summaryrefslogtreecommitdiff
path: root/test/results/default/monero.pcap.out
blob: 3b9b7d8fe7c5fe735703f3881913bdd8a6d2b8d4 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

00562{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00625{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1514196188350524}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196188350524,"flow_dst_last_pkt_time":1514196188350524,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196188350524,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1514196188350524,"flow_dst_last_pkt_time":1514196188350524,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196188350524,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8e7pAAEAG1e7AqAKUXhfHv7b2DQVL2\/baAAAAAKACchDZewAAAgQFtAQCCAocofANAAAAAAEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1514196188350524,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196188430828,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA8AABAADEGX8leF8e\/wKgClA0FtvbB2Ar1S9v226AScSCYUwAAAgQFtAQCCArnhI20HKHwDQEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1514196188430849,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196188430849,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA0e7tAAEAG1fXAqAKUXhfHv7b2DQVL2\/bbwdgK9oAQAOU3CgAAAQEIChyh8F7nhI20"}
00676{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1514196188430950,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":164,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":164,"pkt_l4_len":130,"thread_ts_usec":1514196188430950,"pkt":"fmgbW\/gUcIXCQ0+iCABFAACWe7xAAEAG1ZLAqAKUXhfHv7b2DQVL2\/bbwdgK9oAYAOVlowAAAQEIChyh8F7nhI20eyJpZCI6MSwibWV0aG9kIjoibWluaW5nLnN1YnNjcmliZSIsInBhcmFtcyI6WyJFV0JGIDAuMy40YiIsbnVsbCwiZXUxLXpjYXNoLmZseXBvb2wub3JnIiwiMzMzMyJdfQo="}
01041{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196188430950,"flow_dst_last_pkt_time":1514196188430828,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196188430950,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1514196188430950,"flow_dst_last_pkt_time":1514196188514006,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196188514006,"pkt":"cIXCQ0+ifmgbW\/gUCABF4AA0hz5AADEG2JJeF8e\/wKgClA0FtvbB2Ar2S9v3PYAQAOM2lgAAAQEICueEjcgcofBe"}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196437568,"flow_dst_last_pkt_time":1514196196437568,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196437568,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1514196196437568,"flow_dst_last_pkt_time":1514196196437568,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1514196196437568,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAA8ltZAAEAGxBLAqAKUdNOnw9JWDQXzKAOTAAAAAKACchCvSQAAAgQFtAQCCAqVhds1AAAAAAEDAwc="}
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1514196196437568,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1514196196745688,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAA0AABAACEGefF006fDwKgClA0F0lYVgl9O8ygDlIASchDSRAAAAgQFpAEBBAIBAwMH"}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1514196196745729,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1514196196745729,"pkt":"fmgbW\/gUcIXCQ0+iCABFAAAoltdAAEAGxCXAqAKUdNOnw9JWDQXzKAOUFYJfT1AQAOWEMgAA"}
00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":152,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":152,"pkt_l4_len":118,"thread_ts_usec":1514196196745906,"pkt":"fmgbW\/gUcIXCQ0+iCABFAACKlthAAEAGw8LAqAKUdNOnw9JWDQXzKAOUFYJfT1AYAOW00gAAeyJpZCI6MSwibWV0aG9kIjoibWluaW5nLnN1YnNjcmliZSIsInBhcmFtcyI6WyJFV0JGIDAuMy40YiIsbnVsbCwiY24xLXpjYXNoLmZseXBvb2wub3JnIiwiMzMzMyJdfQo="}
01044{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196196745688,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":98,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":98,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1514196196745906,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1514196196745906,"flow_dst_last_pkt_time":1514196197053838,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1514196197053838,"pkt":"cIXCQ0+ifmgbW\/gUCABFAAAoOQVAACEGQPh006fDwKgClA0F0lYVgl9P8ygD9lAQAOWD0AAAAAAAAAAA"}
02325{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":47,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514196304559034,"flow_dst_last_pkt_time":1514196304640605,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":8887,"flow_dst_tot_l4_payload_len":914,"midstream":0,"thread_ts_usec":1514196304640605,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":13,"avg":7499954.5,"max":71693099,"stddev":18613570.0,"var":346464978993152.0,"ent":2.4,"data": [80304,80325,101,83178,13,83088,126,80997,13,80884,278,117985,882322,1042483,71569648,189,71693099,19,725,81617,32242169,176,32323370,1466,82454,7432953,7432942,3511834,196,3592651,986]},"pktlen": {"min":52,"avg":358.8,"max":1500,"stddev":549.1,"var":301531.9,"ent":3.7,"data": [60,60,52,150,52,114,52,147,90,171,52,112,52,362,52,1500,1482,52,52,77,52,1500,1482,52,77,52,362,52,1500,1482,52,77]},"bins": {"c_to_s": [8,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,3,0,0],"s_to_c": [10,2,0,1,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,0,0,1,1,1,0,0,0,1,1,0,1,0,0,0,1,1],"entropies": [4.738464355,5.302482605,5.065449715,5.825911522,5.284871101,5.736679077,5.286791801,6.057295799,5.694644451,5.918534279,5.132945061,5.778033257,5.323332787,4.963134289,5.171406746,4.527909756,4.270138264,5.323332787,5.262846947,5.685556889,5.209868431,4.535019398,4.275704384,5.378232002,5.701727867,5.248330116,4.888409138,5.209868431,4.529169559,4.269546032,5.378231525,5.685557365]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
02377{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":159,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514196705571136,"flow_dst_last_pkt_time":1514196705879789,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":2699,"midstream":0,"thread_ts_usec":1514196705879789,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":11,"avg":32857284.0,"max":170525395,"stddev":51784400.0,"var":2681624034541568.0,"ent":3.4,"data": [308120,308161,177,308150,13,308019,704,308743,11,308008,83,346736,653907,1043085,114411206,114368750,308565,308538,36863210,36863172,20419867,20419875,170525387,170525395,113243496,113243486,35871285,35871309,15564630,176,15873525]},"pktlen": {"min":40,"avg":223.6,"max":1484,"stddev":347.6,"var":120860.4,"ent":3.9,"data": [60,52,40,138,46,102,40,133,78,159,40,100,46,350,40,350,40,350,40,350,40,350,40,350,40,350,40,350,40,1484,1472,46]},"bins": {"c_to_s": [12,1,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0],"s_to_c": [4,2,0,1,0,0,0,0,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,1,1,0,0,1,1,0,0,1,1,0,1,0,1,0,1,0,1,0,1,0,1,0,1,0,0,0,1],"entropies": [4.792549610,4.894361019,4.784183979,5.672497272,4.457919598,5.436998844,4.834184170,5.898036003,5.357152462,5.674209595,4.784183979,5.535918236,4.457919598,4.810117245,4.834183693,4.788737297,4.784183979,4.732345104,4.834184170,4.767374516,4.831687450,4.791436195,4.931686878,4.784672737,4.931686878,4.672215462,4.881687164,4.744033337,4.812814713,4.485110283,4.206100941,4.457919598]},"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
00636{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":199,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":199,"packets-processed":198,"total-skipped-flows":0,"total-l4-payload-len":82647,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":2,"total-active-flows":2,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":19,"global_ts_usec":1514196819733875}
01095{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":23,"flow_first_seen":1514196196437568,"flow_src_last_pkt_time":1514197261597871,"flow_dst_last_pkt_time":1514197261597824,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1444,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":3127,"flow_dst_tot_l4_payload_len":4584,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"116.211.167.195","src_port":53846,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
01097{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":159,"flow_dst_packets_processed":113,"flow_first_seen":1514196188350524,"flow_src_last_pkt_time":1514197279769698,"flow_dst_last_pkt_time":1514197279769664,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1448,"flow_dst_max_l4_payload_len":310,"flow_src_tot_l4_payload_len":132641,"flow_dst_tot_l4_payload_len":5738,"midstream":0,"thread_ts_usec":1514197279769698,"l3_proto":"ip4","src_ip":"192.168.2.148","dst_ip":"94.23.199.191","src_port":46838,"dst_port":3333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":450,"client":345,"server":105}}},"confidence": {"6":"DPI"},"proto":"Mining","proto_id":"42","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unsafe","category_id":99,"category":"Mining"}}
00639{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":319,"source":"cfgs\/default\/pcap\/monero.pcap","alias":"nDPId-test","version":"1.5.0","ndpi_version":"4.9.0-4361-0db12b13","packets-captured":319,"packets-processed":319,"total-skipped-flows":0,"total-l4-payload-len":146090,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":22,"global_ts_usec":1514197279769698}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 319/319
~~ skipped flows.............: 0
~~ total layer4 data length..: 146090 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 11490851 bytes
~~ total memory freed........: 11490851 bytes
~~ total allocations/frees...: 216957/216957
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 530 chars
~~ json string max len.......: 2382 chars
~~ json string avg len.......: 1445 chars
Powered by cgit, Themed by Ted Yin.