aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/gtp_false_positive.pcapng.out
blob: 2be772c25f92d25a8edb467d02f229b9d2657518 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

00625{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00846{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1638856441836839}
00787{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":39,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":39,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856441836839,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1638856441836839,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856441836839,"pkt":"AAAAAAAAAAEAm1OyCABFAABDuMQAAD8R0IIYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"}
00572{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1638856442050829,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_usec":1638856442050829,"pkt":"AAAAAAAAAAEAm1OyCABFAABDLq0AAD8RWpoYASFCPjh66HJHDToAL3+GJwAAAAJZAADIADJepW8BAAAAHa0lUAAAAAAAAAAAAAAAAAEAAAAA"}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1638856501910904,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1638856501910904,"pkt":"AAAAAAAAAAEAm1OyCABFAABLxYgAAD8Rw7YYASFCPjh66HJHDToANyFgLwAAAALBDwDIAAEAAADTFLeVMl6lbwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00584{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1638856501912725,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_usec":1638856501912725,"pkt":"AAAAAAAAAAEAm1OyCABFAABL0zoAAD8RtgQYASFCPjh66HJHDToANyFgLwAAAALBDwDIAAEAAADTFLeVMl6lbwABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="}
00586{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":88,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":88,"pkt_l4_len":54,"thread_ts_usec":1638856511476253,"pkt":"AAAAAAAAAAEAm1OyCABFAABKCqAAAD8RfqAYASFCPjh66HJHDToANrRYLgAAAAIpAwDIADJepW\/TFLeVlbt0kwAAAAAAAAAAAAAAAAAAAAB\/vnSTfQEAAA=="}
00791{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1638856511476253,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":6,"packets-processed":5,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":218,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1639664897536021}
00788{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00540{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":56,"pkt_l4_len":16,"thread_ts_usec":1639664897536021,"pkt":"AAAAAAAAAAgAcgnYCABFaAAk3R5AADMR+TQyB2+GZ+Fnn0JoCEsAEMsJNwMAAEIAAAAAAAAAAAA="}
01001{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1638856441836839,"flow_src_last_pkt_time":1638856511476253,"flow_dst_last_pkt_time":1638856441836839,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":39,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":47,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":218,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1639664897536021,"l3_proto":"ip4","src_ip":"24.1.33.66","dst_ip":"62.56.122.232","src_port":29255,"dst_port":3386,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00849{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":7,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":226,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":15,"global_ts_usec":1640630605457589}
00794{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00962{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":368,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":368,"pkt_l4_len":334,"thread_ts_usec":1640630605457589,"pkt":"AAAAAAAAAAgAF2izCABFAAFiEjRAAD0RTyh3ub6tQlZicghLw9wBTnl2RgEAAAJ5AwDIAMWLvaZzN8g7AAAAAHAALV6UJ\/cTHdx+UcbekdlVsrIQyORBtJYGjhwit4VPN8cgIpZwuzYVz0TO+kH8rnowgXXPb2P\/JTt2WeT4FCyPlfScgvudUxqPf1kwZMd0KmXiXleYPXTNqftx0xJj\/Kb2FN1yrSOQIVUjnqcH8TbL6jgJymGUAAAAfj1DGkvghwUAAAAAAQAAAAABAAAAAAAAAAAAAgBvbQcAAAAAAAAASgABBwAAAAgAYXV0b0FsZ28BADEQAGF1dG9Jbml0TGltaXRSZXMBADAMAGF1dG9MaW1pdFJlcwEAMAcAYndlQWxnbwEAMQwAZG91Ymxlaml0dGVyAQAwCQBwcm9iZVN0cmEBADAGAHNka2JiciAAYWNrVGltZU91dDoyMDB8YWNrVGltZUxlbmd0aDo2MDA="}
01071{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00789{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1639664897536021,"flow_src_last_pkt_time":1639664897536021,"flow_dst_last_pkt_time":1639664897536021,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":8,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":8,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":8,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"50.7.111.134","dst_ip":"103.225.103.159","src_port":17000,"dst_port":2123,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01177{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"GTP","proto_id":"152","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network"}}
00795{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1640630605457589,"flow_src_last_pkt_time":1640630605457589,"flow_dst_last_pkt_time":1640630605457589,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":326,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":326,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":326,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1640630605457589,"l3_proto":"ip4","src_ip":"119.185.190.173","dst_ip":"66.86.98.114","src_port":2123,"dst_port":50140,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00851{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/gtp_false_positive.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":7,"packets-processed":7,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":552,"total-not-detected-flows":1,"total-guessed-flows":2,"total-detected-flows":0,"total-detection-updates":0,"total-updates":1,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":22,"global_ts_usec":1640630605457589}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 7/7
~~ skipped flows.............: 0
~~ total layer4 data length..: 552 bytes
~~ total detected protocols..: 0
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8427464 bytes
~~ total memory freed........: 8427464 bytes
~~ total allocations/frees...: 144760/144760
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 545 chars
~~ json message max len.......: 1182 chars
~~ json message avg len.......: 855 chars
Powered by cgit, Themed by Ted Yin.