summaryrefslogtreecommitdiff
path: root/test/results/default/whois.pcapng.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/default/whois.pcapng.out')
1 files changed, 1 insertions, 1 deletions
diff --git a/test/results/default/whois.pcapng.out b/test/results/default/whois.pcapng.out
index 8a8235b99..52c18b92c 100644
--- a/test/results/default/whois.pcapng.out
+++ b/test/results/default/whois.pcapng.out
@@ -24,7 +24,7 @@
02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="}
01489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":772,"pkt_l4_len":734,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAC8oz5AAAtBsawwB4tHgqgP4AAK8\/hR0rnHdStrBVQGAW0LAwAACBkaXNzZW1pbmF0aW9uIG9yIG90aGVyIHVzZSBvZiB0aGlzIERhdGEgaXMgZXhwcmVzc2x5DQpwcm9oaWJpdGVkIHdpdGhvdXQgdGhlIHByaW9yIHdyaXR0ZW4gY29uc2VudCBvZiBWZXJpU2lnbi4gWW91IGFncmVlIG5vdCB0bw0KdXNlIGVsZWN0cm9uaWMgcHJvY2Vzc2VzIHRoYXQgYXJlIGF1dG9tYXRlZCBhbmQgaGlnaC12b2x1bWUgdG8gYWNjZXNzIG9yDQpxdWVyeSB0aGUgV2hvaXMgZGF0YWJhc2UgZXhjZXB0IGFzIHJlYXNvbmFibHkgbmVjZXNzYXJ5IHRvIHJlZ2lzdGVyDQpkb21haW4gbmFtZXMgb3IgbW9kaWZ5IGV4aXN0aW5nIHJlZ2lzdHJhdGlvbnMuIFZlcmlTaWduIHJlc2VydmVzIHRoZSByaWdodA0KdG8gcmVzdHJpY3QgeW91ciBhY2Nlc3MgdG8gdGhlIFdob2lzIGRhdGFiYXNlIGluIGl0cyBzb2xlIGRpc2NyZXRpb24gdG8gZW5zdXJlDQpvcGVyYXRpb25hbCBzdGFiaWxpdHkuICBWZXJpU2lnbiBtYXkgcmVzdHJpY3Qgb3IgdGVybWluYXRlIHlvdXIgYWNjZXNzIHRvIHRoZQ0KV2hvaXMgZGF0YWJhc2UgZm9yIGZhaWx1cmUgdG8gYWJpZGUgYnkgdGhlc2UgdGVybXMgb2YgdXNlLiBWZXJpU2lnbg0KcmVzZXJ2ZXMgdGhlIHJpZ2h0IHRvIG1vZGlmeSB0aGVzZSB0ZXJtcyBhdCBhbnkgdGltZS4NCg0KVGhlIFJlZ2lzdHJ5IGRhdGFiYXNlIGNvbnRhaW5zIE9OTFkgLkNPTSwgLk5FVCwgLkVEVSBkb21haW5zIGFuZA0KUmVnaXN0cmFycy4NCg=="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623517269021781,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAAKKgxAAAtBq5CwB4tHgqgP4AAK8\/hR0rp59StrBVQEQW08MAAAAAA"}
-00783{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
+01307{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00635{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":23,"packets-processed":23,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":30,"global_ts_usec":1623517269021781}
Powered by cgit, Themed by Ted Yin.