aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/s7comm-plus.pcap.out
blob: e3ae01da45b1fd13a11587b5b61518d794f6a2b6 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

00616{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00837{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1412165336989258}
00780{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1412165336989258,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1412165336989258,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989258,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1412165336989265,"flow_dst_last_pkt_time":1412165336989258,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1412165336989265,"pkt":"ABwGD73lAFBWK1xlCABFAAA0OSlAAIAGDRbAqBmxwKgZg8+qAGYnLnytAAAAAIACIAAmnwAAAgQFtAEDAwgBAQQC"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1412165336989265,"flow_dst_last_pkt_time":1412165336989908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1412165336989908,"pkt":"AFBWK1xlABwGD73lCABFAAAsDXYAAB4G2tHAqBmDwKgZsQBmz6oAAwXLJy58rmASEABZ1gAAAgQFtAAA"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1412165336990189,"flow_dst_last_pkt_time":1412165336989908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1412165336990189,"pkt":"ABwGD73lAFBWK1xlCABFAAAoOSpAAIAGDSHAqBmxwKgZg8+qAGYnLnyuAAMFzFAQ+vCGogAA"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1412165336990198,"flow_dst_last_pkt_time":1412165336989908,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1412165336990198,"pkt":"ABwGD73lAFBWK1xlCABFAAAoOSpAAIAGDSHAqBmxwKgZg8+qAGYnLnyuAAMFzFAQ+vCGogAA"}
00944{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":2,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165336993088,"flow_dst_last_pkt_time":1412165336991654,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":36,"flow_src_tot_l4_payload_len":289,"flow_dst_tot_l4_payload_len":36,"midstream":0,"thread_ts_usec":1412165336993088,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
02142{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":24,"flow_dst_packets_processed":8,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165338064240,"flow_dst_last_pkt_time":1412165337104285,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":217,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":1344,"flow_dst_tot_l4_payload_len":545,"midstream":0,"thread_ts_usec":1412165338064240,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":4,"avg":38387.4,"max":995818,"stddev":175089.4,"var":30656290816.0,"ent":1.2,"data": [7,650,924,9,417,4,1746,2469,6,13767,4267,17657,4,12269,6,17776,4831,6,1514,9,7246,5693,10,28619,8,33319,4688,5,36256,995818,9]},"pktlen": {"min":40,"avg":100.3,"max":337,"stddev":73.0,"var":5323.4,"ent":4.7,"data": [52,52,46,40,40,76,76,76,257,257,46,177,47,47,162,162,71,47,47,123,123,84,47,47,133,133,337,47,47,46,133,133]},"bins": {"c_to_s": [12,2,6,2,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [4,2,0,0,1,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,1,0,0,0,0,1,0,0,1,1,0,0,0,0,1,0,0,0,0,1,0,0,0,0,1,0,0,1,0,0],"entropies": [4.554988384,4.554988384,4.522394180,4.680641174,4.680641174,5.319911003,5.319911003,5.158287048,5.535624981,5.535624981,4.075662136,5.208230019,4.635028362,4.635028362,4.666445732,4.666445732,4.204725266,4.592475414,4.592475414,4.629901409,4.629901409,4.268610001,4.549922466,4.549922466,4.866230011,4.866230011,1.580462456,4.549922466,4.549922466,4.075662613,4.866230011,4.866230011]},"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":54,"flow_dst_packets_processed":25,"flow_first_seen":1412165336989258,"flow_src_last_pkt_time":1412165344069312,"flow_dst_last_pkt_time":1412165344104127,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":341,"flow_dst_max_l4_payload_len":297,"flow_src_tot_l4_payload_len":3254,"flow_dst_tot_l4_payload_len":2655,"midstream":0,"thread_ts_usec":1412165344104127,"l3_proto":"ip4","src_ip":"192.168.25.177","dst_ip":"192.168.25.131","src_port":53162,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"S7CommPlus","proto_id":"361","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":31,"category":"IoT-Scada"}}
00846{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":79,"source":"cfgs\/default\/pcap\/s7comm-plus.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4976-59ee1fe","ndpi_api_version":11619,"size_per_flow":1408,"packets-captured":79,"packets-processed":79,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":5909,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":12,"global_ts_usec":1412165344104127}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 79/79
~~ skipped flows.............: 0
~~ total layer4 data length..: 5909 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6911976 bytes
~~ total memory freed........: 6911976 bytes
~~ total allocations/frees...: 114218/114218
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 533 chars
~~ json message max len.......: 2147 chars
~~ json message avg len.......: 1261 chars
Powered by cgit, Themed by Ted Yin.