diff options
Diffstat (limited to 'test/results/reasm_segv_anon.pcapng.out')
| -rw-r--r-- | test/results/reasm_segv_anon.pcapng.out | 62 |
1 files changed, 19 insertions, 43 deletions
diff --git a/test/results/reasm_segv_anon.pcapng.out b/test/results/reasm_segv_anon.pcapng.out index 27f4d1b56..32f865cfe 100644 --- a/test/results/reasm_segv_anon.pcapng.out +++ b/test/results/reasm_segv_anon.pcapng.out @@ -1,69 +1,45 @@ 00497{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0} 00560{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1550422828553466} -00243{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466} +00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828553466,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828553466} 00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00763{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00879{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422828553466,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1550422828553466,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00243{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828949487} +00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422828949487,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422828949487} 00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422828553466,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1550422828949487,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1550422828949487,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} -00243{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422829033309} +00343{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422829033309,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422829033309} 00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422828949487,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1550422829033309,"flow_dst_last_pkt_time":1550422828553466,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1550422829033309,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422830892428} +00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422830892428,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422830892428} 00438{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422829930010,"pkt":"AAAAcxs8EFFy5LtdCABFeABkrHMAAEARSbCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPacwAARQAAPFkxQAB\/BgF7rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEB\/lMAAAEBBRI6qmoBOqpveTqqdPE6qpBJ"} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422831332137} +00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831332137,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422831332137} 00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422830894938,"pkt":"AAAAcxs8EFFy5LtdCABFeABkPGYAAEARub2RTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPbcwAARQAAPFkyQAB\/BgF6rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEBA8wAAAEBBRI6qmSJOqpveTqqdPE6qpBJ"} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831496038} +00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831496038,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831496038} 00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422831334845,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdA0AAEARgg6RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPccwAARQAARFkzQAB\/BgFxrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBaSwAAAEBBRo6qn\/hOqqFWTqqdPE6qpBJOqpkiTqqb3k="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831516116} +00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422831516116,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422831516116} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422831496038,"pkt":"AAAAcxs8EFFy5LtdCABFeABseqMAAEARe3iRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPdcwAARQAARFk0QAB\/BgFwrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBXjwAAAEBBRo6qoVZOqqK0TqqdPE6qpBJOqpkiTqqb3k="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833131470} +00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833131470,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833131470} 00438{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422831516116,"pkt":"AAAAcxs8EFFy5LtdCABFeABkmSIAAEARXQGRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPqcwAARQAAPFk9QAB\/BgFvrBEkFT++kSvhEwBQ8LOPBjqqWZmgEAEB\/lMAAAEBBRI6qnTxOqqQSTqqZIk6qm95"} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833287234} +00344{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833287234,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422833287234} 00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422833134009,"pkt":"AAAAcxs8EFFy5LtdCABFeABkzGMAAEARKcCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPrcwAARQAAPFk+QAB\/BgFurBEkFT++kSvhEwBQ8LOPBjqqXxGgEAEB+NsAAAEBBRI6qnTxOqqQSTqqZIk6qm95"} 02140{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422833287234,"flow_dst_last_pkt_time":1550422833289770,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":80,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":640,"flow_dst_tot_l4_payload_len":27912,"midstream":0,"thread_ts_usec":1550422833289770,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":305486.2,"max":1859119,"stddev":563984.9,"var":318078976000.0,"ent":3.1,"data": [396021,83822,1376171,124,2,2,1,3,2,2,113,124,1859119,964928,439709,439658,123,2,1,1,1,121,163901,20078,1615354,1799040,121,3,155764,155637,124]},"pktlen": {"min":76,"avg":920.2,"max":1476,"stddev":651.3,"var":424215.9,"ent":4.5,"data": [92,92,92,1476,1476,1476,1476,1476,1476,1476,1476,1476,1476,100,1476,100,1476,1476,1476,1476,1372,1476,1476,108,108,100,76,388,1164,100,76,388]},"bins": {"c_to_s": [0,0,9,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,2,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,1,0,0,17,0,0]},"directions": [0,0,0,1,1,1,1,1,1,1,1,1,1,0,1,0,1,1,1,1,1,1,1,0,0,0,1,1,1,0,1,1],"entropies": [5.396138191,5.404344082,5.439617157,7.876337528,7.839885235,7.778254986,7.872960091,7.839048862,7.805950642,7.829119205,7.848347187,7.849987984,7.779471874,5.402985096,7.775711060,5.441986561,7.838281155,7.873279095,7.848281860,7.860656261,7.849815845,7.850412846,7.844122410,5.518630505,5.537148952,5.382984638,5.187358379,7.340617657,7.811021328,5.454438686,5.151109695,7.382753849]},"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422833447409} +00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422833447409,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422833447409} 00450{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422833289895,"pkt":"AAAAcxs8EFFy5LtdCABFeABsAdEAAEAR9EqRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPscwAARQAARFk\/QAB\/BgFlrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBHQQAAAEBBRo6qqCxOqqlwTqqdPE6qpBJOqpkiTqqb3k="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834706876} +00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":11,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834706876,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834706876} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422833447409,"pkt":"AAAAcxs8EFFy5LtdCABFeABspBUAAEARUgaRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP1cwAARQAARFlIQAB\/BgFcrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBG8wAAAEBBRo6qqCxOqqm+TqqdPE6qpBJOqpkiTqqb3k="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} +00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":12,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422834706876,"pkt":"AAAAcxs8EFFy5LtdCABFeABswggAAEARNBORTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP3cwAARQAARFlJQAB\/BgFbrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBF4wAAAEBBRo6qqCxOqqrOTqqdPE6qpBJOqpkiTqqb3k="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} +00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":13,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834810623,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834810623} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422834810623,"pkt":"AAAAcxs8EFFy5LtdCABFeABswgkAAEARNBKRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP4cwAARQAARFlKQAB\/BgFarBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBFlQAAAEBBRo6qqCxOqqscTqqdPE6qpBJOqpkiTqqb3k="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834970446} +00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":14,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422834970446,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422834970446} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422834810623,"pkt":"AAAAcxs8EFFy5LtdCABFeABsCZYAAEAR7IWRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP6cwAARQAARFlLQAB\/BgFZrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBEhQAAAEBBRo6qqCxOqqwsTqqdPE6qpBJOqpkiTqqb3k="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_usec":1550422836805918} +00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":15,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422836805918,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_usec":1550422836805918} 00461{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":130,"pkt_l4_len":0,"thread_ts_usec":1550422835423571,"pkt":"AAAAcxs8EFFy5LtdCABFeAB0ec4AAEARfEWRTALsu2A0VQhoCGgAYAAAMv8AUAn8kEMGdAAARQAATFlXQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqXxHgEAEBriQAAAEBBSI6qmSJOqpqATqqZIk6qm95OqqgsTqqsLE6qnTxOqqQSQ=="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976} +00345{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"threshold_n":16,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1550422837968976,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422837968976} 00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422836808446,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422838904895} -00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422837971380,"pkt":"AAAAcxs8EFFy5LtdCABFeABcQ5AAAEARspuRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMUdAAARQAANFllQAB\/BgFPrBEkFT++kSvhEwBQ8LOPBjqqkEmAEAEB5OIAAAEBBQo6qqCxOqqwsQ=="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422838960483} -00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422838907386,"pkt":"AAAAcxs8EFFy5LtdCABFeABcVMgAAEARoWORTALsu2A0VQhoCGgASAAAMv8AOAn8kEMVdAAARQAANFlmQAB\/BgFOrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB32oAAAEBBQo6qqCxOqqwsQ=="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422840104736} -00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422838963083,"pkt":"AAAAcxs8EFFy5LtdCABFeABc4ZkAAEARFJKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMfdAAARQAANFlvQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB5OIAAAEBBQo6qps5OqqwsQ=="} -00242{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_usec":1550422840304141} -00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1550422840104736,"pkt":"AAAAcxs8EFFy5LtdCABFeABQIPEAAEAR1UaRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMgdAAARQAAKFlwQAB\/BgFQrBEkFT++kSvhEwBQ8LOPBjqqsLFQEAEBwUkAAA=="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422840464152} -00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422840306564,"pkt":"AAAAcxs8EFFy5LtdCABFeABcV2kAAEARnsKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMhdAAARQAANFlxQAB\/BgFDrBEkFT++kSvhEwBQ8LOPBjqqsLGAEAEB5OIAAAEBBQo6qpXBOqqbOQ=="} -00242{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_usec":1550422841363459} -00411{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_usec":1550422840464152,"pkt":"AAAAcxs8EFFy5LtdCABFeABQeDYAAEARfgGRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMndAAARQAAKFl3QAB\/BgFJrBEkFT++kSvhEwBQ8LOPBjqqtilQEAEBu9EAAA=="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_usec":1550422841387384} -00429{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_usec":1550422841366048,"pkt":"AAAAcxs8EFFy5LtdCABFeABcgJcAAEARdZSRTALsu2A0VQhoCGgASAAAMv8AOAn8kEModAAARQAANFl4QAB\/BgE8rBEkFT++kSvhEwBQ8LOPBjqqtimAEAEBiLoAAAEBBQo6qsEZOqrGkQ=="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422841667515} -00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422841387384,"pkt":"AAAAcxs8EFFy5LtdCABFeABk3UcAAEARGNyRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMpdAAARQAAPFl5QAB\/BgEzrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBStoAAAEBBRI6qtGBOqrW+TqqwRk6qsaR"} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_usec":1550422841947169} -00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_usec":1550422841667515,"pkt":"AAAAcxs8EFFy5LtdCABFeABkO3EAAEARurKRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMqdAAARQAAPFl6QAB\/BgEyrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBRWIAAAEBBRI6qsEZOqrMCTqq0YE6qtb5"} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422842802966} -00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422841947169,"pkt":"AAAAcxs8EFFy5LtdCABFeABsXowAAEARl4+RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMydAAARQAARFmBQAB\/BgEjrBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB0NEAAAEBBRo6quzZOqryUTqqwRk6qswJOqrRgTqq1vk="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422842862838} -00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422842802966,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdGMAAEARgbiRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMzdAAARQAARFmCQAB\/BgEirBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB1kkAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="} -00244{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_usec":1550422844222036} -00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_usec":1550422842865363,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="} 00930{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":54,"flow_first_seen":1550422828553466,"flow_src_last_pkt_time":1550422844222036,"flow_dst_last_pkt_time":1550422844224430,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":52,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":88,"flow_dst_max_l4_payload_len":1448,"flow_src_tot_l4_payload_len":2008,"flow_dst_tot_l4_payload_len":72488,"midstream":0,"thread_ts_usec":1550422844224430,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"GTP.GTP_U","proto_id":"152.271","encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}} -00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":66,"global_ts_usec":1550422844224430} +00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-payload-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":42,"global_ts_usec":1550422844224430} ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~ packets captured/processed: 82/82 ~~ skipped flows.............: 0 @@ -76,6 +52,6 @@ ~~ total memory freed........: 6038155 bytes ~~ total allocations/frees...: 121570/121570 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~ json string min len.......: 247 chars +~~ json string min len.......: 348 chars ~~ json string max len.......: 2145 chars -~~ json string avg len.......: 1195 chars +~~ json string avg len.......: 1245 chars |