aboutsummaryrefslogtreecommitdiff
path: root/test/results/zoom2.pcap.out
diff options
context:
space:
mode:
Diffstat (limited to 'test/results/zoom2.pcap.out')
-rw-r--r--test/results/zoom2.pcap.out16
1 files changed, 8 insertions, 8 deletions
diff --git a/test/results/zoom2.pcap.out b/test/results/zoom2.pcap.out
index bb83176b9..42af221c3 100644
--- a/test/results/zoom2.pcap.out
+++ b/test/results/zoom2.pcap.out
@@ -7,12 +7,12 @@
01235{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458577638,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965458578318,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01295{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752945,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":1440,"midstream":0,"thread_ts_usec":1642965458752945,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}}
01572{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":5,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965458578318,"flow_dst_last_pkt_time":1642965458752990,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":4096,"midstream":0,"thread_ts_usec":1642965458752990,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","hostname":"zoomsjccv154mmr.sjc.zoom.us","tls": {"version":"TLSv1.2","server_names":"*.sjc.zoom.us","ja3":"832952db10f1453442636675bed2702b","ja3s":"8aca82d60194883e764ab2743e60c380","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.sjc.zoom.us","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1","fingerprint":"43:42:0A:34:FD:F6:7A:FC:E9:C1:95:D8:E0:79:7E:17:B9:65:B0:A7"}}}
-01844{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965459315313,"flow_dst_last_pkt_time":1642965459315763,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3004,"flow_dst_tot_l4_payload_len":9722,"midstream":0,"thread_ts_usec":1642965459315763,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":58874.8,"max":198571,"stddev":83051.8,"var":6897604608.0,"ent":3.4,"data": [174660,174776,564,174002,1305,35,10,9,175382,5,1,23625,1263,198571,173076,348,174461,174128,5783,7,187559,672,15,182407,110,83,84,878,803,496,2,0]},"pktlen": {"min":66,"avg":464.3,"max":1506,"stddev":547.4,"var":299645.5,"ent":4.1,"data": [78,74,66,583,66,1506,1506,1282,828,66,66,66,66,192,117,66,222,141,66,1506,781,66,1506,456,66,214,66,116,1344,66,1344,270]},"bins": {"c_to_s": [11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,1,1,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,1,0,1,0,0,1,0,1,1]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
+01842{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1642965458402978,"flow_src_last_pkt_time":1642965459315313,"flow_dst_last_pkt_time":1642965459315763,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3004,"flow_dst_tot_l4_payload_len":9722,"midstream":0,"thread_ts_usec":1642965459315763,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":50076,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":1,"avg":58874.8,"max":198571,"stddev":83051.8,"var":6897604608.0,"ent":3.4,"data": [174660,174776,564,174002,1305,35,10,9,175382,5,1,23625,1263,198571,173076,348,174461,174128,5783,7,187559,672,15,182407,110,83,84,878,803,496,2]},"pktlen": {"min":66,"avg":464.3,"max":1506,"stddev":547.4,"var":299645.5,"ent":4.1,"data": [78,74,66,583,66,1506,1506,1282,828,66,66,66,66,192,117,66,222,141,66,1506,781,66,1506,456,66,214,66,116,1344,66,1344,270]},"bins": {"c_to_s": [11,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0],"s_to_c": [3,1,1,0,1,0,1,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,0,0,0,0,3,0,0]},"directions": [0,1,0,0,1,1,1,1,1,0,0,0,0,0,1,0,0,1,0,0,0,1,1,1,0,1,0,0,1,0,1,1]},"ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"6":"DPI"},"proto":"TLS.Zoom","proto_id":"91.189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00759{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965459595620,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":95,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1642965459595620,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965459595620,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXeHsAAEARZSPAqAGykMNJmuztImEAgzNnAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hPwBvYT8AAABA5tdm9ZTyTIyTAkYLAufeKJLgneU8bl8DozakMMlr\/JDYAlm5+8RxsTcW0dGDYHnKojsP3MD2C2S9PgF8PPhtdgAAAAAAQABAAAB1MAABAAMAAiAA"}
00657{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":104,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1642965459696999,"flow_dst_last_pkt_time":1642965459595620,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_usec":1642965459696999,"pkt":"EBMx8Tl2KDc3AG3ICABFAACXZlQAAEARd0rAqAGykMNJmuztImEAg30SAQADyErEUocYzaK4R3obiZ8zgwAAAAAAAAACAG9hpABvYaQAAABASNx7XNkhaVV2TkWPa7HXWfzTaegL7lyuofS42ADMsef1ZS+nG51oqDil0vt0Fn4zbdXfyiCV8oAbYGEn4LlcKwAAAAAAQABAAAB1MAABAAMAAiAA"}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1642965459696999,"flow_dst_last_pkt_time":1642965459762205,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965459762205,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvJFAADER8FuQw0mawKgBsiJh7O0ANHLoAgADyErEUocYzaK4R3obiZ8zgwBPg3gAb2E\/AAAAAAAAAAAAQABAAAPgAwA="}
-01604{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":21,"avg":25414.0,"max":166585,"stddev":40490.2,"var":1639456256.0,"ent":3.6,"data": [101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205,0]},"pktlen": {"min":60,"avg":718.7,"max":1078,"stddev":464.6,"var":215864.3,"ent":4.6,"data": [165,165,86,60,170,170,86,60,170,102,102,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,102,1078,1078,1078,1078,1078,1078,1078]},"bins": {"c_to_s": [0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]}}
+01602{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":21,"avg":25414.0,"max":166585,"stddev":40490.2,"var":1639456256.0,"ent":3.6,"data": [101379,166585,27,72990,12330,100439,29,101849,72959,11921,4860,10860,10480,10129,246,9160,10351,10320,11352,21,292,9440,8565,5418,4862,82,10799,10006,10476,9401,205]},"pktlen": {"min":60,"avg":718.7,"max":1078,"stddev":464.6,"var":215864.3,"ent":4.6,"data": [165,165,86,60,170,170,86,60,170,102,102,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,1078,102,1078,1078,1078,1078,1078,1078,1078]},"bins": {"c_to_s": [0,0,0,2,3,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,20,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1]}}
00880{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00881{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":172,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":27,"flow_first_seen":1642965459595620,"flow_src_last_pkt_time":1642965459884168,"flow_dst_last_pkt_time":1642965460094905,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":128,"flow_dst_max_l4_payload_len":1036,"flow_src_tot_l4_payload_len":630,"flow_dst_tot_l4_payload_len":21016,"midstream":0,"thread_ts_usec":1642965460094905,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":60653,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00760{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":207,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460219455,"flow_dst_last_pkt_time":1642965460219455,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":123,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":123,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":123,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965460219455,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -23,10 +23,10 @@
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1642965460317924,"flow_dst_last_pkt_time":1642965460395901,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965460395901,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvbFAADER7zuQw0mawKgBsiJh4wUANKrxAgADlUCX4nL8uBw5x1bMJMqfpQBPg3kAb2OvAAAAAAAAAAAAQABAAAPgAwA="}
00665{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1642965460461401,"flow_dst_last_pkt_time":1642965460359314,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":167,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":167,"pkt_l4_len":133,"thread_ts_usec":1642965460461401,"pkt":"EBMx8Tl2KDc3AG3ICABFAACZ6kAAAEAR81vAqAGykMNJmuJhImEAhaEiAQADwkJYttycXaTnsMPEsai0ugAAAAAAAAACAG9koQBvZKEAAABA6DEQatkP0ZiaMugg0SFSq6JqmaXOleBRM3eRUGv0uLvPr6CL4g3oVryKRdoOzve7SJqEd+2jwB1vjsn7k5LMNv\/\/\/\/8AQABAAAB1MAABAAMAAiAACgA="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":348,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1642965460461401,"flow_dst_last_pkt_time":1642965460546911,"flow_idle_time":200000000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_usec":1642965460546911,"pkt":"KDc3AG3IEBMx8Tl2CABFAABIvg1AAC8R8N+Qw0mawKgBsiJh4mEANErbAgADwkJYttycXaTnsMPEsai0ugBPg3oAb2Q7AAAAAAAAAAAAQABAAAPgAwA="}
-01591{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":12,"avg":42778.1,"max":176446,"stddev":48878.6,"var":2389121792.0,"ent":4.1,"data": [98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502,0]},"pktlen": {"min":60,"avg":143.0,"max":203,"stddev":35.8,"var":1279.8,"ent":4.9,"data": [165,165,86,60,170,170,86,60,170,102,102,175,178,168,163,159,130,102,163,106,157,158,148,149,180,203,130,164,162,157,158,130]},"bins": {"c_to_s": [0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1]}}
+01589{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":12,"avg":42778.1,"max":176446,"stddev":48878.6,"var":2389121792.0,"ent":4.1,"data": [98469,176446,124,85491,9538,94754,12,99878,94166,12337,1946,12440,20627,16992,20131,168367,18000,3631,10879,10252,19350,32137,20903,115345,15,17844,18745,20098,20216,21487,85502]},"pktlen": {"min":60,"avg":143.0,"max":203,"stddev":35.8,"var":1279.8,"ent":4.9,"data": [165,165,86,60,170,170,86,60,170,102,102,175,178,168,163,159,130,102,163,106,157,158,148,149,180,203,130,164,162,157,158,130]},"bins": {"c_to_s": [0,0,1,6,4,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,5,3,8,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,0,0,1,0,0,0,0,1]}}
00879{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00880{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":497,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":12,"flow_dst_packets_processed":20,"flow_first_seen":1642965460219455,"flow_src_last_pkt_time":1642965460877104,"flow_dst_last_pkt_time":1642965460887928,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":88,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":161,"flow_dst_max_l4_payload_len":136,"flow_src_tot_l4_payload_len":1490,"flow_dst_tot_l4_payload_len":1734,"midstream":0,"thread_ts_usec":1642965460887928,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":58117,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
-01557{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":8,"avg":46715.2,"max":187597,"stddev":42950.9,"var":1844783744.0,"ent":4.3,"data": [102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582,0]},"pktlen": {"min":60,"avg":105.1,"max":185,"stddev":44.6,"var":1993.4,"ent":4.9,"data": [167,167,86,60,177,177,86,60,177,177,177,117,117,69,69,185,69,69,117,69,117,117,69,69,69,69,117,69,69,69,69,69]},"bins": {"c_to_s": [7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0]}}
+01555{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"data_analysis": {"iat": {"min":8,"avg":46715.2,"max":187597,"stddev":42950.9,"var":1844783744.0,"ent":4.3,"data": [102087,187597,15,105625,59,93505,28,87640,70667,56,105994,30,21517,32815,58979,18,48377,5541,49496,50209,26,8,55223,45719,56325,52361,22,59786,52118,47745,58582]},"pktlen": {"min":60,"avg":105.1,"max":185,"stddev":44.6,"var":1993.4,"ent":4.9,"data": [167,167,86,60,177,177,86,60,177,177,177,117,117,69,69,185,69,69,117,69,117,117,69,69,69,69,117,69,69,69,69,69]},"bins": {"c_to_s": [7,0,0,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [9,2,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,1,0,0,1,1,0,0,0,1,1,0,1,0,0,1,1,0,1,1,1,0,1,0,1,1,0,1,1,0]}}
00877{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00878{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":15,"flow_dst_packets_processed":17,"flow_first_seen":1642965460359314,"flow_src_last_pkt_time":1642965461085374,"flow_dst_last_pkt_time":1642965461081424,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":27,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":143,"flow_dst_max_l4_payload_len":75,"flow_src_tot_l4_payload_len":1257,"flow_dst_tot_l4_payload_len":755,"midstream":0,"thread_ts_usec":1642965461085374,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","src_port":57953,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"Zoom","proto_id":"189","encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00727{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11804,"source":"zoom2.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642965500049643,"flow_src_last_pkt_time":1642965500049643,"flow_dst_last_pkt_time":1642965500049643,"flow_idle_time":140000000,"flow_src_min_l4_payload_len":36,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":36,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":36,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642965500049643,"l3_proto":"ip4","src_ip":"192.168.1.178","dst_ip":"144.195.73.154","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
@@ -48,10 +48,10 @@
~~ total active/idle flows...: 5/5
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-~~ total memory allocated....: 6406911 bytes
-~~ total memory freed........: 6406911 bytes
+~~ total memory allocated....: 6406891 bytes
+~~ total memory freed........: 6406891 bytes
~~ total allocations/frees...: 133516/133516
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 490 chars
-~~ json string max len.......: 1849 chars
-~~ json string avg len.......: 1168 chars
+~~ json string max len.......: 1847 chars
+~~ json string avg len.......: 1167 chars
Powered by cgit, Themed by Ted Yin.