diff options
Diffstat (limited to 'test/results/default/vk.pcapng.out')
| -rw-r--r-- | test/results/default/vk.pcapng.out | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/test/results/default/vk.pcapng.out b/test/results/default/vk.pcapng.out index 8de852ad6..52401eeb6 100644 --- a/test/results/default/vk.pcapng.out +++ b/test/results/default/vk.pcapng.out @@ -18,7 +18,7 @@ 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1675334162655237,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334162655237,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0MQdAAEAGat3AqAH5V\/CETuwUAbu8Rx7XB\/V9KYAQJD4tgQAAAQEICtCCZsRlMJuZ"} 01279{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1675334162670570,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":610,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":610,"pkt_l4_len":576,"thread_ts_usec":1675334162670570,"pkt":"dNqIE5X\/CI6QkAulCABFAAJUMQhAAEAGaLzAqAH5V\/CETuwUAbu8Rx7XB\/V9KYAYJD\/9BAAAAQEICtCCZtNlMJuZFwMDAhtY\/q7BUk5TAeZkuwnSkaIBm4q8UbCv2G2pS+i\/0lp4moQ5jc1ymK4zf5EvMCN35RZlcnbVs9Gr4ytW7if5PDTv65d3nakpYg3wIpcGoMgF0wqfq5o5+bY0yDpLP0s2QDGcRE9LyJU2w+6e+HGAfbntfu3jungPbzXYkSN8hAOq87Q4B3PFoTo6Qidm2Z01spuRv4VCgMsRoRXoOi+MD33t2BI96jQr5ArZOE0gQRJOZ9ahwMFj9F0dOePIkyLvkMzhydJbFAhjpqwWYHaG44PJImg61oISUxg2CZWplApOQoQWo0uLbnCi4L1efczszW8Y0NCHfDHERyEP9LSwPbFAqVKzp1V00t2gI1wneiPo9bvLxQOqop7lw0lEeWA1CpTOPIZsOKfBjhQZh0thmx+j3KrgA0hxDuh93TE0l995qVN7OdnsHXzbLf1T\/YAjttdUEx2ep1SU6Sa+xag6BUsmuDpucoVQLFVE0DpLxBfCqB5xnNcyL5IkgOj6wlZ2yV\/uDIb6JUF3US+5dtxFw9qN\/8w7+uYsDkFU7AMEIj1fgJlnli8seRRR+Tir5IgpfgKaXV2\/AszNYTY3ymBNrSjwRZVNclOllo1FNN+YKcnOBHJssXNqSdRF0toNr6yiUnquioLZVUMARFPnTVg2dAwIVtnpRDC6D3SKApSHH+zfYtjMA9LZ2bJGHpdQHV0FBhMnYpqPKKBq5G8XNg=="} 01153{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1675334162672319,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":515,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":515,"pkt_l4_len":481,"thread_ts_usec":1675334162672319,"pkt":"dNqIE5X\/CI6QkAulCABFAAH1MQlAAEAGaRrAqAH5V\/CETuwUAbu8RyD3B\/V9KYAYJD8KxAAAAQEICtCCZtVlMJuZFwMDAbwgQ3L6I9NhaDNw6UhntKLmQIsVYWbdcbUVQvkhoF9k+WaG\/GQZxVdBrctZ1wzjmJD+7ZFlWgDKpb4DkUsA5upIhc7a4\/9EUqwrmGOJDwYzUJB5owou4Tysc9csr1OatCeiNkcofDiJoC+bQDE32ozrAWogfeew59JJAPi6J5EytrTpmQQ+YnWBA\/8iCi4XfimU2ZiaHgMHCD21pO4mHImT1\/jAUTq\/1GH08VkAZIDze1mbZy32rhOAyG5W7jqkxVvInIq8OyVJKSi3wtxeO2RYuZi1P0aAmiGgViMJ6tH2+cjXkD4ts+iaafMmiuZkDGl\/jNM399RYjBjSiwZsQWfs3Z5qTUKgpu5hB4RRVEpKZpMRJY7k4SK8EUYard4HyVkQO2t9hJd2zoxRIyCDh37iSBhiY97MJsWhkqWCQ8rSyPsCsd4ES0j4e7sSJyWBy9xjT6HyL0cu9PDjjTTqGC88QFJNAP\/ZgdQV26m0Ev\/zHzIRoPERrjAp4EwRWBDWI843JTMrxhgXkQE2R7nY84alQ4A8qiVtqXNXWpUDBw\/oSlSpt3twoVUcme4EO0ePtBtkV7LyPiaypqmomHk="} -01940{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334162970119,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334162970119,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":43209.2,"max":1009982,"stddev":180973.6,"var":32751437824.0,"ent":1.3,"data": [1009982,14622,15333,1749,16345,26,12,11,29,15083,24,227705,48,13,11,2653,38,12801,28,1545,20,9,1508,1138,1634,11081,2465,1543,41,782,1207]},"pktlen": {"min":52,"avg":125.3,"max":758,"stddev":191.1,"var":36507.6,"ent":4.0,"data": [638,758,52,596,501,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,64,64,64,64,64,52,52,52,52,52,52]},"bins": {"c_to_s": [28,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [7.658514977,7.774987221,5.246409416,7.623703957,7.570796013,5.246409416,5.246409416,5.246409416,5.284871101,5.284871101,5.207947731,5.169486523,5.246409416,5.284871101,5.169486046,5.131024837,5.284871101,5.246409416,5.169486046,5.169486046,5.246409416,5.259624004,5.259624004,5.247828960,5.259624004,5.290874004,5.246409416,5.284871101,5.207947731,5.207947731,5.246409416,5.207948208]}} +02232{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334162970119,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334162970119,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":9,"avg":43209.2,"max":1009982,"stddev":180973.6,"var":32751437824.0,"ent":1.3,"data": [1009982,14622,15333,1749,16345,26,12,11,29,15083,24,227705,48,13,11,2653,38,12801,28,1545,20,9,1508,1138,1634,11081,2465,1543,41,782,1207]},"pktlen": {"min":52,"avg":125.3,"max":758,"stddev":191.1,"var":36507.6,"ent":4.0,"data": [638,758,52,596,501,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,52,64,64,64,64,64,52,52,52,52,52,52]},"bins": {"c_to_s": [28,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [7.658514977,7.774987221,5.246409416,7.623703957,7.570796013,5.246409416,5.246409416,5.246409416,5.284871101,5.284871101,5.207947731,5.169486523,5.246409416,5.284871101,5.169486046,5.131024837,5.284871101,5.246409416,5.169486046,5.169486046,5.246409416,5.259624004,5.259624004,5.247828960,5.259624004,5.290874004,5.246409416,5.284871101,5.207947731,5.207947731,5.246409416,5.207948208]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01044{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334162970119,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":706,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2285,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334162970119,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334163910616,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334163910616,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":174,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1675334163910616,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334163910616,"pkt":"dNqIE5X\/CI6QkAulCABFAAA8M1FAAEAGM1DAqAH5V\/C5iecSAbu7eFLeAAAAAKAC+vDPqgAAAgQFtAQCCAoIy6lZAAAAAAEDAwc="} @@ -43,7 +43,7 @@ 00963{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1675334164676289,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":371,"pkt_l4_len":337,"thread_ts_usec":1675334164676289,"pkt":"dNqIE5X\/CI6QkAulCABFAAFlkT9AAEAGDD\/AqAH5V\/CBg4RwAbulKVVAc9gL4IAYAfWf2QAAAQEIColQsjvg\/suqFwMDASw6NlG2qAZ5Z0iX\/bu\/oRlmUdHWvRyBH3N43kO7DrAxthjAmMNhIXGi0\/lrXLoga85eTJnwhLLugatfNLcmUVkiCz+ics03JRenblUKx6x6SVSoZ\/X\/MCtKDDa\/8BomOGIhit1ZoBdG620ypxPKdIwas9KyXYAA4JrP4gAmYXvjfYQwEtGvA6oo6j7mEsXJw\/BTByZ7uPWkGMG+XVPMhGKzyHi888OIstLzIzudaChiQArxtNd+bupqpO1bqUTRss1QrunhhgwQYHWUPtUDHmtEOKHvZpFNCUN5TTC8sqVLro2Cyd7nvhRUgPPYJ3UjazyrMNJqYimArC\/Lfw4dmAlGYYu2b7i5DG3At\/DDkGNArrtKpouiUKikNHLiu+ig4lptrcxd3gopySy1IZQ="} 00745{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1675334164676638,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":212,"pkt_l4_len":178,"thread_ts_usec":1675334164676638,"pkt":"dNqIE5X\/CI6QkAulCABFAADGkUBAAEAGDN3AqAH5V\/CBg4RwAbulKVZxc9gL4IAYAfUPdAAAAQEIColQsjvg\/suqFwMDAI3KM06gVQ95ENMbHyUcjDay+BDIky59\/hXK8b9KEEh44vXCXf8Z5I23ZEl0wWKnsXf\/LewZuF4zhcGkYk1BcC4ZjSXMxgEdaKMkuP9JbZvjAKjgDFjDE\/V5RF0zBSmn807oaZR4Y3KEaj2GtkIvAkkJtfsTWZ\/7vkBcmzldSlZjHC8zEXvy+ngngapwgFk="} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1675334164691179,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334164691179,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0kUFAAEAGDW7AqAH5V\/CBg4RwAbulKVcDc9gMA4AQAfXiPgAAAQEIColQskrg\/tem"} -01974{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334165285590,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6049,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334165285590,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":151376.5,"max":2006629,"stddev":451077.3,"var":203470716928.0,"ent":2.1,"data": [37,14329,22998,2006629,46,764,13490,98211,1614502,285,99,283,260,13216,1250,18419,1704,886,6878,22622,24,179811,40,14057,67447,12,24,579540,41,1048,13719]},"pktlen": {"min":52,"avg":241.0,"max":1017,"stddev":249.5,"var":62251.3,"ent":4.3,"data": [247,332,52,52,240,776,565,52,52,385,563,339,564,1017,52,52,52,52,52,52,52,52,243,316,52,52,52,52,250,563,429,52]},"bins": {"c_to_s": [17,0,0,0,0,2,2,0,3,0,1,1,0,0,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [7.151976109,7.356266499,5.207948208,5.169486523,6.965931416,7.731954098,7.617059708,5.131024837,5.207947731,7.360937595,7.613526821,7.349236012,7.610394001,7.787010193,5.092563152,5.131024837,5.061608315,5.056022644,5.131024837,5.092563152,5.131024361,5.131024361,7.143619061,7.305361271,5.116507530,5.131024361,5.169486046,5.131024361,7.176092148,7.631054878,7.485155582,5.116507530]}} +02266{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334165285590,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6049,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334165285590,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":12,"avg":151376.5,"max":2006629,"stddev":451077.3,"var":203470716928.0,"ent":2.1,"data": [37,14329,22998,2006629,46,764,13490,98211,1614502,285,99,283,260,13216,1250,18419,1704,886,6878,22622,24,179811,40,14057,67447,12,24,579540,41,1048,13719]},"pktlen": {"min":52,"avg":241.0,"max":1017,"stddev":249.5,"var":62251.3,"ent":4.3,"data": [247,332,52,52,240,776,565,52,52,385,563,339,564,1017,52,52,52,52,52,52,52,52,243,316,52,52,52,52,250,563,429,52]},"bins": {"c_to_s": [17,0,0,0,0,2,2,0,3,0,1,1,0,0,0,2,2,0,0,0,0,0,1,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [7.151976109,7.356266499,5.207948208,5.169486523,6.965931416,7.731954098,7.617059708,5.131024837,5.207947731,7.360937595,7.613526821,7.349236012,7.610394001,7.787010193,5.092563152,5.131024837,5.061608315,5.056022644,5.131024837,5.092563152,5.131024361,5.131024361,7.143619061,7.305361271,5.116507530,5.131024361,5.169486046,5.131024361,7.176092148,7.631054878,7.485155582,5.116507530]},"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01046{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":266,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334165285590,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":965,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6049,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334165285590,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171361391,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334171361391,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} 00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_src_last_pkt_time":1675334171361391,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1675334171361391,"pkt":"dNqIE5X\/CI6QkAulCABFAAA88c9AAEAGhVfAqAH5V\/CpA7s+AbsjOasgAAAAAKAC+vBdJQAAAgQFtAQCCApf00EuAAAAAAEDAwc="} @@ -68,15 +68,15 @@ 01035{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":904,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1675334175165624,"flow_src_last_pkt_time":1675334175165624,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334175165624,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.67","src_port":43644,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":905,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_src_last_pkt_time":1675334175179580,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1675334175179580,"pkt":"dNqIE5X\/CI6QkAulCABFAAA0w1JAAEAG2JzAqAH5V\/CEQ6p8AbtyL9sXCUqzxoAQAfX4GgAAAQEIColaopeIj3LH"} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":92,"flow_dst_packets_processed":0,"flow_first_seen":1675334160592919,"flow_src_last_pkt_time":1675334173399738,"flow_dst_last_pkt_time":1675334160592919,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20255,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.140","src_port":40344,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334164044445,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1675334163912330,"flow_src_last_pkt_time":1675334164022545,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.10","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00780{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334171362184,"flow_src_last_pkt_time":1675334171510391,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.11","src_port":59722,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334175165624,"flow_src_last_pkt_time":1675334175179580,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.67","src_port":43644,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171488140,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00777{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172224141,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01088{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":0,"flow_first_seen":1675334163910616,"flow_src_last_pkt_time":1675334164044445,"flow_dst_last_pkt_time":1675334163910616,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1174,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.185.137","src_port":59154,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":24,"flow_dst_packets_processed":0,"flow_first_seen":1675334163912330,"flow_src_last_pkt_time":1675334164022545,"flow_dst_last_pkt_time":1675334163912330,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1173,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.10","src_port":32990,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01087{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334171362184,"flow_src_last_pkt_time":1675334171510391,"flow_dst_last_pkt_time":1675334171362184,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1206,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.11","src_port":59722,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334175165624,"flow_src_last_pkt_time":1675334175179580,"flow_dst_last_pkt_time":1675334175165624,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.67","src_port":43644,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01086{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_src_packets_processed":19,"flow_dst_packets_processed":0,"flow_first_seen":1675334171361391,"flow_src_last_pkt_time":1675334171488140,"flow_dst_last_pkt_time":1675334171361391,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1231,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.169.3","src_port":47934,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS.VK","proto_id":"91.22","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}} +01069{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1675334172164388,"flow_src_last_pkt_time":1675334172224141,"flow_dst_last_pkt_time":1675334172164388,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":43938,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 01079{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":706,"flow_dst_packets_processed":0,"flow_first_seen":1675334161630633,"flow_src_last_pkt_time":1675334178414776,"flow_dst_last_pkt_time":1675334161630633,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1398,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":38528,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.132.78","src_port":60436,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} -00781{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334171438126,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} -00779{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5} +01073{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":21,"flow_dst_packets_processed":0,"flow_first_seen":1675334160555793,"flow_src_last_pkt_time":1675334171438126,"flow_dst_last_pkt_time":1675334160555793,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":305,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":2212,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.131","src_port":33904,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} +01071{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":0,"flow_first_seen":1675334163969940,"flow_src_last_pkt_time":1675334164019208,"flow_dst_last_pkt_time":1675334163969940,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":633,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":922,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1675334178414776,"l3_proto":"ip4","src_ip":"192.168.1.249","dst_ip":"87.240.129.135","src_port":56504,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"VK","proto_by_ip_id":22,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}} 00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":909,"source":"cfgs\/default\/pcap\/vk.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":909,"packets-processed":909,"total-skipped-flows":0,"total-l4-payload-len":66779,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":10,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":10,"total-idle-flows":10,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":80,"global_ts_usec":1675334178414776} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 909/909 @@ -91,5 +91,5 @@ ~~ total allocations/frees...: 217651/217651 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~ json string min len.......: 544 chars -~~ json string max len.......: 1979 chars -~~ json string avg len.......: 1260 chars +~~ json string max len.......: 2271 chars +~~ json string avg len.......: 1406 chars |