summaryrefslogtreecommitdiff
path: root/test/results/telegram.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/telegram.pcap.out')
-rw-r--r--test/results/telegram.pcap.out14
1 files changed, 7 insertions, 7 deletions
diff --git a/test/results/telegram.pcap.out b/test/results/telegram.pcap.out
index 3ac1c219c..c689efe31 100644
--- a/test/results/telegram.pcap.out
+++ b/test/results/telegram.pcap.out
@@ -121,7 +121,7 @@
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1588779619914,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":85,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":85,"pkt_l4_len":51,"thread_ts_msec":1588779619914,"pkt":"EBMx8Tl2KDc3AG3ICABFAABHqTUAAEARTdLAqAFNwKgBAbgXADUAM25TALgBAAABAAAAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAQ=="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779619914,"flow_last_seen":1588779619914,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":43,"flow_tot_l4_payload_len":43,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1588779619914,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00517{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":2,"flow_last_seen":1588779619916,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1588779619916,"pkt":"KDc3AG3IAICPmq69CABFAABXwqhAAEAR9E7AqAEBwKgBTQA1uBcAQ5UvALiBgAABAAEAAAAAA3d3dxFnb29nbGV0YWdzZXJ2aWNlcwNjb20AAAEAAcAMAAEAAQAAAAAABMCoAZ0="}
-00804{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
+00931{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":390,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779619916,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"},"dns": {"query":"www.googletagservices.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
00604{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":435,"source":"telegram.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1588779617174,"flow_last_seen":1588779621221,"flow_idle_time":200000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":240,"flow_tot_l4_payload_len":5232,"flow_avg_l4_payload_len":163,"midstream":0,"thread_ts_msec":1588779621221,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.52","src_port":23174,"dst_port":31480,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779625981,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00931{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1588779625981,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":397,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":397,"pkt_l4_len":363,"thread_ts_msec":1588779625981,"pkt":"\/\/\/\/\/\/\/\/AICPmq69CABFAAF\/jrEAAEAR6r0AAAAA\/\/\/\/\/wBEAEMBa16\/AQEGAN7JmyKFuQAAAAAAAAAAAAAAAAAAAAAAAACAj5quvQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBPRP\/j5quvQABAAEfyzfOuCfrPQjbUAB0AQE5AgXcPC1kaGNwY2QtNi4xMC4xOkxpbnV4LTQuOS41Ny12Nys6YXJtdjdsOkJDTTI4MzUMDHBpMy5udG9wLm9yZ5EBATcPAXkhAwYMDxocKjM2Ojt3\/w=="}
@@ -143,7 +143,7 @@
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1588779629044,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":72,"pkt_l4_len":38,"thread_ts_msec":1588779629044,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA6m54AAEARW3bAqAFNwKgBARa0ADUAJpvbsPwBAAABAAAAAAAABXBpeGVsAndwA2NvbQAAAQAB"}
00764{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":707,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629044,"flow_last_seen":1588779629044,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":30,"flow_tot_l4_payload_len":30,"flow_avg_l4_payload_len":30,"midstream":0,"thread_ts_msec":1588779629044,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":2,"flow_last_seen":1588779629045,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_msec":1588779629045,"pkt":"KDc3AG3IAICPmq69CABFAABKxbFAAEAR8VLAqAEBwKgBTQA1FrQANpjhsPyBgAABAAEAAAAABXBpeGVsAndwA2NvbQAAAQABwAwAAQABAAAAAAAEwKgBnQ=="}
-00778{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
+00905{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":708,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779629045,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pixel.wp.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"192.168.1.157"}}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1588779629079,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1588779629079,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFpC4AAP8Rk9rAqAFNwKgBAdVDADUAMZzqakQBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":710,"source":"telegram.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779629079,"flow_last_seen":1588779629079,"flow_idle_time":200000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1588779629079,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":54595,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -227,7 +227,7 @@
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1378,"source":"telegram.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1588779650651,"flow_last_seen":1588779650681,"flow_idle_time":200000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":60,"midstream":0,"thread_ts_msec":1588779650681,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":58615,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Dropbox","breed":"Acceptable","category":"Cloud"},"dns": {"query":"telemetry.dropbox.com","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"162.125.19.9"}}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1389,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":2,"flow_last_seen":1588779650842,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779650842,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACaJ+EAAAER35rAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1481,"source":"telegram.pcap","alias":"nDPId-test","flow_id":46,"flow_packet_id":3,"flow_last_seen":1588779652844,"flow_idle_time":200000,"pkt_oversize":false,"pkt_caplen":168,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":168,"pkt_l4_len":134,"thread_ts_msec":1588779652844,"pkt":"AQBef\/\/6wJrQLWJ0CABFAACajVgAAAEReiPAqAE17\/\/\/+txAB2wAhjvUTS1TRUFSQ0ggKiBIVFRQLzEuMQ0KSE9TVDogMjM5LjI1NS4yNTUuMjUwOjE5MDANCk1BTjogInNzZHA6ZGlzY292ZXIiDQpNWDogMQ0KU1Q6IHVybjpkaWFsLW11bHRpc2NyZWVuLW9yZzpzZXJ2aWNlOmRpYWw6MQ0KDQoA"}
-00676{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
+00803{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779629044,"flow_last_seen":1588779629045,"flow_idle_time":200000,"flow_min_l4_payload_len":30,"flow_max_l4_payload_len":46,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":5812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779615019,"flow_last_seen":1588779615032,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":61120,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00678{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1588779625981,"flow_last_seen":1588779625981,"flow_idle_time":200000,"flow_min_l4_payload_len":355,"flow_max_l4_payload_len":355,"flow_tot_l4_payload_len":355,"flow_avg_l4_payload_len":355,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"0.0.0.0","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1588779596451,"flow_last_seen":1588779651446,"flow_idle_time":200000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":3348,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"}}
@@ -238,7 +238,7 @@
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":21,"flow_first_seen":1588779616036,"flow_last_seen":1588779618946,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1456,"flow_avg_l4_payload_len":69,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.12.1","src_port":23174,"dst_port":536,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779619007,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.16.4","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
00682{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"finished","flow_packets_processed":20,"flow_first_seen":1588779616036,"flow_last_seen":1588779618748,"flow_idle_time":200000,"flow_min_l4_payload_len":32,"flow_max_l4_payload_len":96,"flow_tot_l4_payload_len":1360,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"91.108.8.8","src_port":23174,"dst_port":538,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Telegram","breed":"Acceptable","category":"Chat"}}
-00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
+00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779619914,"flow_last_seen":1588779619916,"flow_idle_time":200000,"flow_min_l4_payload_len":43,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.1","src_port":47127,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"23": {"risk":"Suspicious DNS Traffic","severity":"High","risk_score": {"total":760,"client":580,"server":180}}},"confidence": {"4":"DPI"},"proto":"DNS.GoogleServices","breed":"Acceptable","category":"Web"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1588779615962,"flow_last_seen":1588779615962,"flow_idle_time":200000,"flow_min_l4_payload_len":49,"flow_max_l4_payload_len":49,"flow_tot_l4_payload_len":49,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip6","src_ip":"fe80::4dc:edec:5b0c:a661","dst_ip":"ff02::fb","src_port":5353,"dst_port":5353,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1588779601223,"flow_last_seen":1588779632305,"flow_idle_time":200000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":928,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.77","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1566,"source":"telegram.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1588779611355,"flow_last_seen":1588779611657,"flow_idle_time":200000,"flow_min_l4_payload_len":125,"flow_max_l4_payload_len":125,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":125,"midstream":0,"thread_ts_msec":1588779655298,"l3_proto":"ip4","src_ip":"192.168.1.75","dst_ip":"239.255.255.250","src_port":57916,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
@@ -285,9 +285,9 @@
~~ total active/idle flows...: 48/48
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 5960016 bytes
-~~ total memory freed........: 5960016 bytes
-~~ total allocations/frees...: 119796/119796
+~~ total memory allocated....: 5963453 bytes
+~~ total memory freed........: 5963453 bytes
+~~ total allocations/frees...: 119822/119822
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 464 chars
~~ json string max len.......: 2278 chars
Powered by cgit, Themed by Ted Yin.