From 9a28475bba88b711b7075b58473b7e5b5df1f393 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Thu, 22 Sep 2022 19:07:08 +0200
Subject: Improved flown analyse event:

 * store packet directions
 * merged direction based IATs
 * merged direction based PKTLENs

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 test/results/flow-info/telnet.pcap.out | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'test/results/flow-info/telnet.pcap.out')

diff --git a/test/results/flow-info/telnet.pcap.out b/test/results/flow-info/telnet.pcap.out
index 02a936136..1e9a1a938 100644
--- a/test/results/flow-info/telnet.pcap.out
+++ b/test/results/flow-info/telnet.pcap.out
@@ -9,12 +9,14 @@
  detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe]
                    RISK: Unsafe Protocol
           analyse: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] 
-                   [min|max|avg|stddev]
-                   [IAT(flow)...:    0.000|   1.233|   0.125|   0.337]
-                   [IAT(c->s)...:    0.000|   1.233|   0.160|   0.383][IAT(s->c)...:    0.001|   1.107|   0.088|   0.275]
-                   [PKTLEN(c->s):   66.000| 151.000|  78.400|  23.800][PKTLEN(s->c):   66.000|  98.000|  75.800|  10.400]
+                   [min|max|avg|stddev|variance|entropy]
+                   [IAT.........:     0.000|    1.233|    0.125|    0.337|113396.253|    0.000]
+                   [PKTLEN......:    66.000|  151.000|   77.200|   18.800|  354.000|    5.000]
                    [BINS(c->s)..: 15,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
                    [BINS(s->c)..: 14,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+                   [DIRECTIONS..: 0,1,0,0,1,0,0,1,1,0,1,1,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,0,1,0,0,0]
+                   [IATS........: 2525,2572,1588,147810,146242,172,1611,1711,3291,1327,593,1791,1069,2370,3571,617,1174,22251,20360,1248,13791,15049,1196,784,12789,12241,20023,1107336,1099990,1232764,1372,0]
+                   [PKTLENS.....: 74,74,66,93,69,66,69,66,91,130,66,84,75,66,90,66,151,66,69,69,66,78,72,66,81,66,98,66,73,66,72,66]
  detection-update: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe]
                    RISK: Unsafe Protocol
               end: [.....1] [ip4][..tcp] [....192.168.0.2][.1550] -> [....192.168.0.1][...23] [Telnet][RemoteAccess][Unsafe]
-- 
cgit v1.2.3