aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/shell.pcap.out
blob: 5f54de62592a3f081f5927fb5066fe5a6d8489e1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

00561{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00785{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1712518786333703}
00766{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518786333703,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333703,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333703,"pkt":"AAAAAAAAAAAAAAAACABFAAA8UINAAEAG7DZ\/AAABfwAAAboWgjVOSff2AAAAAKAC\/9f+MAAAAgT\/1wQCCAqKFvhnAAAAAAEDAwc="}
00553{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1712518786333703,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518786333714,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAYI1uhZ8EbgHTkn396AS\/8v+MAAAAgT\/1wQCCAqKFvhnihb4ZwEDAwc="}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1712518786333724,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518786333724,"pkt":"AAAAAAAAAAAAAAAACABFAAA0UIRAAEAG7D1\/AAABfwAAAboWgjVOSff3fBG4CIAQAgD+KAAAAQEICooW+GeKFvhn"}
01796{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1712518786333757,"flow_dst_last_pkt_time":1712518786333714,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1003,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1003,"pkt_l4_len":969,"thread_ts_usec":1712518786333757,"pkt":"AAAAAAAAAAAAAAAACABFAAPdUIVAAEAG6JN\/AAABfwAAAboWgjVOSff3fBG4CIAYAgAB0gAAAQEICooW+GeKFvhnIyEvYmluL3NoCgojIEFjdGlvbiBzY3JpcHQgdG8gZW5hYmxlL2Rpc2FibGUgd3BhLXJvYW0gaW50ZXJmYWNlcyBpbiByZWFjdGlvbiB0bwojIGlmcGx1Z2QgZXZlbnRzLgojCiMgQ29weXJpZ2h0OiBDb3B5cmlnaHQgKGMpIDIwMDgtMjAxMCwgS2VsIE1vZGRlcm1hbiA8a2VsQG90YWt1NDIuZGU+CiMgTGljZW5zZTogICBHUEwtMgojCgpQQVRIPS9zYmluOi91c3Ivc2JpbjovYmluOi91c3IvYmluCgppZiBbICEgLXggL3NiaW4vd3BhX2FjdGlvbiBdOyB0aGVuCglleGl0IDAKZmkKCiMgaWZwbHVnZCg4KSAtIDxpZmFjZT4gPGFjdGlvbj4KIwojIElmIGFuIGlmcGx1Z2QgbWFuYWdlZCBpbnRlcmZhY2UgaXMgYnJvdWdodCB1cCwgZGlzY29ubmVjdCBhbnkKIyB3cGEtcm9hbSBtYW5hZ2VkIGludGVyZmFjZXMgc28gdGhhdCBvbmx5IG9uZSAicm9hbWluZyIgaW50ZXJmYWNlCiMgcmVtYWlucyBhY3RpdmUgb24gdGhlIHN5c3RlbS4KCklGUExVR0RfSUZBQ0U9IiR7MX0iCgpjYXNlICIkezJ9IiBpbgoJdXApCgkJQ09NTUFORD1kaXNjb25uZWN0CgkJOzsKCWRvd24pCgkJQ09NTUFORD1yZWNvbm5lY3QKCQk7OwoJKikKCQllY2hvICIkMDogdW5rbm93biBhcmd1bWVudHM6ICR7QH0iID4mMgoJCWV4aXQgMQoJCTs7CmVzYWMKCmZvciBDVFJMIGluIC9ydW4vd3BhX3N1cHBsaWNhbnQvKjsgZG8KCVsgLVMgIiR7Q1RSTH0iIF0gfHwgY29udGludWUKCglJRkFDRT0iJHtDVFJMIy9ydW4vd3BhX3N1cHBsaWNhbnQvfSIKCgkjIHNraXAgaWYgaWZwbHVnZCBpcyBtYW5hZ2luZyB0aGlzIGludGVyZmFjZQoJaWYgWyAiJHtJRlBMVUdEX0lGQUNFfSIgPSAiJHtJRkFDRX0iIF07IHRoZW4KCQljb250aW51ZQoJZmkKCglpZiB3cGFfYWN0aW9uICIke0lGQUNFfSIgY2hlY2s7IHRoZW4KCQl3cGFfY2xpIC1pICIke0lGQUNFfSIgIiR7Q09NTUFORH0iCglmaQpkb25lCg=="}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1712518786333757,"flow_dst_last_pkt_time":1712518786333762,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518786333762,"pkt":"AAAAAAAAAAAAAAAACABFAAA0NfpAAEAGBsh\/AAABfwAAAYI1uhZ8EbgITkn7oIAQAfn+KAAAAQEICooW+GeKFvhn"}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518814195876,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":937,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518814195876,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54112,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01761{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":979,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":979,"pkt_l4_len":945,"thread_ts_usec":1712518814195876,"pkt":"AAAAAAAAAAAAAAAACABFAAPFsY9AAEARh5Z\/AAABfwAAAdNggjUDsQHFIyEvYmluL3NoCgojIEFjdGlvbiBzY3JpcHQgdG8gZW5hYmxlL2Rpc2FibGUgd3BhLXJvYW0gaW50ZXJmYWNlcyBpbiByZWFjdGlvbiB0bwojIGlmcGx1Z2QgZXZlbnRzLgojCiMgQ29weXJpZ2h0OiBDb3B5cmlnaHQgKGMpIDIwMDgtMjAxMCwgS2VsIE1vZGRlcm1hbiA8a2VsQG90YWt1NDIuZGU+CiMgTGljZW5zZTogICBHUEwtMgojCgpQQVRIPS9zYmluOi91c3Ivc2JpbjovYmluOi91c3IvYmluCgppZiBbICEgLXggL3NiaW4vd3BhX2FjdGlvbiBdOyB0aGVuCglleGl0IDAKZmkKCiMgaWZwbHVnZCg4KSAtIDxpZmFjZT4gPGFjdGlvbj4KIwojIElmIGFuIGlmcGx1Z2QgbWFuYWdlZCBpbnRlcmZhY2UgaXMgYnJvdWdodCB1cCwgZGlzY29ubmVjdCBhbnkKIyB3cGEtcm9hbSBtYW5hZ2VkIGludGVyZmFjZXMgc28gdGhhdCBvbmx5IG9uZSAicm9hbWluZyIgaW50ZXJmYWNlCiMgcmVtYWlucyBhY3RpdmUgb24gdGhlIHN5c3RlbS4KCklGUExVR0RfSUZBQ0U9IiR7MX0iCgpjYXNlICIkezJ9IiBpbgoJdXApCgkJQ09NTUFORD1kaXNjb25uZWN0CgkJOzsKCWRvd24pCgkJQ09NTUFORD1yZWNvbm5lY3QKCQk7OwoJKikKCQllY2hvICIkMDogdW5rbm93biBhcmd1bWVudHM6ICR7QH0iID4mMgoJCWV4aXQgMQoJCTs7CmVzYWMKCmZvciBDVFJMIGluIC9ydW4vd3BhX3N1cHBsaWNhbnQvKjsgZG8KCVsgLVMgIiR7Q1RSTH0iIF0gfHwgY29udGludWUKCglJRkFDRT0iJHtDVFJMIy9ydW4vd3BhX3N1cHBsaWNhbnQvfSIKCgkjIHNraXAgaWYgaWZwbHVnZCBpcyBtYW5hZ2luZyB0aGlzIGludGVyZmFjZQoJaWYgWyAiJHtJRlBMVUdEX0lGQUNFfSIgPSAiJHtJRkFDRX0iIF07IHRoZW4KCQljb250aW51ZQoJZmkKCglpZiB3cGFfYWN0aW9uICIke0lGQUNFfSIgY2hlY2s7IHRoZW4KCQl3cGFfY2xpIC1pICIke0lGQUNFfSIgIiR7Q09NTUFORH0iCglmaQpkb25lCg=="}
00775{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518835354289,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
07433{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":5230,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":5230,"pkt_l4_len":5196,"thread_ts_usec":1712518835354289,"pkt":"AAAAAAAAAAAAAAAACABFABRgsj9AAEARdkt\/AAABfwAAAeSqgjUUTBJgIyEgL2Jpbi9zaAojCiMgQ29weXJpZ2h0IChDKSAyMDAzLCAyMDA1LTIwMDcsIDIwMTEsIDIwMTgtMjAyMCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KIwojIFRoaXMgcHJvZ3JhbSBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgY2FuIHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IgbW9kaWZ5CiMgaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5CiMgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbjsgZWl0aGVyIHZlcnNpb24gMi4xIG9mIHRoZSBMaWNlbnNlLCBvcgojIChhdCB5b3VyIG9wdGlvbikgYW55IGxhdGVyIHZlcnNpb24uCiMKIyBUaGlzIHByb2dyYW0gaXMgZGlzdHJpYnV0ZWQgaW4gdGhlIGhvcGUgdGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKIyBidXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1wbGllZCB3YXJyYW50eSBvZgojIE1FUkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRS4gIFNlZSB0aGUKIyBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgZm9yIG1vcmUgZGV0YWlscy4KIwojIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBhIGNvcHkgb2YgdGhlIEdOVSBMZXNzZXIgR2VuZXJhbCBQdWJsaWMgTGljZW5zZQojIGFsb25nIHdpdGggdGhpcyBwcm9ncmFtLiAgSWYgbm90LCBzZWUgPGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4KIwoKIyBGaW5kIGEgd2F5IHRvIGVjaG8gc3RyaW5ncyB3aXRob3V0IGludGVycHJldGluZyBiYWNrc2xhc2guCmlmIHRlc3QgIlhgKGVjaG8gJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgZWNobz0nZWNobycKZWxzZQogIGlmIHRlc3QgIlhgKHByaW50ZiAnJXNcbicgJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgICBlY2hvPSdwcmludGYgJXNcbicKICBlbHNlCiAgICBlY2hvX2Z1bmMgKCkgewogICAgICBjYXQgPDxFT1QKJCoKRU9UCiAgICB9CiAgICBlY2hvPSdlY2hvX2Z1bmMnCiAgZmkKZmkKCiMgVGhpcyBzY3JpcHQgaXMgcHJpbWFyaWx5IGEgc2hlbGwgZnVuY3Rpb24gbGlicmFyeS4gSW4gb3JkZXIgZm9yCiMgIi4gZ2V0dGV4dC5zaCIgdG8gZmluZCBpdCwgd2UgaW5zdGFsbCBpdCBpbiAkUFJFRklYL2JpbiAodGhhdCBpcyB1c3VhbGx5CiMgY29udGFpbmVkIGluICRQQVRIKSwgcmF0aGVyIHRoYW4gaW4gc29tZSBvdGhlciBsb2NhdGlvbiBzdWNoIGFzCiMgJFBSRUZJWC9zaGFyZS9zaC1zY3JpcHRzIG9yICRQUkVGSVgvc2hhcmUvZ2V0dGV4dC4gSW4gb3JkZXIgdG8gbm90IHZpb2xhdGUKIyB0aGUgRmlsZXN5c3RlbSBIaWVyYXJjaHkgU3RhbmRhcmQgd2hlbiBkb2luZyBzbywgdGhpcyBzY3JpcHQgaXMgZXhlY3V0YWJsZS4KIyBUaGVyZWZvcmUgaXQgbmVlZHMgdG8gc3VwcG9ydCB0aGUgc3RhbmRhcmQgLS1oZWxwIGFuZCAtLXZlcnNpb24uCmlmIHRlc3QgLXogIiR7WlNIX1ZFUlNJT04rc2V0fSI7IHRoZW4KICAjIHpzaCBpcyBub3QgUE9TSVggY29tcGxpYW50OiBCeSBkZWZhdWx0LCB3aGlsZSAiLiBnZXR0ZXh0LnNoIiBpcyBleGVjdXRlZCwKICAjIGl0IHNldHMgJDAgdG8gImdldHRleHQuc2giLCBkZWZlYXRpbmcgdGhlIHB1cnBvc2Ugb2YgdGhpcyB0ZXN0LiBCdXQKICAjIGZvcnR1bmF0ZWx5IHdlIGtub3cgdGhhdCB3aGVuIHJ1bm5pbmcgdW5kZXIgenNoLCB0aGlzIHNjcmlwdCBpcyBhbHdheXMKICAjIGJlaW5nIHNvdXJjZWQsIG5vdCBleGVjdXRlZCwgYmVjYXVzZSBoYXJkbHkgYW55b25lIGlzIGNyYXp5IGVub3VnaCB0bwogICMgaW5zdGFsbCB6c2ggYXMgL2Jpbi9zaC4KICBjYXNlICIkMCIgaW4KICAgIGdldHRleHQuc2ggfCAqL2dldHRleHQuc2ggfCAqXFxnZXR0ZXh0LnNoKQogICAgICBwcm9nbmFtZT0kMAogICAgICBwYWNrYWdlPWdldHRleHQtcnVudGltZQogICAgICB2ZXJzaW9uPTAuMjEKICAgICAgIyBmdW5jX3VzYWdlCiAgICAgICMgb3V0cHV0cyB0byBzdGRvdXQgdGhlIC0taGVscCB1c2FnZSBtZXNzYWdlLgogICAgICBmdW5jX3VzYWdlICgpCiAgICAgIHsKICAgICAgICBlY2hvICJHTlUgZ2V0dGV4dCBzaGVsbCBzY3JpcHQgZnVuY3Rpb24gbGlicmFyeSB2ZXJzaW9uICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIlVzYWdlOiAuIGdldHRleHQuc2giCiAgICAgIH0KICAgICAgIyBmdW5jX3ZlcnNpb24KICAgICAgIyBvdXRwdXRzIHRvIHN0ZG91dCB0aGUgLS12ZXJzaW9uIG1lc3NhZ2UuCiAgICAgIGZ1bmNfdmVyc2lvbiAoKQogICAgICB7CiAgICAgICAgZWNobyAiJHByb2duYW1lIChHTlUgJHBhY2thZ2UpICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIkNvcHlyaWdodCAoQykgMjAwMy0yMDIwIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgpMaWNlbnNlIEdQTHYyKzogR05VIEdQTCB2ZXJzaW9uIDIgb3IgbGF0ZXIgPGh0dHBzOi8vZ251Lm9yZy9saWNlbnNlcy9ncGwuaHRtbD4KVGhpcyBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgYXJlIGZyZWUgdG8gY2hhbmdlIGFuZCByZWRpc3RyaWJ1dGUgaXQuClRoZXJlIGlzIE5PIFdBUlJBTlRZLCB0byB0aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcuIgogICAgICAgIGVjaG8gIldyaXR0ZW4gYnkiICJCcnVubyBIYWlibGUiCiAgICAgIH0KICAgICAgaWYgdGVzdCAkIyA9IDE7IHRoZW4KICAgICAgICBjYXNlICIkMSIgaW4KICAgICAgICAgIC0taGVscCB8IC0taGVsIHwgLS1oZSB8IC0taCApCiAgICAgICAgICAgIGZ1bmNfdXNhZ2U7IGV4aXQgMCA7OwogICAgICAgICAgLS12ZXJzaW9uIHwgLS12ZXJzaW8gfCAtLXZlcnNpIHwgLS12ZXJzIHwgLS12ZXIgfCAtLXZlIHwgLS12ICkKICAgICAgICAgICAgZnVuY192ZXJzaW9uOyBleGl0IDAgOzsKICAgICAgICBlc2FjCiAgICAgIGZpCiAgICAgIGZ1bmNfdXNhZ2UgMT4mMgogICAgICBleGl0IDEKICAgICAgOzsKICBlc2FjCmZpCgojIGV2YWxfZ2V0dGV4dCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBhbmQgc3Vic3RpdHV0ZXMgc2hlbGwgdmFyaWFibGVzIGluIHRoZQojIHJlc3VsdC4KZXZhbF9nZXR0ZXh0ICgpIHsKICBnZXR0ZXh0ICIkMSIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSJgOyBlbnZzdWJzdCAiJDEiKQp9CgojIGV2YWxfbmdldHRleHQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBhbmQgc3Vic3RpdHV0ZXMKIyBzaGVsbCB2YXJpYWJsZXMgaW4gdGhlIHJlc3VsdC4KZXZhbF9uZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgIiQxIiAiJDIiICIkMyIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSAkMiJgOyBlbnZzdWJzdCAiJDEgJDIiKQp9CgojIGV2YWxfcGdldHRleHQgTVNHQ1RYVCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBpbiB0aGUgY29udGV4dCBNU0dDVFhUIGFuZCBzdWJzdGl0dXRlcwojIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX3BnZXR0ZXh0ICgpIHsKICBnZXR0ZXh0IC0tY29udGV4dD0iJDEiICIkMiIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiJgOyBlbnZzdWJzdCAiJDIiKQp9CgojIGV2YWxfbnBnZXR0ZXh0IE1TR0NUWFQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBpbiB0aGUgY29udGV4dAojIE1TR0NUWFQgYW5kIHN1YnN0aXR1dGVzIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX25wZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgLS1jb250ZXh0PSIkMSIgIiQyIiAiJDMiICIkNCIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiAkMyJgOyBlbnZzdWJzdCAiJDIgJDMiKQp9CgojIE5vdGU6IFRoaXMgdXNlIG9mIGVudnN1YnN0IGlzIG11Y2ggc2FmZXIgdGhhbiB1c2luZyB0aGUgc2hlbGwgYnVpbHQtaW4gJ2V2YWwnCiMgd291bGQgYmUuCiMgMSkgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBDaGluZXNlIHRyYW5zbGF0aW9ucyB0aGF0IGhhcHBlbiB0byB1c2UgYQojICAgIGNoYXJhY3RlciBzdWNoIGFzIFx4ZTBceDYwIGlzIGF2b2lkZWQuCiMgMikgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBtYWxldm9sZW50IHRyYW5zbGF0b3JzIHdobyBwdXQgaW4gY29tbWFuZCBsaXN0cwojICAgIGxpa2UgIiQoLi4uKSIgb3IgImAuLi5gIiBpcyBhdm9pZGVkLgojIDMpIFRoZSB0cmFuc2xhdGlvbnMgY2FuIG9ubHkgcmVmZXIgdG8gc2hlbGwgdmFyaWFibGVzIHRoYXQgYXJlIGFscmVhZHkKIyAgICBtZW50aW9uZWQgaW4gTVNHSUQgb3IgTVNHSUQtUExVUkFMLgojCiMgTm90ZTogImV4cG9ydCBQQVRIIiBhYm92ZSBpcyBhIGR1bW15OyB0aGlzIGlzIGZvciB0aGUgY2FzZSB3aGVuCiMgYGVudnN1YnN0IC0tdmFyaWFibGVzIC4uLmAgcmV0dXJucyBub3RoaW5nLgojCiMgTm90ZTogSW4gZXZhbF9uZ2V0dGV4dCBhYm92ZSwgIiQxICQyIiBtZWFucyBhIHN0cmluZyB3aG9zZSB2YXJpYWJsZXMgc2V0IGlzCiMgdGhlIHVuaW9uIG9mIHRoZSB2YXJpYWJsZXMgc2V0IG9mICIkMSIgYW5kICIkMiIuCiMKIyBOb3RlOiBUaGUgbWluaW1hbCB1c2Ugb2YgYmFja3F1b3RlIGFib3ZlIGVuc3VyZXMgdGhhdCB0cmFpbGluZyBuZXdsaW5lcyBhcmUKIyBub3QgZHJvcHBlZCwgbm90IGZyb20gdGhlIGdldHRleHQgaW52b2NhdGlvbiBhbmQgbm90IGZyb20gdGhlIHZhbHVlIG9mIGFueQojIHNoZWxsIHZhcmlhYmxlLgojCiMgTm90ZTogRmllbGQgc3BsaXR0aW5nIG9uIHRoZSBgZW52c3Vic3QgLS12YXJpYWJsZXMgLi4uYCByZXN1bHQgaXMgZGVzaXJlZCwKIyBzaW5jZSBlbnZzdWJzdCBvdXRwdXRzIHRoZSB2YXJpYWJsZXMsIHNlcGFyYXRlZCBieSBuZXdsaW5lcy4gUGF0aG5hbWUKIyB3aWxkY2FyZCBleHBhbnNpb24gb3IgdGlsZGUgZXhwYW5zaW9uIGhhcyBubyBlZmZlY3QgaGVyZSwgc2luY2UgdGhlIHdvcmRzCiMgb3V0cHV0IGJ5ICJlbnZzdWJzdCAtLXZhcmlhYmxlcyAuLi4iIGNvbnNpc3Qgc29sZWx5IG9mIGFscGhhbnVtZXJpYwojIGNoYXJhY3RlcnMgYW5kIHVuZGVyc2NvcmUuCg=="}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518852431973,"flow_dst_last_pkt_time":1712518852431973,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518852431973,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00555{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_src_last_pkt_time":1712518852431973,"flow_dst_last_pkt_time":1712518852431973,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518852431973,"pkt":"AAAAAAAAAAAAAAAACABFAAA85V5AAEAGV1t\/AAABfwAAAda6gjU3oi0zAAAAAKAC\/9f+MAAAAgT\/1wQCCAqKF\/qZAAAAAAEDAwc="}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_src_last_pkt_time":1712518852431973,"flow_dst_last_pkt_time":1712518852431989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1712518852431989,"pkt":"AAAAAAAAAAAAAAAACABFAAA8AABAAEAGPLp\/AAABfwAAAYI11rrf\/TBpN6ItNKAS\/8v+MAAAAgT\/1wQCCAqKF\/qZihf6mQEDAwc="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_src_last_pkt_time":1712518852431999,"flow_dst_last_pkt_time":1712518852431989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518852431999,"pkt":"AAAAAAAAAAAAAAAACABFAAA05V9AAEAGV2J\/AAABfwAAAda6gjU3oi003\/0waoAQAgD+KAAAAQEICooX+pmKF\/qZ"}
07468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":4,"flow_src_last_pkt_time":1712518852432050,"flow_dst_last_pkt_time":1712518852431989,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":5254,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":5254,"pkt_l4_len":5220,"thread_ts_usec":1712518852432050,"pkt":"AAAAAAAAAAAAAAAACABFABR45WBAAEAGQx1\/AAABfwAAAda6gjU3oi003\/0waoAYAgASbQAAAQEICooX+pqKF\/qZIyEgL2Jpbi9zaAojCiMgQ29weXJpZ2h0IChDKSAyMDAzLCAyMDA1LTIwMDcsIDIwMTEsIDIwMTgtMjAyMCBGcmVlIFNvZnR3YXJlIEZvdW5kYXRpb24sIEluYy4KIwojIFRoaXMgcHJvZ3JhbSBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgY2FuIHJlZGlzdHJpYnV0ZSBpdCBhbmQvb3IgbW9kaWZ5CiMgaXQgdW5kZXIgdGhlIHRlcm1zIG9mIHRoZSBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgYXMgcHVibGlzaGVkIGJ5CiMgdGhlIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbjsgZWl0aGVyIHZlcnNpb24gMi4xIG9mIHRoZSBMaWNlbnNlLCBvcgojIChhdCB5b3VyIG9wdGlvbikgYW55IGxhdGVyIHZlcnNpb24uCiMKIyBUaGlzIHByb2dyYW0gaXMgZGlzdHJpYnV0ZWQgaW4gdGhlIGhvcGUgdGhhdCBpdCB3aWxsIGJlIHVzZWZ1bCwKIyBidXQgV0lUSE9VVCBBTlkgV0FSUkFOVFk7IHdpdGhvdXQgZXZlbiB0aGUgaW1wbGllZCB3YXJyYW50eSBvZgojIE1FUkNIQU5UQUJJTElUWSBvciBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRS4gIFNlZSB0aGUKIyBHTlUgTGVzc2VyIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgZm9yIG1vcmUgZGV0YWlscy4KIwojIFlvdSBzaG91bGQgaGF2ZSByZWNlaXZlZCBhIGNvcHkgb2YgdGhlIEdOVSBMZXNzZXIgR2VuZXJhbCBQdWJsaWMgTGljZW5zZQojIGFsb25nIHdpdGggdGhpcyBwcm9ncmFtLiAgSWYgbm90LCBzZWUgPGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvPi4KIwoKIyBGaW5kIGEgd2F5IHRvIGVjaG8gc3RyaW5ncyB3aXRob3V0IGludGVycHJldGluZyBiYWNrc2xhc2guCmlmIHRlc3QgIlhgKGVjaG8gJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgZWNobz0nZWNobycKZWxzZQogIGlmIHRlc3QgIlhgKHByaW50ZiAnJXNcbicgJ1x0JykgMj4vZGV2L251bGxgIiA9ICdYXHQnOyB0aGVuCiAgICBlY2hvPSdwcmludGYgJXNcbicKICBlbHNlCiAgICBlY2hvX2Z1bmMgKCkgewogICAgICBjYXQgPDxFT1QKJCoKRU9UCiAgICB9CiAgICBlY2hvPSdlY2hvX2Z1bmMnCiAgZmkKZmkKCiMgVGhpcyBzY3JpcHQgaXMgcHJpbWFyaWx5IGEgc2hlbGwgZnVuY3Rpb24gbGlicmFyeS4gSW4gb3JkZXIgZm9yCiMgIi4gZ2V0dGV4dC5zaCIgdG8gZmluZCBpdCwgd2UgaW5zdGFsbCBpdCBpbiAkUFJFRklYL2JpbiAodGhhdCBpcyB1c3VhbGx5CiMgY29udGFpbmVkIGluICRQQVRIKSwgcmF0aGVyIHRoYW4gaW4gc29tZSBvdGhlciBsb2NhdGlvbiBzdWNoIGFzCiMgJFBSRUZJWC9zaGFyZS9zaC1zY3JpcHRzIG9yICRQUkVGSVgvc2hhcmUvZ2V0dGV4dC4gSW4gb3JkZXIgdG8gbm90IHZpb2xhdGUKIyB0aGUgRmlsZXN5c3RlbSBIaWVyYXJjaHkgU3RhbmRhcmQgd2hlbiBkb2luZyBzbywgdGhpcyBzY3JpcHQgaXMgZXhlY3V0YWJsZS4KIyBUaGVyZWZvcmUgaXQgbmVlZHMgdG8gc3VwcG9ydCB0aGUgc3RhbmRhcmQgLS1oZWxwIGFuZCAtLXZlcnNpb24uCmlmIHRlc3QgLXogIiR7WlNIX1ZFUlNJT04rc2V0fSI7IHRoZW4KICAjIHpzaCBpcyBub3QgUE9TSVggY29tcGxpYW50OiBCeSBkZWZhdWx0LCB3aGlsZSAiLiBnZXR0ZXh0LnNoIiBpcyBleGVjdXRlZCwKICAjIGl0IHNldHMgJDAgdG8gImdldHRleHQuc2giLCBkZWZlYXRpbmcgdGhlIHB1cnBvc2Ugb2YgdGhpcyB0ZXN0LiBCdXQKICAjIGZvcnR1bmF0ZWx5IHdlIGtub3cgdGhhdCB3aGVuIHJ1bm5pbmcgdW5kZXIgenNoLCB0aGlzIHNjcmlwdCBpcyBhbHdheXMKICAjIGJlaW5nIHNvdXJjZWQsIG5vdCBleGVjdXRlZCwgYmVjYXVzZSBoYXJkbHkgYW55b25lIGlzIGNyYXp5IGVub3VnaCB0bwogICMgaW5zdGFsbCB6c2ggYXMgL2Jpbi9zaC4KICBjYXNlICIkMCIgaW4KICAgIGdldHRleHQuc2ggfCAqL2dldHRleHQuc2ggfCAqXFxnZXR0ZXh0LnNoKQogICAgICBwcm9nbmFtZT0kMAogICAgICBwYWNrYWdlPWdldHRleHQtcnVudGltZQogICAgICB2ZXJzaW9uPTAuMjEKICAgICAgIyBmdW5jX3VzYWdlCiAgICAgICMgb3V0cHV0cyB0byBzdGRvdXQgdGhlIC0taGVscCB1c2FnZSBtZXNzYWdlLgogICAgICBmdW5jX3VzYWdlICgpCiAgICAgIHsKICAgICAgICBlY2hvICJHTlUgZ2V0dGV4dCBzaGVsbCBzY3JpcHQgZnVuY3Rpb24gbGlicmFyeSB2ZXJzaW9uICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIlVzYWdlOiAuIGdldHRleHQuc2giCiAgICAgIH0KICAgICAgIyBmdW5jX3ZlcnNpb24KICAgICAgIyBvdXRwdXRzIHRvIHN0ZG91dCB0aGUgLS12ZXJzaW9uIG1lc3NhZ2UuCiAgICAgIGZ1bmNfdmVyc2lvbiAoKQogICAgICB7CiAgICAgICAgZWNobyAiJHByb2duYW1lIChHTlUgJHBhY2thZ2UpICR2ZXJzaW9uIgogICAgICAgIGVjaG8gIkNvcHlyaWdodCAoQykgMjAwMy0yMDIwIEZyZWUgU29mdHdhcmUgRm91bmRhdGlvbiwgSW5jLgpMaWNlbnNlIEdQTHYyKzogR05VIEdQTCB2ZXJzaW9uIDIgb3IgbGF0ZXIgPGh0dHBzOi8vZ251Lm9yZy9saWNlbnNlcy9ncGwuaHRtbD4KVGhpcyBpcyBmcmVlIHNvZnR3YXJlOiB5b3UgYXJlIGZyZWUgdG8gY2hhbmdlIGFuZCByZWRpc3RyaWJ1dGUgaXQuClRoZXJlIGlzIE5PIFdBUlJBTlRZLCB0byB0aGUgZXh0ZW50IHBlcm1pdHRlZCBieSBsYXcuIgogICAgICAgIGVjaG8gIldyaXR0ZW4gYnkiICJCcnVubyBIYWlibGUiCiAgICAgIH0KICAgICAgaWYgdGVzdCAkIyA9IDE7IHRoZW4KICAgICAgICBjYXNlICIkMSIgaW4KICAgICAgICAgIC0taGVscCB8IC0taGVsIHwgLS1oZSB8IC0taCApCiAgICAgICAgICAgIGZ1bmNfdXNhZ2U7IGV4aXQgMCA7OwogICAgICAgICAgLS12ZXJzaW9uIHwgLS12ZXJzaW8gfCAtLXZlcnNpIHwgLS12ZXJzIHwgLS12ZXIgfCAtLXZlIHwgLS12ICkKICAgICAgICAgICAgZnVuY192ZXJzaW9uOyBleGl0IDAgOzsKICAgICAgICBlc2FjCiAgICAgIGZpCiAgICAgIGZ1bmNfdXNhZ2UgMT4mMgogICAgICBleGl0IDEKICAgICAgOzsKICBlc2FjCmZpCgojIGV2YWxfZ2V0dGV4dCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBhbmQgc3Vic3RpdHV0ZXMgc2hlbGwgdmFyaWFibGVzIGluIHRoZQojIHJlc3VsdC4KZXZhbF9nZXR0ZXh0ICgpIHsKICBnZXR0ZXh0ICIkMSIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSJgOyBlbnZzdWJzdCAiJDEiKQp9CgojIGV2YWxfbmdldHRleHQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBhbmQgc3Vic3RpdHV0ZXMKIyBzaGVsbCB2YXJpYWJsZXMgaW4gdGhlIHJlc3VsdC4KZXZhbF9uZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgIiQxIiAiJDIiICIkMyIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMSAkMiJgOyBlbnZzdWJzdCAiJDEgJDIiKQp9CgojIGV2YWxfcGdldHRleHQgTVNHQ1RYVCBNU0dJRAojIGxvb2tzIHVwIHRoZSB0cmFuc2xhdGlvbiBvZiBNU0dJRCBpbiB0aGUgY29udGV4dCBNU0dDVFhUIGFuZCBzdWJzdGl0dXRlcwojIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX3BnZXR0ZXh0ICgpIHsKICBnZXR0ZXh0IC0tY29udGV4dD0iJDEiICIkMiIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiJgOyBlbnZzdWJzdCAiJDIiKQp9CgojIGV2YWxfbnBnZXR0ZXh0IE1TR0NUWFQgTVNHSUQgTVNHSUQtUExVUkFMIENPVU5UCiMgbG9va3MgdXAgdGhlIHRyYW5zbGF0aW9uIG9mIE1TR0lEIC8gTVNHSUQtUExVUkFMIGZvciBDT1VOVCBpbiB0aGUgY29udGV4dAojIE1TR0NUWFQgYW5kIHN1YnN0aXR1dGVzIHNoZWxsIHZhcmlhYmxlcyBpbiB0aGUgcmVzdWx0LgpldmFsX25wZ2V0dGV4dCAoKSB7CiAgbmdldHRleHQgLS1jb250ZXh0PSIkMSIgIiQyIiAiJDMiICIkNCIgfCAoZXhwb3J0IFBBVEggYGVudnN1YnN0IC0tdmFyaWFibGVzICIkMiAkMyJgOyBlbnZzdWJzdCAiJDIgJDMiKQp9CgojIE5vdGU6IFRoaXMgdXNlIG9mIGVudnN1YnN0IGlzIG11Y2ggc2FmZXIgdGhhbiB1c2luZyB0aGUgc2hlbGwgYnVpbHQtaW4gJ2V2YWwnCiMgd291bGQgYmUuCiMgMSkgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBDaGluZXNlIHRyYW5zbGF0aW9ucyB0aGF0IGhhcHBlbiB0byB1c2UgYQojICAgIGNoYXJhY3RlciBzdWNoIGFzIFx4ZTBceDYwIGlzIGF2b2lkZWQuCiMgMikgVGhlIHNlY3VyaXR5IHByb2JsZW0gd2l0aCBtYWxldm9sZW50IHRyYW5zbGF0b3JzIHdobyBwdXQgaW4gY29tbWFuZCBsaXN0cwojICAgIGxpa2UgIiQoLi4uKSIgb3IgImAuLi5gIiBpcyBhdm9pZGVkLgojIDMpIFRoZSB0cmFuc2xhdGlvbnMgY2FuIG9ubHkgcmVmZXIgdG8gc2hlbGwgdmFyaWFibGVzIHRoYXQgYXJlIGFscmVhZHkKIyAgICBtZW50aW9uZWQgaW4gTVNHSUQgb3IgTVNHSUQtUExVUkFMLgojCiMgTm90ZTogImV4cG9ydCBQQVRIIiBhYm92ZSBpcyBhIGR1bW15OyB0aGlzIGlzIGZvciB0aGUgY2FzZSB3aGVuCiMgYGVudnN1YnN0IC0tdmFyaWFibGVzIC4uLmAgcmV0dXJucyBub3RoaW5nLgojCiMgTm90ZTogSW4gZXZhbF9uZ2V0dGV4dCBhYm92ZSwgIiQxICQyIiBtZWFucyBhIHN0cmluZyB3aG9zZSB2YXJpYWJsZXMgc2V0IGlzCiMgdGhlIHVuaW9uIG9mIHRoZSB2YXJpYWJsZXMgc2V0IG9mICIkMSIgYW5kICIkMiIuCiMKIyBOb3RlOiBUaGUgbWluaW1hbCB1c2Ugb2YgYmFja3F1b3RlIGFib3ZlIGVuc3VyZXMgdGhhdCB0cmFpbGluZyBuZXdsaW5lcyBhcmUKIyBub3QgZHJvcHBlZCwgbm90IGZyb20gdGhlIGdldHRleHQgaW52b2NhdGlvbiBhbmQgbm90IGZyb20gdGhlIHZhbHVlIG9mIGFueQojIHNoZWxsIHZhcmlhYmxlLgojCiMgTm90ZTogRmllbGQgc3BsaXR0aW5nIG9uIHRoZSBgZW52c3Vic3QgLS12YXJpYWJsZXMgLi4uYCByZXN1bHQgaXMgZGVzaXJlZCwKIyBzaW5jZSBlbnZzdWJzdCBvdXRwdXRzIHRoZSB2YXJpYWJsZXMsIHNlcGFyYXRlZCBieSBuZXdsaW5lcy4gUGF0aG5hbWUKIyB3aWxkY2FyZCBleHBhbnNpb24gb3IgdGlsZGUgZXhwYW5zaW9uIGhhcyBubyBlZmZlY3QgaGVyZSwgc2luY2UgdGhlIHdvcmRzCiMgb3V0cHV0IGJ5ICJlbnZzdWJzdCAtLXZhcmlhYmxlcyAuLi4iIGNvbnNpc3Qgc29sZWx5IG9mIGFscGhhbnVtZXJpYwojIGNoYXJhY3RlcnMgYW5kIHVuZGVyc2NvcmUuCg=="}
00542{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":5,"flow_src_last_pkt_time":1712518852432050,"flow_dst_last_pkt_time":1712518852432056,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1712518852432056,"pkt":"AAAAAAAAAAAAAAAACABFAAA0pvJAAEAGlc9\/AAABfwAAAYI11rrf\/TBqN6JBeIAQAen+KAAAAQEICooX+pqKF\/qa"}
00991{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518853691948,"flow_dst_last_pkt_time":1712518853691932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00773{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":3,"flow_first_seen":1712518852431973,"flow_src_last_pkt_time":1712518853691948,"flow_dst_last_pkt_time":1712518853691932,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54970,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00989{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518790473885,"flow_dst_last_pkt_time":1712518790473904,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","ndpi": {"flow_risk": {"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00771{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":4,"flow_first_seen":1712518786333703,"flow_src_last_pkt_time":1712518790473885,"flow_dst_last_pkt_time":1712518790473904,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":47638,"dst_port":33333,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
01200{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518814195876,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":937,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54112,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00773{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518814195876,"flow_src_last_pkt_time":1712518814195876,"flow_dst_last_pkt_time":1712518814195876,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":937,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":937,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":937,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":54112,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
01203{"flow_event_id":9,"flow_event_name":"not-detected","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","ndpi": {"flow_risk": {"35": {"risk":"Susp Entropy","severity":"Low","risk_score": {"total":210,"client":165,"server":45}},"40": {"risk":"Possible Exploit Attempt","severity":"Severe","risk_score": {"total":200,"client":160,"server":40}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"proto":"Unknown","proto_id":"0","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Unrated"}}
00776{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1712518835354289,"flow_src_last_pkt_time":1712518835354289,"flow_dst_last_pkt_time":1712518835354289,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":5188,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":5188,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":5188,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1712518853691948,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":58538,"dst_port":33333,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00795{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/shell.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":18,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":12250,"total-not-detected-flows":4,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":4,"total-idle-flows":4,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":27,"global_ts_usec":1712518853691948}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 18/18
~~ skipped flows.............: 0
~~ total layer4 data length..: 12250 bytes
~~ total detected protocols..: 0
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6658514 bytes
~~ total memory freed........: 6658514 bytes
~~ total allocations/frees...: 114082/114082
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 544 chars
~~ json message max len.......: 7473 chars
~~ json message avg len.......: 4007 chars
Powered by cgit, Themed by Ted Yin.