aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/facebook.pcap.out
blob: e9e069802fa6b5ee4bbf069e06730bb5b1b163a2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

00564{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00788{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1472393122365661}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122365661,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122365661,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122365661,"pkt":"mAyC0zx8MFLLbJwbCABFAAA84M9AAEAGjxHAqCsSQtycRMtiAbv14btyAAAAAKACchDLCQAAAgQFtAQCCAoAS1u9AAAAAAEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1472393122365661,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393122668038,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAE0GYuFC3JxEwKgrEgG7y2LsHfNy9eG7c6ASNpzIhwAAAgQFeAQCCAq7uwhkAEtbvQEDAwg="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1472393122668050,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393122668050,"pkt":"mAyC0zx8MFLLbJwbCABFAAA04NBAAEAGjxjAqCsSQtycRMtiAbv14btz7B3zc4AQAOXLAQAAAQEICgBLXBi7uwhk"}
00810{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":262,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":262,"pkt_l4_len":228,"thread_ts_usec":1472393122668183,"pkt":"mAyC0zx8MFLLbJwbCABFAAD44NFAAEAGjlPAqCsSQtycRMtiAbv14btz7B3zc4AYAOXLxQAAAQEICgBLXBi7uwhkFgMBAL8BAAC7AwNbh8URkho8fraMBpv52BLid6sw70NU5sSdt5TqEulpNAAAGsArwC\/MqcyowArACcATwBQAMwA5AC8ANQAKAQAAeAAAABEADwAADGZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAAAzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAg=="}
01200{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122668038,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393122668183,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","tls": {"version":"TLSv1.2","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122981932,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393122981932,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0+htAAE0GaM1C3JxEwKgrEgG7y2LsHfNz9eG8N4AQADsrTQAAAQEICru7CXIAS1wY"}
01285{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122668183,"flow_dst_last_pkt_time":1472393122981938,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":1388,"midstream":0,"thread_ts_usec":1472393122981938,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","tls": {"version":"TLSv1.2","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
01729{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":5,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393122981949,"flow_dst_last_pkt_time":1472393122982477,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":196,"flow_dst_tot_l4_payload_len":3173,"midstream":0,"thread_ts_usec":1472393122982477,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"facebook.com","tls": {"version":"TLSv1.2","server_names":"*.facebook.com,*.facebook.net,*.fb.com,*.fbcdn.net,*.fbsbx.com,*.m.facebook.com,*.messenger.com,*.xx.fbcdn.net,*.xy.fbcdn.net,*.xz.fbcdn.net,facebook.com,fb.com,messenger.com","ja3":"bfcc1a3891601edb4f137ab7ab25b840","ja3s":"2d1eb5817ece335c24904f516ad5da12","ja4":"t12d1310h2_27a29bd8d6e6_85173d161f9a","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA","subjectDN":"C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","fingerprint":"A0:4E:AF:B3:48:C2:6B:15:A8:C1:AA:87:A3:33:CA:A3:CD:EE:C9:C9","blocks":0}}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123550766,"flow_dst_last_pkt_time":1472393123550766,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393123550766,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1472393123550766,"flow_dst_last_pkt_time":1472393123550766,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393123550766,"pkt":"mAyC0zx8MFLLbJwbCABFAAA8dR1AAEAGZLPAqCsSHw1WJK5GAbsvASg9AAAAAKACchBhGgAAAgQFtAQCCAoAS10gAAAAAAEDAwc="}
00554{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1472393123550766,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1472393123682883,"pkt":"MFLLbJwbmAyC0zx8CABFAAA8AABAAFMGxtAfDVYkwKgrEgG7rkZw6dh2LwEoPqASNpwMewAAAgQFeAQCCAolRdDWAEtdIAEDAwg="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1472393123682902,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393123682902,"pkt":"mAyC0zx8MFLLbJwbCABFAAA0dR5AAEAGZLrAqCsSHw1WJK5GAbsvASg+cOnYd4AQAOVhEgAAAQEICgBLXUglRdDW"}
01246{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":583,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":583,"pkt_l4_len":549,"thread_ts_usec":1472393123683095,"pkt":"mAyC0zx8MFLLbJwbCABFAAI5dR9AAEAGYrTAqCsSHw1WJK5GAbsvASg+cOnYd4AYAOVjFwAAAQEICgBLXUglRdDWFgMBAgABAAH8AwM+9tNpxmZK\/eWu6BicR\/VdzCeqETHBQQTjNp6ce6Re6CDpbumLT\/pcQV4Yd+w5nmyQiqDe8maQl\/9twNFsjvN1qAAawCvAL8ypzKjACsAJwBPAFAAzADkALwA1AAoBAAGZAAAAFQATAAAQd3d3LmZhY2Vib29rLmNvbQAXAAD\/AQABAAAKAAgABgAXABgAGQALAAIBAAAjAMAVCJH+V6O+8X2imm8A5SDgHXzaZOkxASoAP7PEoNjKKl9CQSOx\/teLVlne5tIoYDG+cMhqc3xPewtsO6jtNu2A8OCQyx9HEmHS7QX20VvDQq\/STGmFYAcDBbKS4nC6fio3njGW7FzDfetud3qZZ7+M0xYt8VAkhG35Ct6tGM4sR0dgJpKxO\/\/uHgQ595Wbqzav3mtgVLdqqXZj+Rm0AO2brTOq4RRSAn0Yz2Qs7sU+3hKk3fw1CrFvT3svUypcWbkzdAAAABAAFwAVAmgyCHNwZHkvMy4xCGh0dHAvMS4xAAUABQEAAAAAAA0AGAAWBAEFAQYBAgEEAwUDBgMCAwUCBAICAgAVAFkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=="}
01203{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123682883,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1472393123683095,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"","ja4":"t12d1311h2_27a29bd8d6e6_c4623e4f4474","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,spdy\/3.1,http\/1.1","blocks":0}}}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123837584,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1472393123837584,"pkt":"MFLLbJwbmAyC0zx8CABFAAA0CRtAAFMGvb0fDVYkwKgrEgG7rkZw6dh3LwEqQ4AQADtuqgAAAQEICiVF0WwAS11I"}
01286{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":25,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":3,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393123683095,"flow_dst_last_pkt_time":1472393123838069,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":146,"flow_src_tot_l4_payload_len":517,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1472393123838069,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com","tls": {"version":"TLSv1.2","ja3":"5c60e71f1b8cd40e4d40ed5b6d666e3f","ja3s":"96681175a9547081bf3d417f1a572091","ja4":"t12d1311h2_27a29bd8d6e6_c4623e4f4474","unsafe_cipher":0,"cipher":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","advertised_alpns":"h2,spdy\/3.1,http\/1.1","negotiated_alpn":"h2","blocks":0}}}
02225{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":51,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":18,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124118414,"flow_dst_last_pkt_time":1472393124118402,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":992,"flow_dst_tot_l4_payload_len":15090,"midstream":0,"thread_ts_usec":1472393124118414,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":193,"avg":36622.1,"max":154982,"stddev":57898.8,"var":3352273664.0,"ent":3.3,"data": [132117,132136,193,154701,485,154982,244,3282,129361,125921,442,418,797,119231,4520,123730,627,605,1230,4940,621,5568,8878,7797,16680,916,530,1441,790,657,1444]},"pktlen": {"min":52,"avg":555.1,"max":1440,"stddev":613.3,"var":376153.1,"ent":4.1,"data": [60,60,52,569,52,198,52,103,438,133,90,90,94,52,1440,431,52,1440,576,52,1440,1440,52,1440,1440,52,1440,1440,52,1440,1440,52]},"bins": {"c_to_s": [10,2,0,0,0,0,0,0,0,0,0,0,1,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [2,2,1,0,1,0,0,0,0,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,10,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,0,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0,1,1,0],"entropies": [4.760014057,5.194312096,5.053297043,6.165235996,5.091758251,6.462422371,5.053297043,5.523866653,7.463335991,6.461145878,5.587870598,5.919519901,5.958845615,5.014835358,7.843218803,7.552490711,5.025067806,7.863905430,7.631061554,5.025067329,7.860723495,7.881686687,5.063529015,7.870133877,7.854965687,5.063529015,7.867281437,7.861505032,5.025067329,7.849763870,7.860621929,5.025067329]},"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}}
00984{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":9,"flow_dst_packets_processed":10,"flow_first_seen":1472393122365661,"flow_src_last_pkt_time":1472393123408152,"flow_dst_last_pkt_time":1472393123665163,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":383,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":743,"flow_dst_tot_l4_payload_len":3732,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"66.220.156.68","src_port":52066,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork"}}
01019{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":22,"flow_first_seen":1472393123550766,"flow_src_last_pkt_time":1472393124218612,"flow_dst_last_pkt_time":1472393124229315,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":517,"flow_dst_max_l4_payload_len":1388,"flow_src_tot_l4_payload_len":1402,"flow_dst_tot_l4_payload_len":20642,"midstream":0,"thread_ts_usec":1472393124229315,"l3_proto":"ip4","src_ip":"192.168.43.18","dst_ip":"31.13.86.36","src_port":44614,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"TLS.Facebook","proto_id":"91.119","proto_by_ip":"Facebook","proto_by_ip_id":119,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"www.facebook.com"}}
00798{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":60,"source":"cfgs\/default\/pcap\/facebook.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":60,"packets-processed":60,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":26519,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":23,"global_ts_usec":1472393124229315}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 60/60
~~ skipped flows.............: 0
~~ total layer4 data length..: 26519 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6661098 bytes
~~ total memory freed........: 6661098 bytes
~~ total allocations/frees...: 114116/114116
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 546 chars
~~ json message max len.......: 2230 chars
~~ json message avg len.......: 1372 chars
Powered by cgit, Themed by Ted Yin.