aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/snapchat_call_v1.pcapng.out
blob: d26da0f0d02bc7811c08e8765548930bdafeb509 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

00574{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00798{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1642584090467068}
00795{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090467068,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GNAAEARienAqAypIvbnjLmgAbsEuOe0xgAAAAEIhBCu4jQ62egAAESetqOQdYkJpUmUbLd7dCny\/mAX1uVpyJthsRXpRU8VWePV6W9beCrSrw4bfN95OOqcQUuDSKA2fVL0D5kDJ\/asNmiUDm2dTxwoLy5LKegbuvpOEgXdXJGz6Gk+MnVuMvTucZRlP+kU8Z0hZYkJrEueNZLXvMiZw+w\/3JMAscB+SXgxqObQ7yqheFwPcswCbW4HViy9+ZaTJc+BYhkJ055qYehc\/zFI0KCoMBJhsKt2St7\/X\/sFqgI4XAc07X8JocrJhc\/vYXREaOwS1grTxRlgBfafpoYoos9uZIUmAfZUhVF+lLWk3CqNkdJgUXPdulhipVVYaytwLHOIKcNR+3k5D+\/5ip9PadVan\/IjuHWRUPMyGV6b3kpvu4ZcMqB6rJq4vpE73h2pGF0y4EfGtr2FNVuu\/KuZJ3dp3JvEjR\/jeOHRA42IPdKCIbXpvaPGXS28mVqFTiEIIj88lm4BOyrmXPIPMtTECpPWXYf1XbpuuCUtRrtjD6xtUwvOdF9\/49wZuztXpaWoqNcQwFnDBkZcK4JaXOC2goCGnfAWoYp5AJBHldfKbfHbk4OnTcNEk1Fc\/jmV0Dwf0S3IJ8\/MjTctjPx\/KD5qo0FuvyoLHkOQ909\/s0dlEKb3vF9qIuNXDktsuA8b\/CMA\/PICfvKu+us2XV4zg9UBqIz\/wYrRHey95hrlR2Gz9syR8cUSxAjGBEfwfSBTo+DQ4ZP4AipF\/o\/3HAEIDbIYHCtLdSkqDEGjYxeZ2YRMTfV9dex7lm1iCVcGCqNklEhG2Mmj0J3t83ZH4j+nee6OiFL89sraDjJa3wwZ8+3ZqrljAmdHSfpk4LOQDpcbbltBW5wDrl76HafLd6injkxl9HTuPqNi4WWIeQ02C4UykD3hQffn63eGYR\/x9OLvJ+YUn8A32KaYS9sQwjTZBg0J9pe+BK1hOaXgA2xiCU1YHz8WM5n0aNeT9iBNNuHuzHlzpHLfqgYDp9JcuPKHRPRujBhigh48qLYtBSwjrSf2d0jQlkgTDYM\/o8BMBgAnLPxb3W0\/3RRiGRSDSgbzQdMEpQxmRiPSdiwP+EH8+IyeRPWFFfm4uiJoQUwnY5uFAZvnFcuw+f1iwJTbp3HCxFFmpBTc\/xIvkWFx3AeN63YiZu66yn2nCpER2XafvDOLi1ZIBu6TajSC28+WMrnkUqKFx1b3gCNvogeYcsVVy7HrZv3I4oy46NRbHrQPi\/GptSdY\/S22zjlh4dpGHbjNttrFqXg645yNyJLRKndem5QJ1LpM4OCevsgIJIjTdrinLDDbDze8ywEiM5GtX3Hhdo6Ac0xvMkmw9sPMaE3r1UeGIp5+NEQ0sWutpw9ro\/rlPmKqQLBnXWwkeDL1D1SG9R39++9bQ\/PgYXx5eDDg3XSqp1bmEfBjCvyTuN97k\/U7r2ALo84ZR2EmlZemvZ3C+jFclmBJEJgBqLhouZp5kCgMVAEd5F5py9kLD1XMjkSEOrXxTq8EZ17YEC3TbzqAvAERJ52Q\/z+r7cjUfqDXPbUa8sDfuVcAF5mcmS7HgRUgcPp\/HmAfl74+cll\/xMfoNZDYD1gRHGC8lt7l"}
01265{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090467068,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1200,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1200,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1642584090467068,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.Snapchat","proto_id":"188.199","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Fun","category_id":6,"category":"SocialNetwork","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","ja4":"q13d0309h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":52}}}}
02157{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510899,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510899,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACtAACsRcyIi9ueMwKgMqQG7uaAEuIDvzgAAAAEACIQQruI0OtnoAEB0QD824LrLAyxFBv1fqC0vaUKEAPqXWhnEZkjfTAB\/njOtOw2ulcbmFIEugSJafyUehXXTD3itxf7ksLUq9y\/k3UQN6H0MWJJfU39bTLcLNZtRgCmzLh\/pdC+zrpjsjqE+DlwKWQj6ZxmWOATbtX5yapzh\/zLvAAAAAQAIhBCu4jQ62ehEGRgqb0lDHv2OzRv9SYMh++M74n\/5C6L81Y+NbqIA9wYxgdpUtSrpq30E8MtuyEa1BH4peOzFirFPBl3rWJrGSHKnrfhVIC+f74RkClApg0X6KrTmEQthpSukiFMtP+gmZ3vezghCdkGYaRbeff1ArdW\/idTFFtL6+Ybod4h9ZLheGlfqXbzlFncRv2O4JSFT4xwVInmvI+2OdCXpJ7mOCzyaHFWPEVM4O9G0qQ\/PCSTEGb+ie9L9Y3j4npfXpYlb\/iKV\/+TVa0bXxNltC72TO8M\/fXMHxLxD5BAtV7iS9wp+L5ktQDVhS5fTXmD2Bb6L6tmUlhdicMfEmv5cz43FS0Qeqb7Rj+y3qhWxhS3VX82JHgiD6fZ2h9mlpL731QifUS3g0SdRRwg1JqnrDFxd5zm9GKu\/W+k\/pkAX4dlueS87EYy1O6YGhluke4E3O7WB6qTdh8E1RzCSHtVmA5Tim1tmajYL+sgbjJ\/QlPS8DA23hij9dRCuyOsuNgd8u0XlhrsM\/drrobHl+YJpdSfvZPaJHatKlWeqR1i8gWtCGC2f4NeZvc6\/PIiENQezJRk0X0NcvTjGkol0THr49kxRjrte+rh63Pzl7oh2Yr3YSX6O+jWhOOUanPMASyAapnuTcMkc5Fnoeu9iaLOA70rejlFy\/be9kaaK9Bu3BhXclBx+bar9CtBzeHCgHBZuHAjXO\/0OBQavnaC3mVdtMZziyna79W8Gvr\/htuENoGE0LgBeUx+pgQFztajZzvugufZ4p0vnjbld5enolbbLNXWUx63+TZ63MnV\/dMGR8qEnzRIr1PfiFE\/6cjG6tjPbO2VdyOWae2YWMINhT+N9qcf4H1hp4pDFszQ3lWXDto70MVIjkxju0PeGj92dMPx7MNqJilcDShlGJwsLGmmQSGn+HSl\/mgwJpzWHQpNOo\/LlaLTyqBSY7pxdmX9kN3h8UN4Hd2Hr3Fk0rar\/KvXJ3mVHBaDaCVmcHltt6SahAtc\/ocPI+afleJ+CTQhyn2dj+rcBHfFgNBc73fIN+mOHAAEWC9riYo3FUcM6dZUITQhOeK4Uuqw1LA4YUs1EL7ddtpf7l1\/fuZIVcN3Lc6l59Vm5Th6IPGL\/LPZbppV\/hJBl4pDYlu2qvZ33CJfgCRxwbmj5SOWDeMzZguVTLty80nucVTJUpD3z7ix2quIVwIYifZZYIF+VzC6\/drr8N\/br1f5DsfYeJPRGr\/P49nJiWl39BNFrK0OYQv44JIlRlAt9CGCdR4g0dN3FgfiL4\/lUi8YPSU3cDIZxCdnQkdCIGcAhjfN4gggt7zg9kOnJIzAY8njDa5SRxm8rijaozS5CsNDVLCBZ40nww0LginRe2hYCVIwXbJ1vICjAFnUQldXnI1vBYa\/\/GLFN5BSD"}
02139{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510947,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090510947,"pkt":"mt9Y+uvcCL6sCxduCABFAATMACxAACsRcyEi9ueMwKgMqQG7uaAEuL937gAAAAEACIQQruI0OtnoRJ8S2CbWB5Aa0NIEXBtQqqcNr3LJSM6luXrG5NB5jmw8BTTb7hBzxN9NXN6dQKMU6M\/xqCcyR4cjD6lSS3pMKiulwTRvlYIwVKrYm+LhqRSNNN9rSSBVey45DhDraPxQlvFusIccmf5pTLSUteoQRBy1cLSEm6nBu4RC7azyB5EL8qSVtz4J4crJKZsjs2lCJk75A3KNytR6nhnlSjUnkVZtt5RLi5uyOfP2DILzBp51r4LGtW0yXDAIdHwvsWXI2hJjcdIIrmWloDxkCwAKZC5EYqgdbkZgTSRifx9y1B1lCrjW28p0er\/SsLQRO63igT0BRcTPDDeO9SrSeefcILOCfEmPAzXPV0myN+1F3OMJ9M7bwSMdmh3Te5QLMWdOoH41yu2FlDOIypWVO9Pv96cTS5Ilj+GV7aLGyHyXi3IZYZEoKKqyhwIna2a6e4MNNKf3EAzpThQGbjqo7698qgbQUq2HL3qjCWS+CRtbfNkK9wg8uCu82wlsfmGGlRR1nmIOZXfFcAZR4x8GrXvDXKntFSIQOZB0U+tJ5PrbDi01e\/aYdqhfMwxXZtyx7KiW+TmbWbPelbmOCIHI0e08tuHB1CLCzz+4upnoCogpOKVLLALGcUjxCAu+pUv61bCHRM7tptNufqfA2xkBjhsI+cJGtnHDBDBMFoijVrmS\/zSO1u4SFIytu33p6ATJUJwcyOqZJTlezz7IqzsJSkrCe1jMss6AdqR9bqpEA0iW9qSanlGm+y0KhhX9IH9mvDfS2wHTL9vXoVLM30efMTCC2eMOc0hF2hJ\/SKhnX9kZ8nM4pLNdOggzvdJ78QbLL3XonQffjLfTUj8pdg\/k07T\/wHaWvnMTATaV8twc5oalBK1G57uIuWEU0BWTbqqh\/d8vW7HoP43MPPQqP8uleQpJ6QzGgNQchwb8GlPL+54hnzRkSAfTWDJ9fJwDnOrjl8eAuB7PaUyjnVOLK1gwmeLc4NDXtW6mSM5Y01gq5urH3wxuN7NP7cNwE1CKjtQFsHdkC0yi+1PWjuoxQQ+goJ7LxkZ0DMB6xsrceuDyQ53d9lKQ5UOtQ4OeGnOdu6vbi1BlMTpaUfbUQDIXwlgsT+DKpO9MEkG\/jS3hCwDx0\/yc0glnOfiK9kAZmEz+hgjHHRBHjnkmdeXNU4+OBDMgHXhepHBoO95qvrx9a7GP\/A2J7r7tse+Y56SOhiM8jHzI9H1U+puIjp83iWJK5CpnEU3nbD80GSM1Sup9eAXtXiCr\/B75wJKor2wn4UOj4Ux2FIHok41GsJFHB5HnorW20r\/l52IrOjHVjIhClksdjbVScYXPR5YirFs2nXT5Dva19DDqRCOwzsDyQEXH1U9vYygdFoXKcAu6wd2fHrGin9eaCK77QGr0XthC1gxPqYnqN3RTsiiUjThCv2IUTFyxqSK1IIKKHi5ZU9T1jkHGZi8dSiiLSTJD3c8mUAUTgUhTJlqsUhDQFp+o\/bCVmR9kyAbQNGBaFAYpXivaz9UsJiT0gzypPGjc+PWwg+YLHNYCZO\/PXld5eNlHXPcL3D8XCr4Hs7EURSi9cIytLJ4GUjbFU5Es"}
01066{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1642584090467068,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":447,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":447,"pkt_l4_len":413,"thread_ts_usec":1642584090510965,"pkt":"mt9Y+uvcCL6sCxduCABFAAGxAC1AACsRdjsi9ueMwKgMqQG7uaABnQGY6QAAAAEACIQQruI0OtnoQYQYnnnY\/TwH7sisj44tuL3+S79sTC6Ii7C544FpS6RA5K1Gjsz5ONuvxXkzNOLK1cYjM1BZc5en4+alF+S80t4B6oLjeiQw6GIRzLlWrhpcCm1NOSkaA\/Dko4qIqQCni16yxQTaptE0AGFcNNAX0GOfi3XN6s6XzCG8je1LlpGI4thEqvIt2xXW\/SZWNt2Vx\/5\/xFRoRuRR+KCPJu4DsSu6O6ErV0wG+KCg2iwG4IOhINae17UeS3ykPewIVzmk3whB7bdUPJFLAycMOsw8SbTyqEDisfw54GfpPiOpKX+W6oKkLysbm3C16rjWGPHZVKbLFMTvswpdijcDfHnbZYf4Ep1ysQYvni7qm7sEvSLMA24s5MIVcSslKhAapH9jij90YjMTlIz8R5xVW5MggGl0JNueETv24ewnHSBvxe0Pai6GjyV4wsLWk95rG87iLl7hrkng4a+Va8b3OX4VTa5JNyAQz82r6PxxBKFbXxWWmpq85DihpLMv42c22LkBA1V336p6"}
02147{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1642584090514239,"flow_dst_last_pkt_time":1642584090510965,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1242,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1242,"pkt_l4_len":1208,"thread_ts_usec":1642584090514239,"pkt":"CL6sCxdumt9Y+uvcCABFAATM1GdAAEARieXAqAypIvbnjLmgAbsEuNIaxwAAAAEIhBCu4jQ62egAAER1VsqkkGCUXUoSghfrHSEv2MjVBQn+ZioJyigAeY0ikBzmb7200Tcvi1hSBAOmhV480\/Q3Cig\/aTvbP+dCfpgUSwwzyRAaWrI+yr7LtA7hieNtNBGEuSSMGWfoH\/jhIeviO+ZkLZpBdKOHigiHov1PtOx7eqf+x1fkl5S0Ta+8YrqYQTOrQ5gbixM44N8cBqxem6ogn6PSloYENciwutVZ8uGPqP5kD87+jC0216PUNN+CNV0Iw85UiWsZNfReg3piVDPNxpLS\/Lq5So0r1ainNJZ30tyNKCH7gkA9CuIBHCA2D2ylb0wjO9HjJvee\/1k+bKFtIBjPAdWCtc\/97hbww9XmC7u84pjPn5UtwvpvXaf29PG3\/k15\/ymEzAoTbb68fA5ffoMapeBbeXpvquTAHlTNIC8pEaoC8+jnjuxKkbkK1CImwgrjpHaCJ7QogmpbGVbWj\/LoXlKNTgt2BkVjRqg5kjNM9rIcTg4E\/YZHHd4V3KvVXKGoTXM9IwoyFPfzesrHOYi1Hjt4f2AwbK4nFM06lFtiAbK+Ncrds5MU3hu+fOjlvapu2nBl2hlTpUwEwNu2OTjTlHXqodNGtfSJqqiYhKK7gghfP3NiPkmpSjYHviqpD66d6Mk7f+deYdAKb+6f\/XsxiTz2thmntL44NWQsEAKWHvWQbuVYItT9gS3oDGRAg\/xsDBVjGmSwH3hzXuNQIBVIKmEM3M7kJBgsBDwVQ+2a5KSUmaPV50LFyFxcxzfRKrreKzRGpNVe4GCu1D4gCeS71HDlqQ+Guu66i2IvHUe26\/3eef1zP+xEjiZ37QsjbcmARgOBFA03gEmFTiW8I73ezpo7Ae6zLyUrtB5D2b6UVkQTmof1nEWlxPtkQqw7rzKidHVgBiXIyA6cg2A9oIJLl6K4+N8fZ+cA\/K2C9XoaOq7axDszYDbWpbzadrIZO0XCIDio+8UlywF3Eh6ohyNKRFGWqt4ZEggeRtd0+dqXiEsZ471e5S5uB\/IzkjqcnucZa3X2fiBogCeL2N\/DBj9QLgNz3zsylLwCj08CFgQSU3mCULZED+eJzRynvoEJ1kGRR3VtKzXfrtRrmq7+djaxxg8AuFxERvP\/mW9VdBiLkd\/BIjuIYXKa+m2vheE2+KRSRWL1QKg+99GKR9b6JY7oucgWkBXG\/3wnLSMKV6p6ZfGuMDrlW0dZtMCirEdHJNgczeVIMRB5nVmfHyH83HYOIZbVxER9EnpsuxOmjRc+\/TqVm8I5ZGJj6Ay0JEsjykwHpfroi6F6Dz1DuLzXkMkl+IrYgQSnma2yYchVZd1jJylMWrw8tlBnca5vCx6PPA\/pYkCH1qBXkKvwn1TFAKFSBGzeDrxDTSrDdjOQc03vBTwF9WxXstbO8dcPEVplg3\/IV1GPORubDjghygFqmDO\/FNUWN34+k2k6vbfiDMK63+w+xqAUDJvonoFixikWEN290hSxoc+3AKJx2tRNT7+iLBUQw5rELbGYoLqE+DHx8VKNtgeaxuD3UDIMOZR3c+UAAAABCIQQruI0OtnoAEAYjLgYZ1DeuJwCT8AWduwfbAEyRKkz6dYI"}
01282{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":11,"flow_dst_packets_processed":9,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091048184,"flow_dst_last_pkt_time":1642584090986004,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":3514,"flow_dst_tot_l4_payload_len":3706,"midstream":0,"thread_ts_usec":1642584091048184,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io","quic": {"quic_version":"V-1","tls": {"version":"TLSv1.3","ja3":"f4545fa40dda0c87b1bd81d9a55985a2","ja3s":"","ja4":"q13d0309h","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3","tls_supported_versions":"TLSv1.3","blocks":52}}}}
02272{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":21,"flow_dst_packets_processed":11,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584091097462,"flow_dst_last_pkt_time":1642584091088958,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":33,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":10528,"flow_dst_tot_l4_payload_len":3826,"midstream":0,"thread_ts_usec":1642584091097462,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":18,"avg":40396.3,"max":284273,"stddev":69954.6,"var":4893651456.0,"ent":3.5,"data": [43831,48,18,47171,5912,7197,49242,50,34720,7943,33195,29741,120469,284273,668,11816,262103,35232,126423,262,9441,12613,6510,7068,102933,21,6234,340,1312,2360,3138]},"pktlen": {"min":53,"avg":476.6,"max":1228,"stddev":428.3,"var":183471.5,"ent":4.4,"data": [1228,1228,1228,433,1228,117,610,446,104,62,360,61,90,53,70,70,198,53,53,88,1147,1148,1148,703,523,72,104,525,525,525,525,525]},"bins": {"c_to_s": [0,6,1,0,0,1,0,0,0,0,0,0,0,0,0,6,0,0,1,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,2,0,2,0,0,0,0,0,0,0,0,0,0],"s_to_c": [3,1,2,0,0,0,0,0,0,0,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,1,1,0,0,0,1,1,0,1,0,0,1,0,0,0,1,1,0,0,0,0,0,0,1,1,0,0,0,0,0],"entropies": [7.846151352,7.818212032,7.842855453,7.458201885,7.834816933,6.378828526,7.731168270,7.464651108,6.216168880,5.760650158,7.392130375,5.557705879,6.136295319,5.508872986,5.957851410,5.707712650,6.936640739,5.357929230,5.395664692,5.928121090,7.845738411,7.830622196,7.823609829,7.678224087,7.645185947,5.669923306,6.181212425,7.564388752,7.568304062,7.613670826,7.625892639,7.577367783]},"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}}
01065{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":386,"flow_dst_packets_processed":91,"flow_first_seen":1642584090467068,"flow_src_last_pkt_time":1642584099996389,"flow_dst_last_pkt_time":1642584099885088,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":28,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1259,"flow_dst_max_l4_payload_len":1200,"flow_src_tot_l4_payload_len":337357,"flow_dst_tot_l4_payload_len":7923,"midstream":0,"thread_ts_usec":1642584099996389,"l3_proto":"ip4","src_ip":"192.168.12.169","dst_ip":"34.246.231.140","src_port":47520,"dst_port":443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"QUIC.SnapchatCall","proto_id":"188.255","proto_by_ip":"AmazonAWS","proto_by_ip_id":265,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"str1-euwest1-34-246-231-140.addlive.io"}}
00812{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":477,"source":"cfgs\/default\/pcap\/snapchat_call_v1.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":477,"packets-processed":477,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":345280,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1642584099996389}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 477/477
~~ skipped flows.............: 0
~~ total layer4 data length..: 345280 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6665160 bytes
~~ total memory freed........: 6665160 bytes
~~ total allocations/frees...: 114517/114517
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 579 chars
~~ json message max len.......: 2277 chars
~~ json message avg len.......: 1419 chars
Powered by cgit, Themed by Ted Yin.