aboutsummaryrefslogtreecommitdiff
path: root/test/results/tftp.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/tftp.pcap.out')
-rw-r--r--test/results/tftp.pcap.out22
1 files changed, 11 insertions, 11 deletions
diff --git a/test/results/tftp.pcap.out b/test/results/tftp.pcap.out
index 86cf6bebd..370cdf5be 100644
--- a/test/results/tftp.pcap.out
+++ b/test/results/tftp.pcap.out
@@ -1,24 +1,24 @@
00436{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1367411051972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1367411051972,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1367411052077,"flow_last_seen":1367411052077,"flow_idle_time":180000,"flow_min_l4_payload_len":516,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":516,"midstream":0,"ts_msec":1367411052077,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1367411052077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1367411052077,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyUAAIARI1DAqAAKwKgA\/Q11xboCDNSjAAMAAQoKCgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSy4gU29sbGlucwpSZXF1ZXN0IEZvciBDb21tZW50czogMTM1MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNSVQKU1REOiAzMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSAxOTkyCk9ic29sZXRlczogUkZDIDc4MwoKCiAgICAgICAgICAgICAgICAgICAgIFRIRSBURlRQIFBST1RPQ09MIChSRVZJU0lPTiAyKQoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBSRkMgc3BlY2lmaWVzIGFuIElBQiBzdGFuZGFyZHMgdHJhY2sgcHJvdG9jb2wgZm9yIHRoZSBJbnRlcm5ldAogICBjb21tdW5pdHksIGFuZCByZXF1ZXN0cyBkaXNjdXNzaW9uIGFuZCBzdWdnZXN0aW9ucyBmb3IgaW1wcm92ZW1lbnRzLgogICBQbGVhc2UgcmVmZXIgdG8gdGhlIGN1cnJlbnQgZWRpdGlvbiBvZiB0aGUgIklB"}
00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1367411052081,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"ts_msec":1367411052081,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"}
01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1367411052086,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1367411052086,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"}
-00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1367411052088,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00710{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00646{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1367411052088,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00819{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00567{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626968644630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1626968644630,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"}
-00605{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00631{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00566{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1626968644631,"flow_last_seen":1626968644631,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1626968644631,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1626968644631,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"ts_msec":1626968644631,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgqt8AAEARbLCsHAWqrBwFW\/JqrkoADPveAAQAAA=="}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1626968644632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYuhAAEARcqesHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1626968644632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYulAAEARcqasHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
-00668{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00707{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
-00644{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00816{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
+00670{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","total-events-serialized":22}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 104/104
@@ -28,9 +28,9 @@
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 4601445 bytes
-~~ total memory freed........: 4601445 bytes
-~~ total allocations/frees...: 99666/99666
+~~ total memory allocated....: 4685414 bytes
+~~ total memory freed........: 4685414 bytes
+~~ total allocations/frees...: 101256/101256
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 159 chars
~~ json string max len.......: 1206 chars
Powered by cgit, Themed by Ted Yin.