summaryrefslogtreecommitdiff
path: root/test/results/skype_no_unknown.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/skype_no_unknown.pcap.out')
-rw-r--r--test/results/skype_no_unknown.pcap.out10
1 files changed, 5 insertions, 5 deletions
diff --git a/test/results/skype_no_unknown.pcap.out b/test/results/skype_no_unknown.pcap.out
index eb9bbeec3..00652fd13 100644
--- a/test/results/skype_no_unknown.pcap.out
+++ b/test/results/skype_no_unknown.pcap.out
@@ -79,7 +79,7 @@
01007{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":72,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970636044810,"flow_src_last_pkt_time":1431970636044810,"flow_dst_last_pkt_time":1431970636044810,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":197,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":197,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":197,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1431970636044810,"l3_proto":"ip4","src_ip":"17.143.160.149","dst_ip":"192.168.1.34","src_port":5223,"dst_port":50407,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_src_last_pkt_time":1431970636044810,"flow_dst_last_pkt_time":1431970636044874,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1431970636044874,"pkt":"0NQSxnP1PBXCt3IOCABFAAA0K69AAEAGmybAqAEiEY+glcTnFGcgAvEUyi6rq4AQD\/mVBgAAAQEICj4xjDlVV93M"}
00658{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_src_last_pkt_time":1431970636044810,"flow_dst_last_pkt_time":1431970636045750,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_usec":1431970636045750,"pkt":"0NQSxnP1PBXCt3IOCABFAACO6xNAAEAG22fAqAEiEY+glcTnFGcgAvEUyi6rq4AYEAB7VwAAAQEICj4xjDlVV93MFwMBACDcBm8C5CuEds5WH7uOVSaoSAeWe3pVfjpiQwGsBHUCdhcDAQAwqX6WBIxQfVe36rHY2TMg9Ev1HCHJmLbDku3Ki37TObTq6YVIEEF1VGVKw\/q+D6y6"}
-01597{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":77,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1431970634729598,"flow_src_last_pkt_time":1431970635881910,"flow_dst_last_pkt_time":1431970636210299,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1317,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3197,"flow_dst_tot_l4_payload_len":6571,"midstream":0,"thread_ts_usec":1431970636210299,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":4,"flow_avg":84164.6,"flow_max":302172,"flow_stddev":89940.0,"c_to_s_min":176,"c_to_s_avg":71327.4,"c_to_s_max":286823,"c_to_s_stddev":79904.3,"s_to_c_min":4,"s_to_c_avg":98713.4,"s_to_c_max":302172,"s_to_c_stddev":98094.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":254.8,"c_to_s_max":1383,"c_to_s_stddev":339.4,"s_to_c_min":66,"s_to_c_avg":504.3,"s_to_c_max":1506,"s_to_c_stddev":552.6}},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
+01597{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":77,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1431970634729598,"flow_src_last_pkt_time":1431970635881910,"flow_dst_last_pkt_time":1431970636210299,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1317,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3197,"flow_dst_tot_l4_payload_len":6571,"midstream":0,"thread_ts_usec":1431970636210299,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.56.126.211","src_port":51230,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":4,"flow_avg":84935.9,"flow_max":302172,"flow_stddev":91274.9,"c_to_s_min":176,"c_to_s_avg":72019.5,"c_to_s_max":286823,"c_to_s_stddev":82314.0,"s_to_c_min":4,"s_to_c_avg":98713.4,"s_to_c_max":302172,"s_to_c_stddev":98094.5},"pktlen": {"c_to_s_min":66,"c_to_s_avg":254.8,"c_to_s_max":1383,"c_to_s_stddev":339.4,"s_to_c_min":66,"s_to_c_avg":504.3,"s_to_c_max":1506,"s_to_c_stddev":552.6}},"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS (v1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"9": {"risk":"TLS Cert Expired","severity":"High","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"6":"DPI"},"proto":"TLS.Skype_Teams","proto_id":"91.125","encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00762{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970636300980,"flow_src_last_pkt_time":1431970636300980,"flow_dst_last_pkt_time":1431970636300980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970636300980,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_src_last_pkt_time":1431970636300980,"flow_dst_last_pkt_time":1431970636300980,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1431970636300980,"pkt":"0NQSxnP1PBXCt3IOCABFAABLV\/cAAEARnzfAqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
01027{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":87,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970636300980,"flow_src_last_pkt_time":1431970636300980,"flow_dst_last_pkt_time":1431970636300980,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":47,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":47,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970636300980,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":50055,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DNS.Skype_Teams","proto_id":"5.125","encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"pipe.prd.skypedata.akadns.net","dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}}
@@ -111,7 +111,7 @@
00543{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":273,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_src_last_pkt_time":1431970637443973,"flow_dst_last_pkt_time":1431970635325136,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_usec":1431970637443973,"pkt":"0NQSxnP1PBXCt3IOCABFAAA6+FgAAEAR\/ubAqAEiwKgBAfgaADUAJptGWcsBAAABAAAAAAAAAnVpBXNreXBlA2NvbQAAAQAB"}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":3,"flow_src_last_pkt_time":1431970638471236,"flow_dst_last_pkt_time":1431970636300980,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1431970638471236,"pkt":"0NQSxnP1PBXCt3IOCABFAABLoPEAAEARVj3AqAEiwKgBAcOHADUANwqgVG4BAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAABAAE="}
00567{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":440,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":3,"flow_src_last_pkt_time":1431970638471318,"flow_dst_last_pkt_time":1431970636301275,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1431970638471318,"pkt":"0NQSxnP1PBXCt3IOCABFAABL\/NIAAEAR+lvAqAEiwKgBAcopADUAN1kA5GsBAAABAAAAAAAABHBpcGUDcHJkCXNreXBlZGF0YQZha2FkbnMDbmV0AAAcAAE="}
-01351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1431970637197675,"flow_src_last_pkt_time":1431970639484015,"flow_dst_last_pkt_time":1431970639483962,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":626,"flow_dst_max_l4_payload_len":607,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":2368,"midstream":1,"thread_ts_usec":1431970639484015,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3,"flow_avg":163725.0,"flow_max":1077385,"flow_stddev":335485.7,"c_to_s_min":61,"c_to_s_avg":191501.1,"c_to_s_max":933119,"c_to_s_stddev":323938.2,"s_to_c_min":3,"s_to_c_avg":142892.9,"s_to_c_max":1077385,"s_to_c_stddev":342416.4},"pktlen": {"c_to_s_min":54,"c_to_s_avg":273.6,"c_to_s_max":680,"c_to_s_stddev":284.8,"s_to_c_min":60,"s_to_c_avg":204.2,"s_to_c_max":661,"s_to_c_stddev":210.3}},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
+01351{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":448,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_src_packets_processed":16,"flow_dst_packets_processed":16,"flow_first_seen":1431970637197675,"flow_src_last_pkt_time":1431970639484015,"flow_dst_last_pkt_time":1431970639483962,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":626,"flow_dst_max_l4_payload_len":607,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":2368,"midstream":1,"thread_ts_usec":1431970639484015,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"17.172.100.36","src_port":51227,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3,"flow_avg":169356.6,"flow_max":1077385,"flow_stddev":340339.8,"c_to_s_min":61,"c_to_s_avg":207849.1,"c_to_s_max":933119,"c_to_s_stddev":333569.3,"s_to_c_min":3,"s_to_c_avg":142892.9,"s_to_c_max":1077385,"s_to_c_stddev":342416.4},"pktlen": {"c_to_s_min":54,"c_to_s_avg":273.6,"c_to_s_max":680,"c_to_s_stddev":284.8,"s_to_c_min":60,"s_to_c_avg":204.2,"s_to_c_max":661,"s_to_c_stddev":210.3}},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Apple","proto_id":"91.140","encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
00764{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970642408833,"flow_src_last_pkt_time":1431970642408833,"flow_dst_last_pkt_time":1431970642408833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970642408833,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_src_last_pkt_time":1431970642408833,"flow_dst_last_pkt_time":1431970642408833,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_usec":1431970642408833,"pkt":"\/\/\/\/\/\/\/\/PBXCt3IOCABFAABOkRoAAEARZRPAqAEiwKgB\/wCJAIkAOosFRXIBEAABAAAAAAAAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAAAgAAE="}
00898{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":477,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970642408833,"flow_src_last_pkt_time":1431970642408833,"flow_dst_last_pkt_time":1431970642408833,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":50,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":50,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970642408833,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"NetBIOS","proto_id":"10","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"__msbrowse__"}}
@@ -800,7 +800,7 @@
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1353,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":228,"flow_packet_id":3,"flow_src_last_pkt_time":1431970686381625,"flow_dst_last_pkt_time":1431970686381504,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431970686381625,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoqoZAAEAGmEPAqAEiW77afchVMD6WWeS3Rpk1L1AQIACoYAAA"}
00520{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1361,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":225,"flow_packet_id":3,"flow_src_last_pkt_time":1431970686624286,"flow_dst_last_pkt_time":1431970685835490,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431970686624286,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoWF8AAEARnvLAqAEiwKgBAeasFOcAFAzzAAEAADLdMt0AAA4Q"}
00560{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1362,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":226,"flow_packet_id":3,"flow_src_last_pkt_time":1431970686627227,"flow_dst_last_pkt_time":1431970685839326,"flow_idle_time":140000000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1431970686627227,"pkt":"PBXCt3IO0NQSxnP1CABFwABElr8AAEABX8bAqAEBwKgBIgMDgJYAAAAARQAAKFhfAABAEZ7ywKgBIsCoAQHmrBTnABQM8wABAAAy3TLdAAAOEA=="}
-01217{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1431970682971895,"flow_src_last_pkt_time":1431970686763311,"flow_dst_last_pkt_time":1431970686763184,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":609,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1353,"flow_dst_tot_l4_payload_len":2282,"midstream":0,"thread_ts_usec":1431970686763311,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3,"flow_avg":343837.0,"flow_max":3420078,"flow_stddev":616519.9,"c_to_s_min":133,"c_to_s_avg":424205.5,"c_to_s_max":3420078,"c_to_s_stddev":784768.1,"s_to_c_min":3,"s_to_c_avg":252752.6,"s_to_c_max":1296903,"s_to_c_stddev":311898.6},"pktlen": {"c_to_s_min":66,"c_to_s_avg":147.0,"c_to_s_max":675,"c_to_s_stddev":182.1,"s_to_c_min":66,"s_to_c_avg":218.7,"s_to_c_max":1506,"s_to_c_stddev":370.6}}}
+01217{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1431970682971895,"flow_src_last_pkt_time":1431970686763311,"flow_dst_last_pkt_time":1431970686763184,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":609,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1353,"flow_dst_tot_l4_payload_len":2282,"midstream":0,"thread_ts_usec":1431970686763311,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":3,"flow_avg":244603.4,"flow_max":1296903,"flow_stddev":277928.5,"c_to_s_min":133,"c_to_s_avg":236963.5,"c_to_s_max":1006187,"c_to_s_stddev":241535.5,"s_to_c_min":3,"s_to_c_avg":252752.6,"s_to_c_max":1296903,"s_to_c_stddev":311898.6},"pktlen": {"c_to_s_min":66,"c_to_s_avg":147.0,"c_to_s_max":675,"c_to_s_stddev":182.1,"s_to_c_min":66,"s_to_c_avg":218.7,"s_to_c_max":1506,"s_to_c_stddev":370.6}}}
00826{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1368,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":210,"flow_state":"info","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1431970682971895,"flow_src_last_pkt_time":1431970686763311,"flow_dst_last_pkt_time":1431970686763184,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":609,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":1353,"flow_dst_tot_l4_payload_len":2282,"midstream":0,"thread_ts_usec":1431970686763311,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.74.48","src_port":51279,"dst_port":40008,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970686843964,"flow_src_last_pkt_time":1431970686843964,"flow_dst_last_pkt_time":1431970686843964,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970686843964,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"91.190.218.125","src_port":51286,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1372,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_src_last_pkt_time":1431970686843964,"flow_dst_last_pkt_time":1431970686843964,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1431970686843964,"pkt":"0NQSxnP1PBXCt3IOCABFAABAXdpAAEAG5NfAqAEiW77afchWAbv9gi8BAAAAALAC\/\/+4gAAAAgQFtAEDAwUBAQgKPjJRrgAAAAAEAgAA"}
@@ -894,7 +894,7 @@
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1755,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":251,"flow_packet_id":3,"flow_src_last_pkt_time":1431970693239613,"flow_dst_last_pkt_time":1431970693239490,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1431970693239613,"pkt":"0NQSxnP1PBXCt3IOCABFAAAoI6NAAEAGISfAqAEiW77YfchmAbumoVhkgmR6JFAQIADUHQAA"}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970694308651,"flow_src_last_pkt_time":1431970694308651,"flow_dst_last_pkt_time":1431970694308651,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970694308651,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"80.121.84.93","src_port":51303,"dst_port":62381,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1790,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":1,"flow_src_last_pkt_time":1431970694308651,"flow_dst_last_pkt_time":1431970694308651,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1431970694308651,"pkt":"0NQSxnP1PBXCt3IOCABFAABA0wpAAEAGAQ3AqAEiUHlUXchn861MQWgbAAAAALAC\/\/+zaQAAAgQFtAEDAwUBAQgKPjJuTgAAAAAEAgAA"}
-01222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1431970689672643,"flow_src_last_pkt_time":1431970693736762,"flow_dst_last_pkt_time":1431970694329250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":752,"flow_dst_max_l4_payload_len":1124,"flow_src_tot_l4_payload_len":1528,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":1431970694329250,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":128,"flow_avg":273273.8,"flow_max":2004084,"flow_stddev":495225.5,"c_to_s_min":128,"c_to_s_avg":227119.6,"c_to_s_max":1936170,"c_to_s_stddev":478118.3,"s_to_c_min":64112,"s_to_c_avg":332614.8,"s_to_c_max":2004084,"s_to_c_stddev":510290.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":151.6,"c_to_s_max":818,"c_to_s_stddev":204.4,"s_to_c_min":66,"s_to_c_avg":164.5,"s_to_c_max":1190,"s_to_c_stddev":284.9}}}
+01222{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":1791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1431970689672643,"flow_src_last_pkt_time":1431970693736762,"flow_dst_last_pkt_time":1431970694329250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":752,"flow_dst_max_l4_payload_len":1124,"flow_src_tot_l4_payload_len":1528,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":1431970694329250,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":128,"flow_avg":281313.8,"flow_max":2004084,"flow_stddev":501089.8,"c_to_s_min":128,"c_to_s_avg":239065.8,"c_to_s_max":1936170,"c_to_s_stddev":489362.0,"s_to_c_min":64112,"s_to_c_avg":332614.8,"s_to_c_max":2004084,"s_to_c_stddev":510290.9},"pktlen": {"c_to_s_min":66,"c_to_s_avg":151.6,"c_to_s_max":818,"c_to_s_stddev":204.4,"s_to_c_min":66,"s_to_c_avg":164.5,"s_to_c_max":1190,"s_to_c_stddev":284.9}}}
00825{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":1791,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":242,"flow_state":"info","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1431970689672643,"flow_src_last_pkt_time":1431970693736762,"flow_dst_last_pkt_time":1431970694329250,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":752,"flow_dst_max_l4_payload_len":1124,"flow_src_tot_l4_payload_len":1528,"flow_dst_tot_l4_payload_len":1371,"midstream":0,"thread_ts_usec":1431970694329250,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"81.83.77.141","src_port":51294,"dst_port":17639,"l4_proto":"tcp","ndpi": {"proto":"Unknown","proto_id":"0","encrypted":0,"breed":"Unrated"}}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1812,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":252,"flow_packet_id":2,"flow_src_last_pkt_time":1431970695316316,"flow_dst_last_pkt_time":1431970694308651,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1431970695316316,"pkt":"0NQSxnP1PBXCt3IOCABFAABAwedAAEAGEjDAqAEiUHlUXchn861MQWgbAAAAALAC\/\/+vgAAAAgQFtAEDAwUBAQgKPjJyNwAAAAAEAgAA"}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1817,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":253,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970695865959,"flow_src_last_pkt_time":1431970695865959,"flow_dst_last_pkt_time":1431970695865959,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970695865959,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"149.13.32.15","src_port":51305,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -959,7 +959,7 @@
00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970707911507,"flow_src_last_pkt_time":1431970707911507,"flow_dst_last_pkt_time":1431970707911507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970707911507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_packet_id":1,"flow_src_last_pkt_time":1431970707911507,"flow_dst_last_pkt_time":1431970707911507,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1431970707911507,"pkt":"0NQSxnP1PBXCt3IOCABFAAAu+nsAAEAR9XPAqAEihexDGTLdwCsAGiMOfdMCo1rvIegrMqRysYXm5vlz"}
00900{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":2131,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":266,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970707911507,"flow_src_last_pkt_time":1431970707911507,"flow_dst_last_pkt_time":1431970707911507,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970707911507,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"133.236.67.25","src_port":13021,"dst_port":49195,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
-01339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2139,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1431970648367692,"flow_src_last_pkt_time":1431970708344887,"flow_dst_last_pkt_time":1431970648367692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":363,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10518,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970708344887,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":491,"flow_avg":1893129.5,"flow_max":19856559,"flow_stddev":5777297.0,"c_to_s_min":491,"c_to_s_avg":1893129.5,"c_to_s_max":19856559,"c_to_s_stddev":5777297.0,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0},"pktlen": {"c_to_s_min":327,"c_to_s_avg":370.7,"c_to_s_max":405,"c_to_s_stddev":29.1,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0}},"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
+01339{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":2139,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1431970648367692,"flow_src_last_pkt_time":1431970708344887,"flow_dst_last_pkt_time":1431970648367692,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":285,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":363,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":10518,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970708344887,"l3_proto":"ip4","src_ip":"192.168.0.254","dst_ip":"239.255.255.250","src_port":1025,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"flow_min":491,"flow_avg":1934748.2,"flow_max":19856559,"flow_stddev":5865016.5,"c_to_s_min":491,"c_to_s_avg":1934748.2,"c_to_s_max":19856559,"c_to_s_stddev":5865016.5,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0},"pktlen": {"c_to_s_min":327,"c_to_s_avg":370.7,"c_to_s_max":405,"c_to_s_stddev":29.1,"s_to_c_min":0,"s_to_c_avg":0.0,"s_to_c_max":0,"s_to_c_stddev":0.0}},"ndpi": {"confidence": {"6":"DPI"},"proto":"SSDP","proto_id":"12","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970708715662,"flow_src_last_pkt_time":1431970708715662,"flow_dst_last_pkt_time":1431970708715662,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970708715662,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"212.161.8.36","src_port":51319,"dst_port":13392,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2145,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":267,"flow_packet_id":1,"flow_src_last_pkt_time":1431970708715662,"flow_dst_last_pkt_time":1431970708715662,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_usec":1431970708715662,"pkt":"0NQSxnP1PBXCt3IOCABFAABAWHtAAEAGQ63AqAEi1KEIJMh3NFBvQ5mUAAAAALAC\/\/+uawAAAgQFtAEDAwUBAQgKPjKmLwAAAAAEAgAA"}
00941{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":2146,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1431970687262098,"flow_src_last_pkt_time":1431970687262098,"flow_dst_last_pkt_time":1431970687262098,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1431970708726988,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"189.188.134.174","src_port":13021,"dst_port":22436,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Skype_Teams.Skype_TeamsCall","proto_id":"125.38","encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
Powered by cgit, Themed by Ted Yin.