aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/fins.pcap.out
blob: 44476662050ee94317450ac846be76cf2ea77e11 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

00560{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00784{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1233089082809333}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809333,"pkt":"ANADs6f8ABNyl6LUCABFAAAugitAAEAREyYKBA5mCoKCguViJYAAGv5TgAACAAAAAAAAegEBAMzMzAAB"}
00925{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082809333,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":18,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":18,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":18,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082809333,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1233089082809355,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809355,"pkt":"ANADs6f8ABNyl6LUCABFAAAugixAAEAREyUKBA5mCoKCguViJYAAGn5SgAACAAAAAAAAegEBgMzMzAAC"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1233089082809384,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809384,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi1AAEAREyQKBA5mCoKCguViJYAAGv1TgAACAAAAAAAAegEBAczMzAAB"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1233089082809410,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809410,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi5AAEAREyMKBA5mCoKCguViJYAAGn1SgAACAAAAAAAAegEBgczMzAAC"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1233089082809435,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_usec":1233089082809435,"pkt":"ANADs6f8ABNyl6LUCABFAAAugi9AAEAREyIKBA5mCoKCguViJYAAGnxSgAACAAAAAAAAegEBgszMzAAC"}
02050{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":32,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082810135,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":16,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":37,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":613,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1233089082810135,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":22,"avg":25.9,"max":31,"stddev":1.6,"var":2.4,"ent":5.0,"data": [22,29,26,25,25,26,27,26,26,25,25,25,26,26,25,26,25,25,26,27,31,27,25,25,26,25,25,26,25,25,29]},"pktlen": {"min":44,"avg":47.2,"max":65,"stddev":3.5,"var":12.6,"ent":5.0,"data": [46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,46,52,48,44,48,50,46,46,46,46,46,50,48,65]},"bins": {"c_to_s": [31,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"entropies": [3.966703415,3.990315914,4.006726265,4.050204754,4.015212536,4.077271938,4.033793926,4.077271938,4.093682766,4.093682766,4.093682766,4.093682766,4.050204754,4.093682766,4.093682766,4.093682766,4.093682766,4.050204277,4.077271938,4.222351551,4.000422955,3.952195406,3.979268074,4.288366795,3.913608313,3.913608313,3.913608789,3.913608313,3.837309122,4.107601166,3.918294430,3.660078049]},"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":246,"packets-processed":245,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6597,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":11,"global_ts_usec":1428095655145347}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655145347,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":66,"expected":70,"global_ts_usec":1428095655145347}
00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_usec":1233089082814433,"pkt":"ABkHJDzKPKn0ISL4CABFAAA0ZANAAIAGf24KAQGtCgEBpELuJYDc78x8AAAAAIACIAAl6QAAAgQFtAEDAwIBAQQC"}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655145347,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655145347,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":246,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655145347,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1428095655145347,"pkt":"ABkHJDzKPKn0ISL4CABFAAA0ZANAAIAGf24KAQGtCgEBpELuJYDc78x8AAAAAIACIAAl6QAAAgQFtAEDAwIBAQQC"}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655286926,"packet_id":247,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":58,"expected":62,"global_ts_usec":1428095655286926}
00369{"packet_event_id":1,"packet_event_name":"packet","packet_id":247,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_usec":1428095655145347,"pkt":"PKn0ISL4ABkHJDzKCABFAAAsCPcAABQGhoMKAQGkCgEBrSWAQu5Ka\/mo3O\/MfWASCGAmEAAAAgQCGA=="}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1428095655145347,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1428095655286926,"pkt":"PKn0ISL4ABkHJDzKCABFAAAsCPcAABQGhoMKAQGkCgEBrSWAQu5Ka\/mo3O\/MfWASCGAmEAAAAgQCGA=="}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":3,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655287055,"packet_id":248,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655287055}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":248,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655286926,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZARAAIAGf3kKAQGtCgEBpELuJYDc78x9Smv5qVAQ\/3BDIAAA"}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1428095655287055,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":20,"thread_ts_usec":1428095655287055,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZARAAIAGf3kKAQGtCgEBpELuJYDc78x9Smv5qVAQ\/3BDIAAA"}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":4,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655289816,"packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":74,"expected":78,"global_ts_usec":1428095655289816}
00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_usec":1428095655287055,"pkt":"ABkHJDzKPKn0ISL4CABFAAA8ZAVAAIAGf2QKAQGtCgEBpELuJYDc78x9Smv5qVAY\/3CuWwAARklOUwAAAAwAAAAAAAAAAAAAAAA="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1428095655289816,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":40,"thread_ts_usec":1428095655289816,"pkt":"ABkHJDzKPKn0ISL4CABFAAA8ZAVAAIAGf2QKAQGtCgEBpELuJYDc78x9Smv5qVAY\/3CuWwAARklOUwAAAAwAAAAAAAAAAAAAAAA="}
00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":249,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655289816,"flow_dst_last_pkt_time":1428095655286926,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":20,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":20,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655289816,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":5,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655432184,"packet_id":250,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":78,"expected":82,"global_ts_usec":1428095655432184}
00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":250,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_usec":1428095655289816,"pkt":"PKn0ISL4ABkHJDzKCABFAABACPgAABQGhm4KAQGkCgEBrSWAQu5Ka\/mp3O\/MkVAYCEyjoAAARklOUwAAABAAAAABAAAAAAAAAPsAAADI"}
00557{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":250,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1428095655289816,"flow_dst_last_pkt_time":1428095655432184,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":44,"thread_ts_usec":1428095655432184,"pkt":"PKn0ISL4ABkHJDzKCABFAABACPgAABQGhm4KAQGkCgEBrSWAQu5Ka\/mp3O\/MkVAYCEyjoAAARklOUwAAABAAAAABAAAAAAAAAPsAAADI"}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":6,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655432629,"packet_id":251,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":83,"expected":87,"global_ts_usec":1428095655432629}
00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":251,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_usec":1428095655432184,"pkt":"ABkHJDzKPKn0ISL4CABFAABFZAZAAIAGf1oKAQGtCgEBpELuJYDc78yRSmv5wVAY\/1hwKwAARklOUwAAABUAAAACAAAAAIAAAgDIAAAA7wUFAQA="}
00340{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":7,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655590052,"packet_id":252,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":176,"expected":180,"global_ts_usec":1428095655590052}
00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":252,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":176,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_usec":1428095655432629,"pkt":"PKn0ISL4ABkHJDzKCABFAACiCPkAABQGhgsKAQGkCgEBrSWAQu5Ka\/nB3O\/MrlAYCC+h\/QAARklOUwAAAHIAAAACAAAAAMAAAgD77wDIAAUFAQAAQ1AxTC1FTDIwRFItRAAAACAgICAwMS4wMAAAAAAAMDEuMDYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAABAAMAChcqEAgAAAAAAAA="}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":8,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655590846,"packet_id":253,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655590846}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":253,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655590052,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZApAAIAGf3MKAQGtCgEBpELuJYDc78yuSmv6O1AR\/t5C7gAA"}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":9,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655734575,"packet_id":254,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655734575}
00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":254,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655590846,"pkt":"PKn0ISL4ABkHJDzKCABFAAAoCPoAABQGhoQKAQGkCgEBrSWAQu5Ka\/o73O\/Mr1ARCC45ngAA"}
00339{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":10,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095655734613,"packet_id":255,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":54,"expected":58,"global_ts_usec":1428095655734613}
00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":255,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_usec":1428095655734575,"pkt":"ABkHJDzKPKn0ISL4CABFAAAoZA1AAIAGf3AKAQGtCgEBpELuJYDc78yvSmv6PFAQ\/t5C7QAA"}
00971{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":245,"flow_dst_packets_processed":0,"flow_first_seen":1233089082809333,"flow_src_last_pkt_time":1233089082814433,"flow_dst_last_pkt_time":1233089082809333,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":12,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":540,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":6597,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095655734613,"l3_proto":"ip4","src_ip":"10.4.14.102","dst_ip":"10.130.130.130","src_port":58722,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00338{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":1,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095675892372,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":55,"expected":59,"global_ts_usec":1428095675892372}
00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_usec":1428095655734613,"pkt":"ABkHJDzKPKn0ISL4CABFAAApZUwAAIARviUKAQGtCgEBpNZHJYAAFWRWgAACAAAAAGMA7wUBAA=="}
00770{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095675892372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095675892372,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00526{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095675892372,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":59,"pkt_l4_len":21,"thread_ts_usec":1428095675892372,"pkt":"ABkHJDzKPKn0ISL4CABFAAApZUwAAIARviUKAQGtCgEBpNZHJYAAFWRWgAACAAAAAGMA7wUBAA=="}
00922{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095675892372,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1428095675892372,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00340{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","threshold_n":2,"threshold_n_max":16,"threshold_time":10000000,"threshold_ts_usec":1428095676054158,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","size":148,"expected":152,"global_ts_usec":1428095676054158}
00489{"packet_event_id":1,"packet_event_name":"packet","packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":152,"pkt_l4_len":0,"thread_ts_usec":1428095675892372,"pkt":"PKn0ISL4ABkHJDzKCABFAACGCP0AABQRhhgKAQGkCgEBrSWA1kcAcoFswAACAGMAAMgA7wUBAABDUDFMLUVMMjBEUi1EAAAAICAgIDAxLjAwAAAAAAAwMS4wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAEAAwAKFyoQCAAAAAAAAA=="}
00653{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":148,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":114,"thread_ts_usec":1428095676054158,"pkt":"PKn0ISL4ABkHJDzKCABFAACGCP0AABQRhhgKAQGkCgEBrSWA1kcAcoFswAACAGMAAMgA7wUBAABDUDFMLUVMMjBEUi1EAAAAICAgIDAxLjAwAAAAAAAwMS4wNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAEAAwAKFyoQCAAAAAAAAA=="}
00964{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":4,"flow_first_seen":1428095655145347,"flow_src_last_pkt_time":1428095655734613,"flow_dst_last_pkt_time":1428095655734575,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":29,"flow_dst_max_l4_payload_len":122,"flow_src_tot_l4_payload_len":49,"flow_dst_tot_l4_payload_len":146,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":17134,"dst_port":9600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00965{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":1,"flow_dst_packets_processed":1,"flow_first_seen":1428095675892372,"flow_src_last_pkt_time":1428095675892372,"flow_dst_last_pkt_time":1428095676054158,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":13,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":106,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":106,"midstream":0,"thread_ts_usec":1428095676054158,"l3_proto":"ip4","src_ip":"10.1.1.173","dst_ip":"10.1.1.164","src_port":54855,"dst_port":9600,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"FINS","proto_id":"362","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00796{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/fins.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":257,"packets-processed":257,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6911,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":50,"global_ts_usec":1428095676054158}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 257/257
~~ skipped flows.............: 0
~~ total layer4 data length..: 6911 bytes
~~ total detected protocols..: 3
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6653336 bytes
~~ total memory freed........: 6653336 bytes
~~ total allocations/frees...: 114298/114298
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 343 chars
~~ json message max len.......: 2055 chars
~~ json message avg len.......: 1198 chars
Powered by cgit, Themed by Ted Yin.