow_dst_last_pkt_time":1629291451270324,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":182,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":182,"pkt_l4_len":148,"thread_ts_usec":1629291457262853,"pkt":"CL6sCxdumt9Y+uvcCABFAACoVltAAEARoVXAqAypHw1WNpTrnEMAlIWPAAgAeCESpEJGYi9SMVA1cFBNWWQAEgAIAAGMueG6pCQABgAQTWYyaDlIaTVhUE1ScGxGMQAUAA90dXJuZXIuZmFjZWJvb2sAABUAKGJiMDMxZDYxY2NjMWJlODJlMjQwMTQ0MzVlZDUyZjI2ZmJhNjI0ODMACAAUTGbb+kTKlKKmYo+\/Jw5ehEWYdT8="}
-02350{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+02379{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":98,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291458067482,"flow_dst_last_pkt_time":1629291458262623,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":140,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":2076,"flow_dst_tot_l4_payload_len":1496,"midstream":0,"thread_ts_usec":1629291458262623,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":34,"avg":446593.3,"max":6004359,"stddev":1462539.6,"var":2139022032896.0,"ent":1.9,"data": [11521,15638,15947,6004359,4743,5997443,4483,7520,7140,108439,344493,499169,68464,195,19689,29038,92171,23636,96419,1566,50324,48303,277,50092,3265,34,52919,437,9663,44853,232153]},"pktlen": {"min":56,"avg":139.6,"max":168,"stddev":32.1,"var":1033.4,"ent":5.0,"data": [56,132,164,104,168,168,140,168,140,72,164,164,160,168,128,72,164,128,160,128,164,160,128,164,128,160,128,168,128,72,160,160]},"bins": {"c_to_s": [1,0,0,4,12,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,3,1,6,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,0,1,1,0,0,1,0,0,1,0,1,1,0,0,1,0,0,1,1,1,0,0,1,0,1],"entropies": [4.949250221,5.629978180,5.902420998,5.787013531,5.926646233,5.987994671,5.561037540,5.822503567,5.524854183,5.646986008,5.864535809,5.979504585,5.991234303,5.944041729,5.750370979,5.532198906,5.952124596,5.921264172,5.968927860,5.858764172,5.939929485,5.964835167,5.834393978,6.016089916,5.896893978,6.048427582,5.933710575,5.919234276,5.831344128,5.608724117,6.145952225,6.009518147]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}}
01018{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":138,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":21,"flow_first_seen":1614938022295727,"flow_src_last_pkt_time":1614938213778839,"flow_dst_last_pkt_time":1614938213785682,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":20,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":44,"flow_src_tot_l4_payload_len":420,"flow_dst_tot_l4_payload_len":924,"midstream":0,"thread_ts_usec":1629291461216501,"l3_proto":"ip6","src_ip":"3516:bf0b:fc53:75e7:70af:f67f:8e49:f603","dst_ip":"2a38:e156:8167:a333:face:b00c::24d9","src_port":56880,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00795{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":142,"packets-processed":141,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":10660,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":5,"total-detection-updates":4,"total-updates":3,"current-active-flows":1,"total-active-flows":5,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1643626018009166}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018009166,"flow_dst_last_pkt_time":1643626018009166,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643626018009166,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
@@ -56,7 +56,7 @@
00704{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":4,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_usec":1643626018276412,"pkt":"AAAAAAAAAAIAmUIoCABFAACsWRhAAC4GyFdXL2QRNgE5mw2WkYlv2uExZMfOEYAYAOOJVAAAAQEICp\/buCoHYsVhARMAZCESpEJwTVNWeGJTOWtyTkQACQAQAAAEAVVuYXV0aG9yaXplZAAVABBjYmNkY2NjZjczNTNhNzEwABQADWFwcHMtaG9zdC5jb21pZGWAIgAaQ290dXJuLTQuNS4wLjUgJ2RhbiBFaWRlcicABIAoAAQF+V\/p"}
00972{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":145,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018269673,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":120,"flow_dst_max_l4_payload_len":28,"flow_src_tot_l4_payload_len":120,"flow_dst_tot_l4_payload_len":56,"midstream":0,"thread_ts_usec":1643626018276412,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com","stun": {}}}
00730{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":146,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":5,"flow_src_last_pkt_time":1643626018276412,"flow_dst_last_pkt_time":1643626018282040,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_usec":1643626018282040,"pkt":"AAAAAAAAAAUALNPrCABFAADAFV1AAD8G+v42ATmbVy9kEZGJDZZkx84tb9rhqYAYAQDFDgAAAQEICgdixmqf27gqAAMAeCESpEIwS0liOW85U1ZZeVMAGQAEEQAAAAAGACwxNjQzNjI5NTI3OlJPVUxPTTMwMDErdDc4eUlLaXlmZEUzQVZON2Frc3RYdwAUAA1hcHBzLWhvc3QuY29tAAAAABUAEGNiY2RjY2NmNzM1M2E3MTAACAAUEKPLC4yIRo0ZYTSYOcifZ5nxpRk="}
-01123{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01152{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_src_packets_processed":40,"flow_dst_packets_processed":35,"flow_first_seen":1629291451242856,"flow_src_last_pkt_time":1629291461328776,"flow_dst_last_pkt_time":1629291461336154,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":148,"flow_dst_max_l4_payload_len":132,"flow_src_tot_l4_payload_len":4454,"flow_dst_tot_l4_payload_len":2950,"midstream":0,"thread_ts_usec":1643626018957379,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"31.13.86.54","src_port":38123,"dst_port":40003,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.FacebookVoip","proto_id":"78.268","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turner.facebook"}}
00795{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":162,"packets-processed":161,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":13004,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":6,"total-detection-updates":5,"total-updates":3,"current-active-flows":1,"total-active-flows":6,"total-idle-flows":5,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":60,"global_ts_usec":1647958145472010}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":108,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":108,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1647958145472010,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00655{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":162,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1647958145472010,"flow_dst_last_pkt_time":1647958145472010,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":150,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":150,"pkt_l4_len":116,"thread_ts_usec":1647958145472010,"pkt":"CL6sCxdumt9Y+uvcCABFAACIXMVAAEARLvHAqAypjvpSY8ABDZYAdIYdAAEAWCESpEJ3bGtZRHRGSndEMi8ABgAVVlVBazZBeTdodnVMbkxHTzp0eUd1AAAAwFcABAADAAqAKgAIm1kRHMWaA6wAJAAEbn8e\/wAIABQgoq\/oigOja2ENES7+eYfoJkViaIAoAARShoZ6"}
@@ -68,7 +68,7 @@
02134{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":5,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1240,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1240,"pkt_l4_len":1206,"thread_ts_usec":1647958145521909,"pkt":"mt9Y+uvcCL6sCxduCABFgATKCTkAAGgRlbuO+lJjwKgMqQ2WwAEEtpQxFv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79YjnYgQ5eG2LfZqyVyxoZi+6CtOTsYwsdJCYMKROVXGcAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAEAFv79AAAAAAAAAAECuAsAAqwAAQAAAAACrAACqQACpjCCAqIwggGKAgkAny3VlFYafIkwDQYJKoZIhvcNAQELBQAwEzERMA8GA1UEAwwIaGFuZ291dHMwHhcNMjIwMzE3MDIxMTE3WhcNMjMwMzE4MDIxMTE3WjATMREwDwYDVQQDDAhoYW5nb3V0czCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJN79VYhJJmaCot75jmGh6xWJYN2151GuDW0nfg2Df6Jmbrp31upp3kHxQJWmGaSPXRYfml8Cl3Tg86JKDMEmrhxjL\/R\/1AjvIfyaYtHXzF\/xB7OESvX36WqhTavBqUaUaDusLznYi+r8IZNxP9b986\/blklElf2DpdOu2w4VLXuh4gGmMsx1vKP5IPsMK3vUP1xD8T1nxfMNhLmqRi8PeSnZ48\/THj1BX5yGpA+VWHX3p0+BT1LmsuIJbETYptnrZhhI7d2wsebrfvZbl6c+Wyfz\/unnO4UCeGsa7n+WcHNS\/fxajl1lkk27V54A+RXJQ4hzFOgk7RiVugSIm70Tw0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAfSgM9durzGL4ir9VkG8itVG+ioss9WUosFBER2ocK9Kfg37EPR0V5sTPtc+o62NhqvZxUI8el5M17SX+ledWCBYram8Y9lcJslDd8jQTVaK\/g4kPv0HES1rPFcm05+7xjeonRitLYSr4szNvR5m4MiltT3AAtdEh4fVVCTF1v\/B6XbGasMdsH5FgjIgGu\/o\/ah\/90wM9GbLkmNBxqh9PUPrt3H0BhWgTYWqi8EQkhOIoAet+8a2pzP8KK\/3Jk4ZvoLZnYdyM+b2dEYMWGpKNocvc6gy1NGkViOvdiMOC4wKAazQb66jsfjq01Rd7TJOyVz2Zn\/Gvqi45ZQ2n6Pq+jxb+\/QAAAAAAAAACATQMAAEoAAIAAAAAASgDAB0gWO85qTgc41jsrYAVUV8Pam2fB7qlNCO+CG\/yV46IE34IBAEAQiatr1myYKLGqbU09xBd7W5hs4AeIGZh6Ok5JysE6JnDlAH7vqbHtKO\/w5eO6qNhlPKD185ipReDt+\/7SN3JbOhAQsxNuub8QVkn6xeShY3gCzDAl2BtRlsVnWLYIMiY\/C6lbHho8XEs7VF7jTKIbjPqaOFR6lavjuQRiAFHF4YqtYOXs29HqkGzWn78ry62PLQncem6Ajcx4IeAs4lItRuxWILyDXGQ9aY0N+f+hO1+3QDyWbL3qVsD0p\/vAzfqL06mfhZB6HtpUaUTBPlXRD8So0qSwyu+0YSNJKPQUm11a7IGOPScniv+hStTpzVhgdQiVYvn9Q+cFwHXqFOrEhb+\/QAAAAAAAAADACUNAAAZAAMAAAAAABkCAUAAEgQDCAQEAQUDCAUFAQgGBgECAQAAFv79AAAAAAAAAAQADA4AAAAABAAAAAAAAA=="}
01319{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":166,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958145516401,"flow_dst_last_pkt_time":1647958145521909,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":108,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":153,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":373,"flow_dst_tot_l4_payload_len":1290,"midstream":0,"thread_ts_usec":1647958145521909,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"6C:D0:9A:70:A1:F1:9E:BF:8E:EF:FE:B6:F1:37:A3:E8:8A:3B:F7:C8","blocks":0}}}
02210{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":193,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1647958145472010,"flow_src_last_pkt_time":1647958147569135,"flow_dst_last_pkt_time":1647958147445904,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":546,"flow_dst_max_l4_payload_len":1198,"flow_src_tot_l4_payload_len":2034,"flow_dst_tot_l4_payload_len":2806,"midstream":0,"thread_ts_usec":1647958147569135,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"142.250.82.99","src_port":49153,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":10,"avg":131323.2,"max":835905,"stddev":227053.5,"var":51553292288.0,"ent":3.4,"data": [22933,25637,18754,26966,8994,16545,8218,21,95990,9415,96088,13935,9667,14034,28,10,28365,12045,233249,17389,835905,625348,352669,699812,203670,550729,72132,9045,20632,28113,14681]},"pktlen": {"min":62,"avg":179.2,"max":1226,"stddev":221.3,"var":48965.1,"ent":4.4,"data": [136,120,181,140,1226,574,120,109,598,109,140,145,161,120,141,93,97,93,113,62,93,140,120,62,110,140,120,94,94,95,95,95]},"bins": {"c_to_s": [0,0,9,5,2,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,9,2,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,0,1,1,1,0,0,1,0,1,1,1,1,0,0,1,1,0,1,1,0,0,1,0,0,0,0,0],"entropies": [5.892770290,5.917269707,5.007872105,5.887039185,7.338845253,6.721559048,5.830899239,5.701940536,7.409162045,5.674040794,6.041372776,6.178256989,6.436406612,5.927646160,6.099106312,5.359262466,5.425189495,5.590319157,5.866630077,5.268241882,5.246464729,5.907410622,5.825631142,5.235982895,6.120714188,5.927108288,5.950603008,6.068934917,6.005105495,5.939156055,6.060311317,5.943433762]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-00969{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
+00996{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":11,"flow_first_seen":1643626018009166,"flow_src_last_pkt_time":1643626018957379,"flow_dst_last_pkt_time":1643626018908035,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":168,"flow_dst_max_l4_payload_len":288,"flow_src_tot_l4_payload_len":892,"flow_dst_tot_l4_payload_len":1452,"midstream":0,"thread_ts_usec":1647958147591534,"l3_proto":"ip4","src_ip":"87.47.100.17","dst_ip":"54.1.57.155","src_port":3478,"dst_port":37257,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"apps-host.com"}}
00795{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":195,"packets-processed":194,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":17910,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":7,"total-detection-updates":7,"total-updates":3,"current-active-flows":1,"total-active-flows":7,"total-idle-flows":6,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":72,"global_ts_usec":1661169535535091}
00781{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":195,"source":"cfgs\/default\/pcap\/stun.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"}
@@ -98,10 +98,10 @@
~~ total active/idle flows...: 9/9
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6669641 bytes
-~~ total memory freed........: 6669641 bytes
+~~ total memory allocated....: 6669713 bytes
+~~ total memory freed........: 6669713 bytes
~~ total allocations/frees...: 114317/114317
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 538 chars
-~~ json message max len.......: 2355 chars
-~~ json message avg len.......: 1445 chars
+~~ json message max len.......: 2384 chars
+~~ json message avg len.......: 1460 chars
Powered by cgit, Themed by Ted Yin.