summaryrefslogtreecommitdiff
path: root/test/results/signal.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/signal.pcap.out')
-rw-r--r--test/results/signal.pcap.out16
1 files changed, 8 insertions, 8 deletions
diff --git a/test/results/signal.pcap.out b/test/results/signal.pcap.out
index fa8246ffb..a5b9f2358 100644
--- a/test/results/signal.pcap.out
+++ b/test/results/signal.pcap.out
@@ -46,10 +46,12 @@
00849{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1569051253252,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":342,"pkt_l4_len":308,"thread_ts_msec":1569051253252,"pkt":"\/\/\/\/\/\/\/\/2DBiVgAcCABFAAFIKTEAAP8RkXQAAAAA\/\/\/\/\/wBEAEMBNJw4AQEGACG6jqoACQAAAAAAAAAAAAAAAAAAAAAAANgwYlYAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwoBeQMGD3f8XywuOQIF3D0HAdgwYlYAHDMEAHanAAwKTHVjYXMtaU1hY\/8AAAAAAAAAAAAAAAAA"}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":112,"pkt_l4_len":78,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABiAABAAEAG01TAqAIREfiSkN6kAbu8mMGjrFDpOoAYBADERQAAAQEICihVb2TeKRePFwMDACkAAAAAAAAAByneD5KHf7LhXiN5Pdq3wP31zhE4MGciEgckOq75+f9F5w=="}
+00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":149,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051255515,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"flow_min_l4_payload_len":46,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":46,"midstream":1,"thread_ts_msec":1569051255515,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":150,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":2,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":97,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":97,"pkt_l4_len":63,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAABTAABAAEAG02PAqAIREfiSkN6kAbu8mMHRrFDpOoAYBABt7AAAAQEICihVb2XeKRePFQMDABoAAAAAAAAACJW1v\/IhTp91V+O68DpoE88kag=="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":3,"flow_last_seen":1569051255515,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051255515,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAG04LAqAIREfiSkN6kAbu8mMHwrFDpOoARBACJkgAAAQEICihVb2XeKReP"}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051257169,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1569051257169,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAABLAABAAEAGjWvAqAIRAhLodt65Absqy4Q4WMZypYAYBABE5AAAAQEICihVdq6vX9qZFQMDABKEOlUEciue5QZs7g3+sWQHUk8="}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051257169,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"flow_min_l4_payload_len":23,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":23,"flow_avg_l4_payload_len":23,"midstream":1,"thread_ts_msec":1569051257169,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1569051257169,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051257169,"pkt":"xiwDYGpkxGGLNYKpCABFAAA0AABAAEAGjYLAqAIRAhLodt65Absqy4RPWMZypYARBABBggAAAQEICihVdq6vX9qZ"}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":159,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1569051257192,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1569051257192,"pkt":"xGGLNYKpxiwDYGpkCABFAABL884AADUG5JwCEuh2wKgCEQG73rlYxnKlKsuET4AYAQIBNAAAAQEICq9gUAcoVXauFQMDABK6ebhIWf6gqCdSaZoYDdKf06A="}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051264073,"flow_last_seen":1569051264073,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051264073,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -103,6 +105,7 @@
01350{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":324,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051264666,"flow_last_seen":1569051264887,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2995,"flow_avg_l4_payload_len":427,"midstream":0,"thread_ts_msec":1569051264887,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"textsecure-service.whispersystems.org","server_names":"textsecure-service.whispersystems.org,service.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"1089ea6f0461a29006cc96dfe7a11d80","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=textsecure-service.whispersystems.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"5E:9E:63:F5:69:45:C7:DC:E6:4D:26:68:36:7E:C2:68:DB:02:60:8B"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV0AADQGy0wXORgQwKgCEQG73rjhiC89LB07wYAYAQKY+AAAAQEICpZOcwIoVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"}
+00627{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":357,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051266396,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":1,"thread_ts_msec":1569051266396,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":2,"flow_last_seen":1569051266396,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569051266396,"pkt":"xGGLNYKpxiwDYGpkCABFAAA0yV4AADQGy2MXORgQwKgCEQG73rjhiC9VLB07wYARAQL5ggAAAQEICpZOcwIoVP9f"}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":3,"flow_last_seen":1569051266743,"flow_idle_time":7580000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1569051266743,"pkt":"xGGLNYKpxiwDYGpkCABFAABMyV8AADQGy0oXORgQwKgCEQG73rjhiC89LB07wYAYAQKXnQAAAQEICpZOdF0oVP9fFwMDABNN53WS+HQ+OdIkNGbGHI++PaTs"}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":373,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569051267121,"flow_last_seen":1569051267121,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1569051267121,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -113,10 +116,8 @@
00939{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":378,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1957,"flow_avg_l4_payload_len":326,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2"}}
01263{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":379,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1569051267121,"flow_last_seen":1569051267197,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":2900,"flow_avg_l4_payload_len":414,"midstream":0,"thread_ts_msec":1569051267197,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"},"tls": {"version":"TLSv1.2","client_requested_server_name":"cdn.signal.org","server_names":"cdn.signal.org","ja3":"6725ca90906e1036febcbfd464e2e326","ja3s":"c4b2785a87896e19d37eee932070cb22","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, ST=California, L=San Francisco, O=Open Whisper Systems, OU=Open Whisper Systems, CN=TextSecure","subjectDN":"C=US, ST=California, O=Open Whisper Systems, OU=Open Whisper Systems, CN=cdn.signal.org","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2","fingerprint":"81:3D:8A:2E:EE:B2:E1:F4:1C:2B:6D:20:16:54:B2:C1:87:D0:1E:12"}}
00675{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1569051245838,"flow_last_seen":1569051261595,"flow_idle_time":200000,"flow_min_l4_payload_len":300,"flow_max_l4_payload_len":300,"flow_tot_l4_payload_len":1200,"flow_avg_l4_payload_len":300,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
-00640{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Apple","breed":"Safe","category":"Web"}}
00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051255515,"flow_last_seen":1569051255541,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":77,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"17.248.146.144","src_port":56996,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00645{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1569051264115,"flow_last_seen":1569051264115,"flow_idle_time":140000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
-00636{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00579{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1569051266396,"flow_last_seen":1569051267048,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":111,"flow_avg_l4_payload_len":9,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"23.57.24.16","dst_ip":"192.168.2.17","src_port":443,"dst_port":57016,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051247599,"flow_last_seen":1569051247843,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":11628,"flow_avg_l4_payload_len":258,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57018,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
00688{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":45,"flow_first_seen":1569051264078,"flow_last_seen":1569051264482,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":12235,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"23.57.24.16","src_port":57022,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.AppleiTunes","breed":"Fun","category":"Streaming"}}
@@ -127,25 +128,24 @@
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264091,"flow_last_seen":1569051264679,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4093,"flow_avg_l4_payload_len":157,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57024,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":26,"flow_first_seen":1569051264093,"flow_last_seen":1569051264674,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3832,"flow_avg_l4_payload_len":147,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57025,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
00679{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1569051264666,"flow_last_seen":1569051265237,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":17722,"flow_avg_l4_payload_len":466,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":57026,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
-00634{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"TLS","breed":"Safe","category":"Web"}}
00577{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1569051257169,"flow_last_seen":1569051257194,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":23,"flow_tot_l4_payload_len":46,"flow_avg_l4_payload_len":5,"midstream":1,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"2.18.232.118","src_port":57017,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00815{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":24,"flow_first_seen":1569051247594,"flow_last_seen":1569051257495,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":3653,"flow_avg_l4_payload_len":152,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"34.225.240.173","src_port":49226,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
00814{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1569051264073,"flow_last_seen":1569051267100,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4493,"flow_avg_l4_payload_len":179,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"35.169.3.40","src_port":49227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"finished","flow_packets_processed":265,"flow_first_seen":1569051267121,"flow_last_seen":1569051267601,"flow_idle_time":7580000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":198733,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"13.35.253.42","src_port":57027,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Signal","breed":"Fun","category":"Chat"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051264088,"flow_last_seen":1569051264113,"flow_idle_time":200000,"flow_min_l4_payload_len":55,"flow_max_l4_payload_len":151,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":103,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":56263,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Signal","breed":"Fun","category":"Chat"}}
00674{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1569051247593,"flow_last_seen":1569051247630,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1569051267601,"l3_proto":"ip4","src_ip":"192.168.2.17","dst_ip":"192.168.2.1","src_port":60793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
-00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":273842,"total-not-detected-flows":0,"total-guessed-flows":3,"total-detected-flows":16,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_msec":1569051267601}
+00562{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":637,"source":"signal.pcap","alias":"nDPId-test","packets-captured":637,"packets-processed":637,"total-skipped-flows":0,"total-l4-data-len":273842,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":19,"total-detection-updates":24,"total-updates":0,"current-active-flows":0,"total-active-flows":19,"total-idle-flows":19,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":137,"global_ts_msec":1569051267601}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 637/637
~~ skipped flows.............: 0
~~ total layer4 data length..: 273842 bytes
-~~ total detected protocols..: 16
+~~ total detected protocols..: 19
~~ total active/idle flows...: 19/19
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5192486 bytes
-~~ total memory freed........: 5192486 bytes
-~~ total allocations/frees...: 114088/114088
+~~ total memory allocated....: 5960674 bytes
+~~ total memory freed........: 5960674 bytes
+~~ total allocations/frees...: 118862/118862
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 462 chars
~~ json string max len.......: 1427 chars
Powered by cgit, Themed by Ted Yin.