From 9a28475bba88b711b7075b58473b7e5b5df1f393 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 22 Sep 2022 19:07:08 +0200 Subject: Improved flown analyse event: * store packet directions * merged direction based IATs * merged direction based PKTLENs Signed-off-by: Toni Uhlig --- test/results/flow-info/vxlan.pcap.out | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'test/results/flow-info/vxlan.pcap.out') diff --git a/test/results/flow-info/vxlan.pcap.out b/test/results/flow-info/vxlan.pcap.out index 69f169477..184892c76 100644 --- a/test/results/flow-info/vxlan.pcap.out +++ b/test/results/flow-info/vxlan.pcap.out @@ -20,19 +20,23 @@ new: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] detected: [.....9] [ip4][..udp] [...192.168.22.4][60230] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] analyse: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.141| 0.010| 0.031] - [IAT(c->s)...: 0.000| 0.141| 0.010| 0.031][IAT(s->c)...: 0.000| 0.000| 0.000| 0.000] - [PKTLEN(c->s): 120.000|1500.000|1169.700| 546.600][PKTLEN(s->c): 0.000| 0.000| 0.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.141| 0.010| 0.031| 963.930| 0.000] + [PKTLEN......: 120.000| 1500.000| 1169.700| 546.600|298767.600| 4.800] [BINS(c->s)..: 0,0,5,0,0,0,0,1,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,23,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS........: 10532,1402,105,10,11439,530,9521,113264,10571,140558,101,64,3057,190,558,175,1284,181,1316,3621,187,402,189,2282,184,313,186,833,189,694,184,0] + [PKTLENS.....: 128,120,1500,1500,588,120,289,120,572,120,1500,1500,874,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500,1500] analyse: [.....7] [ip4][..udp] [...192.168.22.4][40646] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] - [min|max|avg|stddev] - [IAT(flow)...: 0.000| 0.151| 0.011| 0.030] - [IAT(c->s)...: 0.000| 0.151| 0.011| 0.030][IAT(s->c)...: 0.000| 0.000| 0.000| 0.000] - [PKTLEN(c->s): 120.000| 438.000| 143.100| 68.200][PKTLEN(s->c): 0.000| 0.000| 0.000| 0.000] + [min|max|avg|stddev|variance|entropy] + [IAT.........: 0.000| 0.151| 0.011| 0.030| 901.957| 0.000] + [PKTLEN......: 120.000| 438.000| 143.100| 68.200| 4655.600| 4.900] [BINS(c->s)..: 0,0,28,0,1,0,0,1,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] [BINS(s->c)..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [DIRECTIONS..: 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] + [IATS........: 10329,305,11530,200,4,1301,10031,41817,81536,403,150839,3109,802,1504,1403,3811,602,2508,504,1003,903,802,707,803,710,2107,301,402,2307,401,201,0] + [PKTLENS.....: 128,120,438,120,120,120,184,285,120,120,303,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120,120] idle: [.....5] [ip4][..udp] [...192.168.22.4][60351] -> [...192.168.22.5][.4789] [VXLAN][Network][Acceptable] idle: [.....6] [ip4][..udp] [...192.168.22.5][50251] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] idle: [.....8] [ip4][..udp] [...192.168.22.5][36286] -> [...192.168.22.4][.4789] [VXLAN][Network][Acceptable] -- cgit v1.2.3