aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/ipp.pcap.out
blob: f887d133d1d0c03f5823a448793a5660f77331eb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1210953938216729}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938217203,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217203,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217203,"pkt":"ABJ5gGlgABtjmL82CABFAAA84QBAAEAGMHwKCgoxCgoK+9gtAnfcBg8oAAAAAKACFtBTiQAAAgQFtAQCCAoAa+4oAAAAAAEDAwc="}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1210953938217203,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938217778,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U54AAEAG\/d4KCgr7CgoKMQJ32C21dp4B3AYPKaASFtAViwAAAgQFtAEDAwABAQgKAFjtJABr7ig="}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1210953938217806,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1210953938217806,"pkt":"ABJ5gGlgABtjmL82CABFAAA04QFAAEAGMIMKCgoxCgoK+9gtAnfcBg8ptXaeAoAQAC5X7gAAAQEICgBr7isAWO0k"}
00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1210953938217998,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1210953938217998,"pkt":"ABJ5gGlgABtjmL82CABFAADB4QJAAEAGL\/UKCgoxCgoK+9gtAnfcBg8ptXaeAoAYAC4p8wAAAQEICgBr7isAWO0kUE9TVCAvaXBwLyBIVFRQLzEuMQ0KQ29udGVudC1MZW5ndGg6IDI4OQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9pcHANCkhvc3Q6IDEwLjEwLjEwLjI1MQ0KVXNlci1BZ2VudDogQ1VQUy8xLjMuNA0KRXhwZWN0OiAxMDAtY29udGludWUNCg0K"}
01368{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938217998,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938217998,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251","domainame":"10.10.10.251","http": {"url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4","request_content_type":"application\/ipp"}}}
00927{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1210953938218027,"flow_dst_last_pkt_time":1210953938217778,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":355,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":355,"pkt_l4_len":321,"thread_ts_usec":1210953938218027,"pkt":"ABJ5gGlgABtjmL82CABFAAFV4QNAAEAGL2AKCgoxCgoK+9gtAnfcBg+2tXaeAoAYAC4qhwAAAQEICgBr7isAWO0kAQEACwAAAAEBRwASYXR0cmlidXRlcy1jaGFyc2V0AAV1dGYtOEgAG2F0dHJpYnV0ZXMtbmF0dXJhbC1sYW5ndWFnZQAFZW4tdXNFAAtwcmludGVyLXVyaQAbaXBwOi8vMTAuMTAuMTAuMjUxOjYzMS9pcHAvRAAUcmVxdWVzdGVkLWF0dHJpYnV0ZXMAEGNvcGllcy1zdXBwb3J0ZWREAAAAGWRvY3VtZW50LWZvcm1hdC1zdXBwb3J0ZWREAAAAGXByaW50ZXItaXMtYWNjZXB0aW5nLWpvYnNEAAAADXByaW50ZXItc3RhdGVEAAAAFXByaW50ZXItc3RhdGUtbWVzc2FnZUQAAAAVcHJpbnRlci1zdGF0ZS1yZWFzb25zAw=="}
00768{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953938235230,"flow_dst_last_pkt_time":1210953938235230,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938235230,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1210953938235230,"flow_dst_last_pkt_time":1210953938235230,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938235230,"pkt":"ABJ5gGlgABtjmL82CABFAAA8xghAAEAGS3QKCgoxCgoK+9guAnfcdyg0AAAAAKACFtA59wAAAgQFtAQCCAoAa+48AAAAAAEDAwc="}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1210953938235230,"flow_dst_last_pkt_time":1210953938235939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953938235939,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8U6wAAEAG\/dAKCgr7CgoKMQJ32C61d5gB3HcoNaASFtAB+AAAAgQFtAEDAwABAQgKAFjtJABr7jw="}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1210953938235965,"flow_dst_last_pkt_time":1210953938235939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1210953938235965,"pkt":"ABJ5gGlgABtjmL82CABFAAA0xglAAEAGS3sKCgoxCgoK+9guAnfcdyg1tXeYAoAQAC5EXQAAAQEICgBr7j0AWO0k"}
00732{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1210953938236026,"flow_dst_last_pkt_time":1210953938235939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":210,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":210,"pkt_l4_len":176,"thread_ts_usec":1210953938236026,"pkt":"ABJ5gGlgABtjmL82CABFAADExgpAAEAGSuoKCgoxCgoK+9guAnfcdyg1tXeYAoAYAC4p9gAAAQEICgBr7j0AWO0kUE9TVCAvaXBwLyBIVFRQLzEuMQ0KQ29udGVudC1MZW5ndGg6IDIyNzMwOQ0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9pcHANCkhvc3Q6IDEwLjEwLjEwLjI1MQ0KVXNlci1BZ2VudDogQ1VQUy8xLjMuNA0KRXhwZWN0OiAxMDAtY29udGludWUNCg0K"}
01369{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953938236026,"flow_dst_last_pkt_time":1210953938235939,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":144,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":144,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953938236026,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251","domainame":"10.10.10.251","http": {"url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4","request_content_type":"application\/ipp"}}}
00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1210953938236060,"flow_dst_last_pkt_time":1210953938235939,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_usec":1210953938236060,"pkt":"ABJ5gGlgABtjmL82CABFAADIxgtAAEAGSuUKCgoxCgoK+9guAnfcdyjFtXeYAoAYAC4p+gAAAQEICgBr7j0AWO0kAQEAAgAAAAEBRwASYXR0cmlidXRlcy1jaGFyc2V0AAV1dGYtOEgAG2F0dHJpYnV0ZXMtbmF0dXJhbC1sYW5ndWFnZQAFZW4tdXNFAAtwcmludGVyLXVyaQAbaXBwOi8vMTAuMTAuMTAuMjUxOjYzMS9pcHAvQgAUcmVxdWVzdGluZy11c2VyLW5hbWUABWd1ZXN0Aw=="}
02425{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":52,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953938290667,"flow_dst_last_pkt_time":1210953938297849,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":25,"flow_src_tot_l4_payload_len":26572,"flow_dst_tot_l4_payload_len":25,"midstream":0,"thread_ts_usec":1210953938297849,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":3808.3,"max":9119,"stddev":3527.0,"var":12440042.0,"ent":4.2,"data": [709,735,61,34,3567,1615,5071,72,15,5799,5726,12,3653,3625,5,7253,7252,7,8848,8850,9,9119,9104,8,7245,7239,6,7601,7598,8,7210]},"pktlen": {"min":52,"avg":883.7,"max":2948,"stddev":882.8,"var":779357.9,"ent":4.2,"data": [60,60,52,196,200,52,77,52,2948,1500,52,2948,1572,52,1428,1596,52,1404,1620,52,1380,1644,52,1356,1668,52,1332,1692,52,1308,1716,52]},"bins": {"c_to_s": [3,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,2,1,1,1,0,1,0,9],"s_to_c": [11,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,0,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1,0,0,1],"entropies": [4.357651234,4.697803974,4.615702629,5.523350239,5.368941784,4.692625999,5.211149216,4.615702629,4.113531590,3.955130577,4.654164314,3.740996838,3.516076803,4.731087208,3.522020817,3.493224859,4.647461891,4.069941521,4.504707813,4.692625523,4.258998871,4.157813072,4.731087208,4.248043537,4.662984848,4.692625999,4.682926178,4.280339241,4.692625523,4.155966759,4.117242336,4.601185799]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}}
00769{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1210953939430652,"flow_src_last_pkt_time":1210953939430652,"flow_dst_last_pkt_time":1210953939430652,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953939430652,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":252,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1210953939430652,"flow_dst_last_pkt_time":1210953939430652,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953939430652,"pkt":"ABJ5gGlgABtjmL82CABFAAA8ASxAAEAGEFEKCgoxCgoK+9gvAnfdKfPLAAAAAKACFtBpAQAAAgQFtAQCCAoAa\/LnAAAAAAEDAwc="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":254,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1210953939430652,"flow_dst_last_pkt_time":1210953939431407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1210953939431407,"pkt":"ABtjmL82ABJ5gGlgCABFAAA8VFQAAEAG\/SgKCgr7CgoKMQJ32C+1fm4B3SnzzKASFtBa+AAAAgQFtAEDAwABAQgKAFjtJwBr8uc="}
00538{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":255,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1210953939431417,"flow_dst_last_pkt_time":1210953939431407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1210953939431417,"pkt":"ABJ5gGlgABtjmL82CABFAAA0AS1AAEAGEFgKCgoxCgoK+9gvAnfdKfPMtX5uAoAQAC6dXQAAAQEICgBr8ugAWO0n"}
00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1210953939431493,"flow_dst_last_pkt_time":1210953939431407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":207,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":207,"pkt_l4_len":173,"thread_ts_usec":1210953939431493,"pkt":"ABJ5gGlgABtjmL82CABFAADBAS5AAEAGD8oKCgoxCgoK+9gvAnfdKfPMtX5uAoAYAC4p8wAAAQEICgBr8ugAWO0nUE9TVCAvaXBwLyBIVFRQLzEuMQ0KQ29udGVudC1MZW5ndGg6IDIyOA0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9pcHANCkhvc3Q6IDEwLjEwLjEwLjI1MQ0KVXNlci1BZ2VudDogQ1VQUy8xLjMuNA0KRXhwZWN0OiAxMDAtY29udGludWUNCg0K"}
01370{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":256,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1210953939430652,"flow_src_last_pkt_time":1210953939431493,"flow_dst_last_pkt_time":1210953939431407,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":141,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":141,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1210953939431493,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251","domainame":"10.10.10.251","http": {"url":"10.10.10.251\/ipp\/","code":0,"content_type":"","user_agent":"CUPS\/1.3.4","request_content_type":"application\/ipp"}}}
00845{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":257,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1210953939431513,"flow_dst_last_pkt_time":1210953939431407,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":294,"pkt_l4_len":260,"thread_ts_usec":1210953939431513,"pkt":"ABJ5gGlgABtjmL82CABFAAEYAS9AAEAGD3IKCgoxCgoK+9gvAnfdKfRZtX5uAoAYAC4qSgAAAQEICgBr8ugAWO0nAQEACQAAAAEBRwASYXR0cmlidXRlcy1jaGFyc2V0AAV1dGYtOEgAG2F0dHJpYnV0ZXMtbmF0dXJhbC1sYW5ndWFnZQAFZW4tdXNFAAtwcmludGVyLXVyaQAbaXBwOi8vMTAuMTAuMTAuMjUxOjYzMS9pcHAvIQAGam9iLWlkAAQAAAAQQgAUcmVxdWVzdGluZy11c2VyLW5hbWUABWd1ZXN0RAAUcmVxdWVzdGVkLWF0dHJpYnV0ZXMAGmpvYi1tZWRpYS1zaGVldHMtY29tcGxldGVkRAAAAAlqb2Itc3RhdGUD"}
01252{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":10,"flow_dst_packets_processed":8,"flow_first_seen":1210953938217203,"flow_src_last_pkt_time":1210953938237615,"flow_dst_last_pkt_time":1210953938237601,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":289,"flow_dst_max_l4_payload_len":327,"flow_src_tot_l4_payload_len":430,"flow_dst_tot_l4_payload_len":501,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55341,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}}
01258{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":150,"flow_dst_packets_processed":84,"flow_first_seen":1210953938235230,"flow_src_last_pkt_time":1210953939433071,"flow_dst_last_pkt_time":1210953939433061,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":2896,"flow_dst_max_l4_payload_len":201,"flow_src_tot_l4_payload_len":227621,"flow_dst_tot_l4_payload_len":370,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55342,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}}
01253{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_src_packets_processed":14,"flow_dst_packets_processed":11,"flow_first_seen":1210953939430652,"flow_src_last_pkt_time":1210953939492942,"flow_dst_last_pkt_time":1210953939492928,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":228,"flow_dst_max_l4_payload_len":267,"flow_src_tot_l4_payload_len":730,"flow_dst_tot_l4_payload_len":572,"midstream":0,"thread_ts_usec":1210953939492942,"l3_proto":"ip4","src_ip":"10.10.10.49","dst_ip":"10.10.10.251","src_port":55343,"dst_port":631,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"12": {"risk":"HTTP\/TLS\/QUIC Numeric Hostname\/SNI","severity":"Low","risk_score": {"total":300,"client":270,"server":30}}},"confidence": {"6":"DPI"},"proto":"HTTP.IPP","proto_id":"7.6","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":18,"category":"System","hostname":"10.10.10.251"}}
00843{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":279,"source":"cfgs\/default\/pcap\/ipp.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":279,"packets-processed":277,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":230224,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":3,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1210953939492942}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 279/277
~~ skipped flows.............: 0
~~ total layer4 data length..: 230224 bytes
~~ total detected protocols..: 3
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8435640 bytes
~~ total memory freed........: 8435640 bytes
~~ total allocations/frees...: 145050/145050
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 541 chars
~~ json message max len.......: 2430 chars
~~ json message avg len.......: 1484 chars
Powered by cgit, Themed by Ted Yin.