summaryrefslogtreecommitdiff
path: root/test/results/default/tls_unidirectional.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/tls_unidirectional.pcap.out')
-rw-r--r--test/results/default/tls_unidirectional.pcap.out8
1 files changed, 4 insertions, 4 deletions
diff --git a/test/results/default/tls_unidirectional.pcap.out b/test/results/default/tls_unidirectional.pcap.out
index 8959487a3..51737f0da 100644
--- a/test/results/default/tls_unidirectional.pcap.out
+++ b/test/results/default/tls_unidirectional.pcap.out
@@ -1,5 +1,5 @@
-00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4365-b08c787f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
-00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053848567575}
+00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
+00637{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1639053848567575}
00786{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848567575,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1639053848567575,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1639053848567575,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAAPBpQAAA0Bm8SjvobvAqMSBgUbDFuUzeA1SLoaN2gEv\/\/alkAAAIEBVAEAggK1TA3SQAvLkoBAwMI"}
02367{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqFAAA0BmmhjvobvAqMSBgUbDFuUzeA1iLoaYSAEAEF8lAAAAEBCArVMDfpAC8u7BYDAwA\/AgAAOwMDYbH6GObXMcPZc0\/u\/07ySDL99AAM65vqRE9XTkdSRAEAwCsAABMAFwAA\/wEAAQAACwACAQAAIwAAFgMDGMULABjBABi+AA21MIINsTCCDJmgAwIBAgIRAL6SfJeXpnf+CgAAAAEZUYgwDQYJKoZIhvcNAQELBQAwRjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjExMTAxMDIxOTUyWhcNMjIwMTI0MDIxOTUxWjAXMRUwEwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARLbBeX0LU3pUWH+9THnnoTQpPglvYMsDQRme2L8rmDF7QEHRFBON4Z6Ol4rL30ubSFYN6X86eKdFg2N4IKsQ0Vo4ILkjCCC44wDgYDVR0PAQH\/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB\/wQCMAAwHQYDVR0OBBYEFB918eNtsRAgQAykLBR6lPrqjLfUMB8GA1UdIwQYMBaAFIp0f6+Fze6VzT2c0OJGFPNxNR0nMGoGCCsGAQUFBwEBBF4wXDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AucGtpLmdvb2cvZ3RzMWMzMDEGCCsGAQUFBzAChiVodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHMxYzMuZGVyMIIJQgYDVR0RBIIJOTCCCTWCDCouZ29vZ2xlLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYIJKi5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboIQKi5nc3RhdGljLWNuLmNvbYIPZ29vZ2xlY25hcHBzLmNughEqLmdvb2dsZWNuYXBwcy5jboIRZ29vZ2xlYXBwcy1jbi5jb22CEyouZ29vZ2xlYXBwcy1jbi5jb22CDGdrZWNuYXBwcy5jboIOKi5na2VjbmFwcHMuY26CEmdvb2dsZWRvd25sb2Fkcy5jboIUKi5nb29nbGVkb3dubG9hZHMuY26CEHJlY2FwdGNoYS5uZXQuY26CEioucmVjYXB0Y2hhLm5ldC5jboILd2lkZXZpbmUuY26CDSoud2lkZXZpbmUuY26CEWFtcHByb2plY3Qub3JnLmNughMqLmFtcHByb2o="}
@@ -8,7 +8,7 @@
02383{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqHAAA0BmmfjvobvAqMSBgUbDFuUzeLXiLoaYSAEAEFo1kAAAEBCArVMDfpAC8u7HVyY2hpbi5jb22CCHlvdXR1LmJlggt5b3V0dWJlLmNvbYINKi55b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CD3lvdXR1YmVraWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcqLnl0LmJlghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYIbZGV2ZWxvcGVyLmFuZHJvaWQuZ29vZ2xlLmNughxkZXZlbG9wZXJzLmFuZHJvaWQuZ29vZ2xlLmNughhzb3VyY2UuYW5kcm9pZC5nb29nbGUuY24wIQYDVR0gBBowGDAIBgZngQwBAgEwDAYKKwYBBAHWeQIFAzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3Jscy5wa2kuZ29vZy9ndHMxYzMvZlZKeGJWLUt0bWsuY3JsMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHUAUaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN\/tSLBeUAAAF82YK70QAABAMARjBEAiARmGVm7JB3\/oaiBObGX7ROVBBSBRLYITFiTlEAkfPyHgIgcCqtTtRkXEWtBLRMdlLCyCYM1mcHiE111yE3Oz\/NZIAAdwBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiFq\/L8cP5tRwAAAXzZgruvAAAEAwBIMEYCIQCdEWa\/V20J9qsoD+RWkg98YsZ+GN7Iw02KvnAz9ok\/BQIhAIUpxYOKIJBQapnn340xxt3\/h79Jm5lUc5BI1s6PP4IAMA0GCSqGSIb3DQEBCwUAA4IBAQABqQYCPziQTB9R2Rgn5Q8W9muFuMiL4KxImQgWyMFIzShVMs4tIvcdbxGCTlA9XAgmyeDKzU2kf\/bc7nhWpWCLIA45f8+E9bVyHr\/X4mri7FiDHK2XCXO0FRC3eZdepiGSobgPjXlY3Fe7j7+iCnir3opglZmCSKGSUlJMiRAr0AeCNtNEpLzqKc1rUyIpSe7ExrIITKl54o\/8ETyKOlT61jBq4Mbjhmtn0bsrRvaJfV9SOBCa+HlHt+j\/OMqIRm0JNViqmtqAn3eHET3kepM8j2LM3MNs6rMYC9GX6t\/kdQ9LuBdtLk5Beg1yxxPZQicDwEvmo\/KKC8OFwyRb+wekAAWaMIIFljCCA36gAwIBAgINAgO8U1lrNMcY9QFQZjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMjAwODEzMDAwMDQyWhcNMjcwOTMwMDAwMDQyWjBGMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzETMBEGA1UEAxMKR1RTIENBIDFDMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPWI3+dijB43+DdCkH9sh9D7ZYIl\/ejLa6T\/belaI+KZ9hzpkgOZE3wJCor6QtZeViSqejOEH9Hpabu5dOxXTGZok3c3VVP+ORBNtzS7XyV3NzsXlOo85Z3VvMO0Q+sup0fvsEQRY9i0QYXdQTBIkxu\/t\/bgRQIh4JZCF8\/ZK2VWNAcmBA2o\/X3KLu\/qSHw3TT8An4Pf73WELnlXXPxXbhqW\/\/yMmqaZviXZf5YsBvcRKgKAgOtjGDxQSYflispfGStZloE="}
02381{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1639053848727889,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1418,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1418,"pkt_l4_len":1380,"thread_ts_usec":1639053848727889,"pkt":"AAAAAAAAAAMAAAAIgQABNAgARQAFeBqIAAA0BmmejvobvAqMSBgUbDFuUzeQoiLoaYSAEAEFW90AAAEBCArVMDfpAC8u7ACg+1HbyncLC8mWT+9wScdcbSD9mbS04soud\/0t3Au2axMMjBkrF5aYufCL9qAnu7bjjVGPva7Hm7GJnQIDAQABo4IBgDCCAXwwDgYDVR0PAQH\/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAGAQH\/AgEAMB0GA1UdDgQWBBSKdH+vhc3ulc09nNDiRhTzcTUdJzAfBgNVHSMEGDAWgBTkrysmcRorSCeFL1JmLO\/wiRNxPjBoBggrBgEFBQcBAQRcMFowJgYIKwYBBQUHMAGGGmh0dHA6Ly9vY3NwLnBraS5nb29nL2d0c3IxMDAGCCsGAQUFBzAChiRodHRwOi8vcGtpLmdvb2cvcmVwby9jZXJ0cy9ndHNyMS5kZXIwNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5wa2kuZ29vZy9ndHNyMS9ndHNyMS5jcmwwVwYDVR0gBFAwTjA4BgorBgEEAdZ5AgUDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vcGtpLmdvb2cvcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMAgGBmeBDAECAjANBgkqhkiG9w0BAQsFAAOCAgEAiX2sIFwMPL6aqFeVG7Su+qulcnG0NpX930ARA0zCRhS7FCSr8FBxItutxG5\/z\/Fqb8iDG9jOiV+HbIe4qQyjm6FilJOV31uuZhkLApae\/LXnEGk+estGSV9G4UGx15hNZTQAgBo\/T59sf0kAgVNBpJIhgoIa8aNEWypQEhNNwVM280IIr1T6jndTG2Q4JxcJvVjJG3w5LVvzztTtl9sUA78JUyQfwgwEeZgm8mHxU1L9QowbZis\/FaG7\/\/ab44GaAQZxiTUoJN3hvesZLeFIyz1Zg1G0dMadfMaxhluvzDTE08zUgRGVAKH0EiIB+rSDca+Mt4xzJKw3U8IAkD8R\/lztNpQQO70pruLHOmI7bGPZgL9ZcaxjJ7lMF6Da9nMVvyrej\/OlbDKBMwPQhlFxmTS6k41dtVFY97KT6AH2Wb5xm\/1NKM7PbccW3PfR1kabp8pr6XcP\/aC2GyODHRAa2QkAhOBE06J1I7M0hvYgsKReEB3gUkYAnbEPHyFwUfWa3Qb8VfQrDjN3w0tCwvF3E\/xzgJTrH7s3P84CKmawcx0ypTJsMrCO4MQj\/1t9TWVwrCubPc7b4G2OMoC+lp+SY7yXu1259OFxXirk7wMisYplOo\/Ak2XUhc0PD1uDWRZHFi2cJDrIgKYmFIWb9jebrG\/5xcMGUfPif8WxELpR9N0ABWYwggViMIIESqADAgECAhB3vQ1s2zb5GuohD8TwWNMNMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwHhcNMjAwNjE5MDAwMDQyWhcNMjgwMTI4MDAwMDQyWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf\/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKY="}
03807{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639053848727919,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","server_names":"*.google.com,*.appengine.google.com,*.bdn.dev,*.cloud.google.com,*.crowdsource.google.com,*.datacompute.google.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleadapis.com,*.googleapis.cn,*.googlevideo.com,*.gstatic.cn,*.gstatic-cn.com,googlecnapps.cn,*.googlecnapps.cn,googleapps-cn.com,*.googleapps-cn.com,gkecnapps.cn,*.gkecnapps.cn,googledownloads.cn,*.googledownloads.cn,recaptcha.net.cn,*.recaptcha.net.cn,widevine.cn,*.widevine.cn,ampproject.org.cn,*.ampproject.org.cn,ampproject.net.cn,*.ampproject.net.cn,google-analytics-cn.com,*.google-analytics-cn.com,googleadservices-cn.com,*.googleadservices-cn.com,googlevads-cn.com,*.googlevads-cn.com,googleapis-cn.com,*.googleapis-cn.com,googleoptimize-cn.com,*.googleoptimize-cn.com,doubleclick-cn.net,*.doubleclick-cn.net,*.fls.doubleclick-cn.net,*.g.doubleclick-cn.net,doubleclick.cn,*.doubleclick.cn,*.fls.doubleclick.cn,*.g.doubleclick.cn,dartsearch-cn.net,*.dartsearch-cn.net,googletraveladservices-cn.com,*.googletraveladservices-cn.com,googletagservices-cn.com,*.googletagservices-cn.com,googletagmanager-cn.com,*.googletagmanager-cn.com,googlesyndication-cn.com,*.googlesyndication-cn.com,*.safeframe.googlesyndication-cn.com,app-measurement-cn.com,*.app-measurement-cn.com,gvt1-cn.com,*.gvt1-cn.com,gvt2-cn.com,*.gvt2-cn.com,2mdn-cn.net,*.2mdn-cn.net,googleflights-cn.net,*.googleflights-cn.net,admob-cn.com,*.admob-cn.com,*.gstatic.com,*.metric.gstatic.com,*.gvt1.com,*.gcpcdn.gvt1.com,*.gvt2.com,*.gcp.gvt2.com,*.url.google.com,*.youtube-nocookie.com,*.ytimg.com,android.com,*.android.com,*.flash.android.com,g.cn,*.g.cn,g.co,*.g.co,goo.gl,www.goo.gl,google-analytics.com,*.google-analytics.com,google.com,googlecommerce.com,*.googlecommerce.com,ggpht.cn,*.ggpht.cn,urchin.com,*.urchin.com,youtu.be,youtube.com,*.youtube.com,youtubeeducation.com,*.youtubeeducation.com,youtubekids.com,*.youtubekids.com,yt.be,*.yt.be,android.clients.google.com,developer.android.google.cn,developers.android.google.cn,source.android.google.cn","notafter":"2022-01-24 02:19:51","ja3":"","ja3s":"84aaf6d03fc8c5bfb56d1d188735b268","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Google Trust Services LLC, CN=GTS CA 1C3","subjectDN":"CN=*.google.com","fingerprint":"02:64:CA:2E:8A:2F:BB:C4:97:9D:A7:AC:2B:47:FF:DE:28:0E:71:B1"}}}
-00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663090549161771}
+00641{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":7,"packets-processed":6,"total-skipped-flows":0,"total-l4-payload-len":6544,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":11,"global_ts_usec":1663090549161771}
00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090549161771,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1663090549161771,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1663090549161771,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA8b6ZAAEAGlofAqAGAw7WusLyEAbsbAqeoAAAAAKAC+vBE2wAAAgQFtAQCCAo49hnFAAAAAAEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1663090549179586,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549179586,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6dAAEAGlo7AqAGAw7WusLyEAbsbAqep\/y9LZoAQAfZHFAAAAQEICjj2GdaczD4K"}
@@ -18,7 +18,7 @@
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1663090549200840,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1663090549200840,"pkt":"pJGxgjQ5PKn0qB\/sCABFAAA0b6pAAEAGlovAqAGAw7WusLyEAbsbAqjK\/y9VRoAQAeU7+gAAAQEICjj2GeyczD4e"}
01225{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1639053848567575,"flow_src_last_pkt_time":1639053848727919,"flow_dst_last_pkt_time":1639053848567575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6544,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090558366747,"l3_proto":"ip4","src_ip":"142.250.27.188","dst_ip":"10.140.72.24","src_port":5228,"dst_port":12654,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.Google","proto_id":"91.126","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01450{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":27,"flow_dst_packets_processed":0,"flow_first_seen":1663090549161771,"flow_src_last_pkt_time":1663090607951443,"flow_dst_last_pkt_time":1663090549161771,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5903,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1663090607951443,"l3_proto":"ip4","src_ip":"192.168.1.128","dst_ip":"195.181.174.176","src_port":48260,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}},"31": {"risk":"Uncommon TLS ALPN","severity":"Medium","risk_score": {"total":610,"client":485,"server":125}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.AnyDesk","proto_id":"91.252","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
-00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":12447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1663090607951443}
+00647{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":33,"source":"cfgs\/default\/pcap\/tls_unidirectional.pcap","alias":"nDPId-test","version":"1.6.0","ndpi_version":"4.9.0-4365-b08c787f","packets-captured":33,"packets-processed":33,"total-skipped-flows":0,"total-l4-payload-len":12447,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":21,"global_ts_usec":1663090607951443}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 33/33
~~ skipped flows.............: 0
Powered by cgit, Themed by Ted Yin.