aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/stun_dtls_unidirectional_server.pcap.out
blob: 50a6c535ab0cc81bcf5fb93fae66f41fb4384c94 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

00636{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00857{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1441761975301582}
00797{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00624{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975301582,"pkt":"AAAA1W9UACWeBue\/CABFAABckk9AAC8RlRMhI99nGlMJUQIc4N8ASKsWAQEALCESpEKZUujby\/MKtb8jCDoAIAAIAAHBzSQ2G6oACAAUOG6\/PReCUq3JlsJgMEqY8IjJzYmAKAAEznYIbw=="}
01189{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975301582,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":64,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975301582,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"5.36.191.232:57567","multimedia_flow_types":"Unknown"}}}
00622{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1441761975587269,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1441761975587269,"pkt":"AAAA1W9UACWeBue\/CABFAABckotAAC8RlNchI99nGlMJUQIc4N8ASNSBAQEALCESpEKNBDrS8+vWXmiUEj8AIAAIAAHBzSQ2G6oACAAUIpKr5uGsXESfGDFUtNMC1hzHXuWAKAAEdDFJvQ=="}
01308{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975587269,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":64,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":128,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975587269,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","domainame":"","stun": {"mapped_address":"5.36.191.232:57567","multimedia_flow_types":"Unknown"}}}
01778{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1441761975874926,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":958,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":958,"pkt_l4_len":924,"thread_ts_usec":1441761975874926,"pkt":"AAAA1W9UACWeBue\/CABFAAOwksNAAC8RkUshI99nGlMJUQIc4N8DnECPFv7\/AAAAAAAAAAAATwIAAEMAAAAAAAAAQ\/7\/Ut3Mk6tuqUdmPtD\/0S2zU9RVqlxrWoD6U0a\/TVOn1OYAwBQAABv\/AQABAAALAAQDAAECAA4ABQACAAIAAA8AAQEW\/v8AAAAAAAAAAQCXCwABvAABAAAAAACLAAG5AAG2MIIBsjCCARugAwIBAAIJAI+IoV4BAT+sMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMMEExpdmVGb3VuZHJ5IEluYy4wHhcNMTUwODI3MDkwNzA1WhcNMTYwODI3MDkwNzA1WjAbMRkwFwYDVQQDDBBMaXZlRm91bmRyeSBJbmMuMIGfMBb+\/wAAAAAAAAACAPMLAAG8AAEAAIsAAOcNBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxCrcxmZoAQDywCn+GhZjY6HfSn5rqMz8TRnXcc9jU23Yw7Ja92mohgOZR+Qo+cJxTl4KAbuGwcr15mpZW4EgmhWKDiKWrm9p\/InJjxp8EV\/j\/1I882DRAH5+Q+bPFLybYmb9D8k0aB4Pk6G1yg7rz7edN3mQLG1gWVM9B0Sue+kCAwEAATANBgkqhkiG9w0BAQsFAAOBgQB67saGPVm1sTpv5AjMP5+R3wU1alP1uCQcdTSjQINc9PU43HFJfgx3hRO9z0woHwd2\/SmekpEW\/v8AAAAAAAAAAwBWCwABvAABAAFyAABKWhEiJyIl8FFqfxCQFxSbeWOB+D4Mj0loQYDEtNn\/e6zVt69xYS8qgj0pEtvGIMjbCvtoIRAqZIAUIz008tTLs+oxzjGtCikCEMUW\/v8AAAAAAAAABACQDAAAxwACAAAAAACEAwAXQQR27Dr9onTZFENOQON2yhMqGeeWpnA0EbRn2QO4OiJK3PLw0gM9x1w47T3fp9MKcmnScctNeU08Pt58g+r58mG1AIBFM9pY+i47LW6ummB3ST2yBADv+dkmiRvzbBVmJd7PE9AYvjXL3Eafz8RkdBipCaI0id38AvmmeIcRnmMhFv7\/AAAAAAAAAAUATwwAAMcAAgAAhAAAQ903Y0Smx2StBdClTKUpU+l8IW81bgDY\/Jw8GMnhUuvrt8K1pDJ8KSmKX+lYFjY3wXaYjpuEk6aXRxBcS7chMS98E+gW\/v8AAAAAAAAABgASDQAABgADAAAAAAAGAwECQAAAFv7\/AAAAAAAAAAcADA4AAAAABAAAAAAAAA=="}
01479{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761975874926,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1044,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761975874926,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.0","ja3s":"1974c5c625e99dc22d0477079a54aed3","ja4":"","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=LiveFoundry Inc.","subjectDN":"CN=LiveFoundry Inc.","fingerprint":"23:F4:E7:42:93:22:91:BB:A3:54:70:97:94:2A:DE:AF:26:61:18:98","blocks":0}}}
00660{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1441761976174312,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"thread_ts_usec":1441761976174312,"pkt":"AAAA1W9UACWeBue\/CABFAAB3kwJAAC8RlEUhI99nGlMJUQIc4N8AY1hwFP7\/AAAAAAAAAAgAAQEW\/v8AAQAAAAAAAABAMEcyXPNODypMYT0Ssk4r7kdOXW+9U7+hCDxTj4d5TTNRdICHtbeHbXcfrCzPQpDaPm44sdeZ+qA0rw0R8k1fQA=="}
00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1441761976174318,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_usec":1441761976174318,"pkt":"AAAA1W9UACWeBue\/CABFAACMkwNAAC8RlC8hI99nGlMJUQIc4N8AeKyrAAEAXCESpEKP0YtwXMNQlfFxwRMAJAAEfv\/\/\/4ApAAgAAAAAAAAAAAAGACFXWnFrOU8rZ2lqOGF6dE1UOjREMnVnUG5CekUwUnd6MS8gICAACAAUiKI62VDnyBUKfHf8mnzR1DIkRoWAKAAEF76wAg=="}
01207{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":0,"flow_first_seen":1441761975301582,"flow_src_last_pkt_time":1441761976462611,"flow_dst_last_pkt_time":1441761975301582,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":64,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":916,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1311,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1441761976462611,"l3_proto":"ip4","src_ip":"33.35.223.103","dst_ip":"26.83.9.81","src_port":540,"dst_port":57567,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"6": {"risk":"Self-signed Cert","severity":"High","risk_score": {"total":300,"client":270,"server":30}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00863{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":6,"source":"cfgs\/default\/pcap\/stun_dtls_unidirectional_server.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5173-c49d126","ndpi_api_version":11990,"size_per_flow":1400,"packets-captured":6,"packets-processed":6,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1311,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1441761976462611}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 6/6
~~ skipped flows.............: 0
~~ total layer4 data length..: 1311 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 8426836 bytes
~~ total memory freed........: 8426836 bytes
~~ total allocations/frees...: 144743/144743
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 627 chars
~~ json message max len.......: 1783 chars
~~ json message avg len.......: 1200 chars
Powered by cgit, Themed by Ted Yin.