summaryrefslogtreecommitdiff
path: root/test/results/default/ultrasurf.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/ultrasurf.pcap.out')
-rw-r--r--test/results/default/ultrasurf.pcap.out4
1 files changed, 2 insertions, 2 deletions
diff --git a/test/results/default/ultrasurf.pcap.out b/test/results/default/ultrasurf.pcap.out
index b4bb91ccb..f39c933e4 100644
--- a/test/results/default/ultrasurf.pcap.out
+++ b/test/results/default/ultrasurf.pcap.out
@@ -7,7 +7,7 @@
02292{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1656652731631188,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_usec":1656652731631188,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7xQAA3Bt\/lQTFEGQqEABfDhZQKC2OXGUpUkTKAEAFmw0YAAAEBCAom3sgTA1a0\/SxS3iaqHGBX0a8rgr8EFwZv7fbGR3LsZjVMCYTlteWImHMg7dpDQx6QAkVSKrBDRWsAgkFKUO9XRHQzEdcVJv+Jk6+iQYy27OR2Ruv0q0NyJCK8q8neLYQxD7xGx95YziHhCPmx+v2VJKWqXvo5pekBzrhigp\/0TmX3aYQplVTgwksBVP1wSVYSvnxpw4x3MGHY6EK1PhkChr6I2QaCOOskNMVQXjje52Gr0TD6cnIJniT0zvgTXSdGXH4d1pNmH6VI38eKJmR97TCaHW4VbObiULCNV965z+H0nCojIGmrzSNlYRkWatbld8Zbak+Ve9Ye2qFSUfesBybrU8MPKChWDS4szas\/0\/+O+hp7fTEBfmCOnTwpeZ+9ckDlu30IjD3klrlcZcGx59JJ23VaL3mRHXN2m7OYXYqgEUyKkpkk87MSdGKaT3iv+xeB8fdAD0S5iESPxvCatNGVxlnPWQC6LE2Mwk\/UPzo8wmxmWU\/4g2SzkG6fIhc2KfKoBTSS\/18XObBYhTCKn8tmchtQQnCFEhJwUqNPVQHAM7VWv97\/MrpK1Gg3ow57h3u6bsT3zD+7JqhTzfzSb+JLf+gPPuPmKrDBND362h9HtUe4u54hmK0emiAYbKHemgqk5ObUECg98wBR8GbmhEjkgqd5l9MpJjXEnZd7YjYb9HqCPVuTVofELhtwiquLU41YKvkqj9qHY3i83C4I5rsGWBIQz9jCnG\/LAO0gc+K5MhM0jD8w9afyXqZxxIWbvFCzYdvaAxFsd+dbs6QyAzMjBlRwZZJGoKCRudoGu78iGcHZ9v4JjFh8PqFI5RKE50MXupgqZhn5s+mncV4ED4BR62InyQMO+2lSV8XApXho3jZD2BZYaHL8BxzViM2AnSYU40nV5P\/9Zcawh1bVQjVPNsaeHWxMJc5P+uhgQ7yN5cDddbbbFops91CwGboz\/Y\/iUMqNL+Au752094lP9CLdBHTtF0nwGndsTr7PXV2am5lVFY+07I13Rnwh96VlnzAEErq6QUJMFpXVjoILKF75mfhkzufc5ww1btEyyIToFedBu8inrM2nSfVR4GSH1acVyxGJN\/xPMqMoz7qX11hSlDnDNA70XCXcPknSvGQJeC42YvRZuyBXR4bSZJpW3uxAIMisVpx8HuvqUlRDvWeTkl\/KlLkLPqVG6A7V9IJ4CzPp2LGxX0mxIii\/hq8qrdBvVjXBSMG2kFGd1Gk2CYKUDdUedzWwHbeA+x19\/Z8W9DscgX5Ingwo9qBoCIrSYVEyo5A+Bu6P2A6MYai8bIL3N1ixp0uHekzl1S5Y5ONHOtGVOFVnwRx49hvB6HPO9wc0rIJSIsq9YnBJNWgIZNFkCjlBnZHso+vfBKU6hgL+4B1v8gJk8\/+OinGcG00MXqyjoV0hIPvX8fcu6dH9TclFMmJS42m7WMCCPvMCk17qoAwiC5hrfwamrAiYI\/PEcMUUmJwNoLE7aKVZ7926CN5wXkVGlgQDYNSoxPqXoHqtbU6arZQtfgfxuD27lKKUbZm7keaLAlr7T5d0Wedi07GEwl0yp+Np4OWX5kU2Sgn3juSmnKnaCzCcLk2W4PsHrD6xcXA4Ni176mRo2kV4lUcSZ9ReNwImdlBbdKoXwKkzjV8Aa0hRPMOK2kTBCfB1GhE91TGa9BbzjtvK4JbGfzJcCXKDHd6qGUGMR+lTKBl2gIfVx9fr7SRFiR3Ky\/s="}
02294{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1656652731631193,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1358,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1358,"pkt_l4_len":1320,"thread_ts_usec":1656652731631193,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAFPM7yQAA3Bt\/kQTFEGQqEABfDhZQKC2OcIUpUkTKAEAFmX14AAAEBCAom3sgTA1a0\/YnJx2iSuJ79A02iSpm6FwMDCxojqe3RWxYZ0M08ncnevlyLwEs736KI5r443nS22drmsh9uGhCZYkCFNBlUDFM\/fcySdr4s04uEoVmjB1uKTTY5O1iq2DJoI5MGxLgLg8QvJV6fvfCXZ6RnE4dDQiIKlGpZ6tXLF6Mz+ey\/8dFY2AT1rsNyhV+X0bV\/EOXEuIwmAFV1LryIayjOcu6vLr7ov6Mptz6sehsvUf5DGP17QZBXoW2mi\/Kcl3ShTTgwt9v\/wM1dq026xCaiPEQl60C4quZOkJ+JAEi4BqJdDXhLEMXqJxBfKJs5wqxk1jmzEo7g9L+32hLAaYbpfxct1aR8nxcnCyaOzryfCuVzZ\/wGfnagHAmXgL4EmFl0R0+fRYVNXcrs0FGzEHS3Gk7zsqtb4Z2n4PGcRW1qCVKOtuumWY1iFJNH0csOYTuNxKkkNDZPfQ+Dp3yZfVfSiwb4BGn9l38WHTE0YOKlq1yVGDmCUy6gdd79RDopbwFnPZttlJCCzCPkktS3t3KOcaB\/eGasChjxz6icscSxGydetqvpb9enMDnWVxeWK\/JCTdy8ohXEnSXaAwZsXmkENcBdlUD560QPkDd6GTg47Kv0CNmHztYt8zkV+f9NOu7APKLg1ObmOJR2+A2+qK6FW1J\/JJPfioNzfAxr6DHekohSKeWD4T0PLKXUfSS2apMfcJyrCJ5lNA5OlvLsSfELfXZTV+ju+lOmGbEvLY5mRqnxr8\/fdAo0dA5iy4drivybc673PvIX\/r8hnM1Nl9GSSvym27i7rvNxu11SD\/mRMC1Z+17RC2YYrQW86TdaxQblxFyg6fGcVWbUOmeZ9wQOI5lRENBqEZHZtMT66TOxeZfykesqzsO0m0aAFOMWVbPCc53IVy\/WEu9zjBOUlzUmrOZqroVoY4QWCJ1vKJHdxg6IGvfkOoaj+B9n5GvLx2d7kHqcgiXh31YiwZ6MMcdISC7STJZdKc9pp5fJ8Q+owXSpNzIWJpmj5k1t8G1hIMxmaAX74prYtUhMYtegD1jYHIOnCbSViIcR\/tQerx7JPyuG0GS8vjL\/gHMHK+EvglsbofCYvAEgYmCXTlmBRDffF0cA+FbdCZ9oITQ1ZOOgsrYmUuIBXFiI+KPAz1qkcTxZNfaPCBsrX5sIrkCNfTH29spcli4OKwsecg4F4Rf2EL+s0Ltyw2fW9zkDqHTXQLkeEQHrAPBAEsS7aCjmzp5TCXxZ3sh9FD26dfGZa0TmfegYQISUY+DD5qKYuZaEEGrRiuUknuKlxlNRFcGW5rxprJGAkmaBPtwTx0D16KblFvLs9qbs+W7dQ8CTNVCcuF\/CXAjiOU632\/5kKG2HF91WV2BZBqo71sue9l6UwdBzuHsJRchZ6Rr5NbETjZFdK0\/CCz4O8HbrNKjxsS0avnTcXWzgtgdt1FCQyw468K9zDoc2QMIKDrH3xcLN0odxSnOLty2f60LfsaPIxHTBsZEbkhbi1UbTwakfW6B93kvu7TM5t1+BgyGSUhH8O8ots9utFuXZxSzTU2SZEs\/EKJfcEzsf1XSRHfi3ne6hUntHe8NEEq+7cf0jSFSjLgp+1rpKOprJ2ErAhGrpJdBfKE1QquvVkdKe0NhdODLVkr6rSzTrgHF+6oXDXQoG9AX9qDGiPkI2Y1d3VEugsFLTl+7dCaK3p5RGcdyuy\/Qxh2ojlwRUVEarvKE0Ew0wQDE="}
04044{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1656652731642162,"flow_dst_last_pkt_time":1656652731609846,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":2646,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":2646,"pkt_l4_len":2608,"thread_ts_usec":1656652731642162,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAKRM7zQAA3BtrbQTFEGQqEABfDhZQKC2OhKUpUkTKAEAFmmhsAAAEBCAom3sgeA1a0\/eWOf\/UcqY2pj9uZK5RSGVXyvSf2ep2S+G3D3q4XopyKxPPraArtz1Rp80zJI+28ip08auJye\/jLk6lPk6rRFeTHNUnPjJ8ITJAbUoqJK47NV5lyVbZ6dHSXdjkqwkhw2BUPefSlTo+HmX46hK+vcWkaUqsMVA1o7r8KqpggrRoTB5FhJHQdKkS9irjiNc3\/6fIH5f0Rxm8bhymnjMLxFa5x+Yl9v5TcoLBkF+9Un4KjCfveTm2xqrEeXhmH9o6dDxxf2aIGsGv\/YsfhfAWdO5VNlMgKzj9AiGo4+tXvDV2r6lJHZ1laOGAY0mvhjU3N7wfId1JxMn+2L1caesF\/QesG5i17Yd1LBua1ekfQ0mbQpA0g366xu0wKV0sGWLyi1qFvA9GzXXvIZqD5sX\/4\/ZY\/Qgojia5EwF\/1EavMAGb2V87XcT5xsVuz17wYlggG3ywy7TXcajZwZCnvTh2p2qB1C+pyeXNtMKc3jT0I+t7PwMQz63FqHTQlEE7MorLW80z8\/MKMk+HHGEAuSgKEJN5E5E1XgwbB3a9adQVTf+xCigVf23Wa4hgEbJnt9jJ4Z50YZaaUypYXvVk4nELoERaU8PbKZCQzg5N+L6cZXnCcd8Kp7ajvAC8zcEXYzqxrOLERJuZYBX1L3oHJ7gy6CAx7UGC0g8nwBCxXkWOzBGwEcAA9C93Kd4Xt+oa9fZbNdkWZNGaGQ6zf9ko4+CRzlyKcgoGYPZzhJGLumbvYkAF9NxCBSelnWUJLOGZLJRLcVa6leOLvRo+VFCoNKhCEde0CycqdXnLqBaPt+XPC+g8QLG04\/cmTYd6wQ14gHAq9YRXpJg+SC1WLVzVCerv7pmWO7eJZ5eK83BfywTV6zyaVABorTZdssEn4fWQA7vWjP8fZLb+6PO9xc3bRG\/Ng+UYfNKfxHtINqZQNOu8x5QRLvqLAJ4hzLRaZ6r7HbItoWpnvP\/62eu1MQjzx2z\/H21OkAkv4msHBFj2EdRt3qxAcjiAVI0S0caiFmQ\/Um8VX+zqoA0naPbzPfZ8RIIAyPajUweR65kCNSVbD7M3FFQYonBLX7M7D7rK8Z4xZ4BRgpZo61UoiWfI2JoMpqxmiyW9strhyP6Iawfl7X4wIT3aFGK4GXVChlEcTvp4kDdFKKupPj+mUFrf\/fwQb3z\/ssJZu6uYkQeRxC0TcWPWjSBJrNqwTdaBLN7u0bDJB8JNnTbbtlS6JHJwqRwo2lui8SSf7x1uwdJBGN9YLtkNliDCMnZsvWTDZDTEEnMP8+af43\/m0PFv7LkknCF0bW23hBi\/kq\/DLYSqCGwojOt+DjC1zTPB\/6RTxd7Zh6jlcZckOKxhO6j3OGuEHHpZPa6wylpL4f5LebCT+290I\/0qYBW\/Btp+cJDX1AdPsCBzSyQI6AHguYUp533LMR5\/Irwf4I3s4vPN5fBtHpJCIX+gQ0IT\/JoxDtX2H0duU7+ww\/9mABbPPV3galjNAdM2USLZutUTJKLl\/AYXJQrWC4H7+DH5pNb2nwJW+dsgiJwiAJPI6T3ii2AJf3a9UWmVVFHU16WTJAwpYXiv85xgWrO0p7EIQwwdMROV6HbLzI0OynESCz2w3HlUXD1S6RPB2HMPeAIRCB5871xCeKzQM+zsbs2tg9pSJx6mvHxP8CVWPP6JxjAoztndY8xvDFfLOm7ivP9yw5kNJmnZXFVrReiXsD5TdAHcwtsVCYB5VGp9nB5hKn1OmJC5FaDeCZSZuMVLMDMKEfTZpXCUBtlSIvtpVLGOEyeW4Uq1DzmnT8kYpUtuajDSoayQvBRMN4BZvSERAz1OG2RaMO\/UgJdpc4pRZGQSyhR2R5WdgNEk5F8tJXa0lJKGWdUAWzouCs8PcI2zygcHOePGMihC6oRlhT8+cYrnpLh1FUqXTZeofIIp5TWS0OQvvlrxHfSz5+Q6cBP7MeI7tHFvuTy4kTcsmfH99um2aAlR0J0gwNc8ZC\/JOU3dYnsP2SbbgM53UhEseXyVTbk2uju10iTbMFRcEK7UnFlLDBPnVne36r4M4D99iAYPgeZPB0iYP30a2NMucQUPtWOsny2YHjSiRkZhocAZCMrB8U\/MteZsXAwMLGuzfHEIVMQL7KodoRhWoNLgPzCh+mveG5NvSYnHejLoOB7D6pxEjKuej7IxznoRWhBibOUvfkqcxjqPgBayAGHM0SZGvTOEX0TqVH4MSvCp9z+aZIBqUbKwmTxOsK0Np15EiMLKwfbvtBKHd2HXmGTeSgYKrR1ENQBgQ6OTP9er1CK4pSVvzTogwtJZzREL+XSwz2OSlor46B6socVB8Gj2XOlmgbRnEFkYrTCdT6lEAeO3pxdtBz6iGHI1+dyKOJS24ekQXWOeMhCAnwelOGJ1wHByw1qo0P3N60ny\/8\/L16gKzjzxGoDPdnhAxH48aBhhvms3ZxEe4acgiySTcR\/sovm2MbpRbDDs6e58L+SMCxx0ia8lRBj2P3+RAXXq7VCarDqnoEg7l3\/X7QagurrkDuSBMCdJcEYPc43OlRQr\/4vdGWSrQntUAEuFuRl9c6UsjOk4qH8zFj\/9T76LCvwYycYg0LC64Ua+K+VySPqe6yjdri8gIH+ZUOjcTo\/kSHdCdh5ddhEyH+UbybWeJ8QFELXTxKKtxw2LMh9qQAxYTHjrHUAE514d\/FfnxxDZnS6PR9EbFJ3eFmba2Q9FTpv\/lrxRfbsY9\/SvsWQ5xM6MoFAuXnJ3Y\/vbszDrS6xeYCd1v\/yqLHjY6uAyvEB37PWqXcLCOfLZNaq3RVmGcGE0ZRaqNMOVo4mjrB8Cr\/3jlKAdlFNRI0oWDmfflCZWslPcn\/4sLRKxprVPPDXeWKxKkkg98E2TOuTERnvBWJfPtoVxQILVUNDXkklTkUXoahHJDnBMLVxkwdbYaWQCqGVY+f+B7hips0gQTUvjr\/XjbB2FtUEEyFP07PXUWZZ1JLmKe543wokyXpVlZabqJFh\/KLS1OjjpYF89dEXQx1GQ3HTTpU3h6bpdWhkP2Ip8hV5h\/3H6ctFJXj39O9wwQTGZzenO05oK2EZ\/COUErXoCnJ91CLotvqV\/bAe3HgS+SwKjSq8Que2kEwyxKKpjyLqqQpz5ta3vEU5CC78flc0tG4eswwV212h3evMFI8WLzKTQu9zX9vL4ZgUj7N5bcFuIlDRyn7GMpBIj0da1gReeJ25rLe0xkavnjptzAFO6UGcd8QBDlmB2HmlTkFyDh67Q6rtxzK4mErsGGQ+vkB7c1\/ce63mMzzFQ\/2eDGq6hP+SeUBuWh7JUSZov3MSTS2z0yWGsBIK8WKpdVZps8s+A\/HxWGGNB5EdPHoi1gHlLuaMizw+36AlVu7CpKd7cRM73X85P3y5Rp\/dwLNU9I6NBTUQZC\/qUBfeFo+Ki9OHJ\/aRz5wrmSMzud1X9apFgyAg4hOVCfBbwE"}
-02307{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731961797,"flow_dst_last_pkt_time":1656652731903862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41208,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731961797,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20837.6,"max":150485,"stddev":35657.5,"var":1271454592.0,"ent":3.6,"data": [7,21335,5,10969,29128,61453,2,10832,4,9189,30801,10791,6,19965,5,29291,5,3,3,9324,30618,150485,11,11883,141836,4,17858,20033,9,20018,10094]},"pktlen": {"min":80,"avg":1348.5,"max":2628,"stddev":1007.2,"var":1014474.8,"ent":4.5,"data": [2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0],"entropies": [7.935860634,7.912645817,7.844571114,7.831790447,7.918263912,7.928714752,5.522979259,5.447978497,7.859277725,7.870418549,7.933502197,5.497979641,7.862855911,7.853259087,7.847196579,7.913461208,5.472979069,5.319669724,5.429106236,5.429106236,7.836807251,5.479106426,7.821085453,7.859042645,7.931487560,5.538542747,5.538542747,7.931249619,7.868795395,7.859850407,7.922960758,7.932232857]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
+02182{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":22,"flow_dst_packets_processed":10,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652731961797,"flow_dst_last_pkt_time":1656652731903862,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":41208,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1656652731961797,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":20837.6,"max":150485,"stddev":35657.5,"var":1271454592.0,"ent":3.6,"data": [7,21335,5,10969,29128,61453,2,10832,4,9189,30801,10791,6,19965,5,29291,5,3,3,9324,30618,150485,11,11883,141836,4,17858,20033,9,20018,10094]},"pktlen": {"min":80,"avg":1348.5,"max":2628,"stddev":1007.2,"var":1014474.8,"ent":4.5,"data": [2628,2628,1340,1340,2628,2628,80,80,1340,1340,2628,80,1340,1340,1332,2628,80,80,80,80,1340,80,1340,1340,2628,80,80,2628,1340,1340,2628,2628]},"bins": {"c_to_s": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,12,0,0,0,0,0,0,10],"s_to_c": [10,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,1,1,0,0,0,1,0,0,0,0,1,1,1,1,0,1,0,0,0,1,1,0,0,0,0,0],"entropies": [7.935860634,7.912645817,7.844571114,7.831790447,7.918263912,7.928714752,5.522979259,5.447978497,7.859277725,7.870418549,7.933502197,5.497979641,7.862855911,7.853259087,7.847196579,7.913461208,5.472979069,5.319669724,5.429106236,5.429106236,7.836807251,5.479106426,7.821085453,7.859042645,7.931487560,5.538542747,5.538542747,7.931249619,7.868795395,7.859850407,7.922960758,7.932232857]},"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
00776{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778161151,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1656652778161151,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778161151,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778161151,"pkt":"cGlaOmiJzBr67JUAgQAAyAgARQAAPJe\/QAA\/BhQYCoQAF0ExRBmU6MOFszN1DQAAAACgAv\/\/UcYAAAIEBVAEAggKA1bisgAAAAABAwMI"}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1656652778161151,"flow_dst_last_pkt_time":1656652778372319,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1656652778372319,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAAPAAAQAA3BrPXQTFEGQqEABfDhZTovxOnA7MzdQ6gEnEg1IYAAAIEBYwEAggKJt9+2gNW4rIBAwMJ"}
@@ -26,7 +26,7 @@
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":234,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894729,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1656652831894729,"pkt":"zBr67JUAcGlaOmiJgQAAyAgARQAANPHLQAA3BsITQTFEGQqEABfDhZUIPEwzlp\/RJHCAEAA1yI0AAAEBCAom4FAoA1cXBA=="}
01560{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":235,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652831673908,"flow_dst_last_pkt_time":1656652831894735,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1288,"midstream":0,"thread_ts_usec":1656652831894735,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.3","ja3":"b592adaa596bb72a5c1ccdbecae52e3f","ja3s":"f4febc55ea12b31ae17cfb7e614afda8","unsafe_cipher":0,"cipher":"TLS_AES_128_GCM_SHA256","advertised_alpns":"h2,http\/1.1","tls_supported_versions":"GREASE,TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
02491{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":261,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832235258,"flow_dst_last_pkt_time":1656652832454997,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":1288,"flow_src_tot_l4_payload_len":4808,"flow_dst_tot_l4_payload_len":5851,"midstream":0,"thread_ts_usec":1656652832454997,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":58770.5,"max":269120,"stddev":100848.2,"var":10170350592.0,"ent":3.1,"data": [209494,239714,10,251051,6,11439,12,260675,5,9589,20029,20030,269120,19987,5,231024,5,19971,10,4,3,3,2,249606,8,2,3,3,10064,10,3]},"pktlen": {"min":52,"avg":385.6,"max":1400,"stddev":479.7,"var":230117.0,"ent":4.1,"data": [60,60,52,569,52,1340,1340,1256,52,52,52,116,368,107,87,139,52,83,1400,428,1400,480,250,234,52,87,113,200,244,87,187,1340]},"bins": {"c_to_s": [7,0,1,0,0,1,1,0,0,1,0,1,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0],"s_to_c": [3,5,1,0,2,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,3,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,1,1,0,0,0,0,0,1,1,1,0,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1],"entropies": [4.680766106,5.194312096,5.041505337,6.080573082,5.168682098,7.827150345,7.863349915,7.855801105,5.156889915,5.156889915,5.118428230,6.048384190,7.387241364,5.998385429,5.810531616,6.322457314,5.118428230,5.674062252,7.876391411,7.449967384,7.849254131,7.577188969,7.053901672,7.035159111,5.130220413,5.850873470,6.129572392,6.822973251,6.886046886,5.873862267,6.798689365,7.860256195]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
-01106{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
+00981{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":60,"flow_dst_packets_processed":40,"flow_first_seen":1656652731609846,"flow_src_last_pkt_time":1656652734111599,"flow_dst_last_pkt_time":1656652734111609,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":1280,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2576,"flow_dst_max_l4_payload_len":70,"flow_src_tot_l4_payload_len":112048,"flow_dst_tot_l4_payload_len":455,"midstream":1,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"65.49.68.25","dst_ip":"10.132.0.23","src_port":50053,"dst_port":37898,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"UltraSurf","proto_id":"304","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":2,"category":"VPN"}}
01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":53,"flow_dst_packets_processed":76,"flow_first_seen":1656652778161151,"flow_src_last_pkt_time":1656652780054386,"flow_dst_last_pkt_time":1656652780064014,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1424,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":14019,"flow_dst_tot_l4_payload_len":30413,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38120,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01321{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":51,"flow_dst_packets_processed":53,"flow_first_seen":1656652831434184,"flow_src_last_pkt_time":1656652832855529,"flow_dst_last_pkt_time":1656652832876498,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1348,"flow_dst_max_l4_payload_len":2576,"flow_src_tot_l4_payload_len":13653,"flow_dst_tot_l4_payload_len":31617,"midstream":0,"thread_ts_usec":1656652832876498,"l3_proto":"ip4","src_ip":"10.132.0.23","dst_ip":"65.49.68.25","src_port":38152,"dst_port":50053,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00642{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":333,"source":"cfgs\/default\/pcap\/ultrasurf.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":333,"packets-processed":333,"total-skipped-flows":0,"total-l4-payload-len":202205,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":32,"global_ts_usec":1656652832876498}
Powered by cgit, Themed by Ted Yin.