aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/vnc.pcap.out
blob: 74890b2dc5eaf1b4698e4f0e155b893e1cc77949 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

00608{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"max-flows-per-thread":32768,"max-idle-flows-per-thread":1024,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00829{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1476111264364066}
00771{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1476111264364066,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364066,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364066,"pkt":"EP7tAkntxOodxQGGCABFAAA0Xs1AAHQGVCNf7TDQwKgCbumPGvTqxTBkAAAAAIACIADbnAAAAgQFrAEDAwIBAQQC"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1476111264364066,"flow_dst_last_pkt_time":1476111264364590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264364590,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFNAAIAGAADAqAJuX+0w0Br06Y8QfmeF6sUwZYASIABT+gAAAgQFtAEDAwgBAQQC"}
00528{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1476111264402886,"flow_dst_last_pkt_time":1476111264364590,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1476111264402886,"pkt":"EP7tAkntxOodxQGGCABFAAAoXs5AAHQGVC5f7TDQwKgCbumPGvTqxTBlEH5nhlAQQTqDEwAAAAAAAAAA"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1476111264402886,"flow_dst_last_pkt_time":1476111264414487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264414487,"pkt":"xOodxQGGEP7tAkntCABFAAA0fFRAAIAGAADAqAJuX+0w0Br06Y8QfmeG6sUwZVAYAQRT+gAAUkZCIDAwNC4wMDEK"}
00536{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1476111264453192,"flow_dst_last_pkt_time":1476111264414487,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111264453192,"pkt":"EP7tAkntxOodxQGGCABFAAA0XtNAAHQGVB1f7TDQwKgCbumPGvTqxTBlEH5nklAYQTco9wAAUkZCIDAwNC4wMDEK"}
01170{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111264453192,"flow_dst_last_pkt_time":1476111264414487,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1476111264453192,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
02380{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111265262808,"flow_dst_last_pkt_time":1476111265262852,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1476111265262852,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":1,"avg":57984.8,"max":545295,"stddev":113391.3,"var":12857594880.0,"ent":3.2,"data": [524,38820,49897,50306,38760,37061,157832,7049,164493,745,37544,181,35,36356,3,37327,1189,1,198,747,2,747,516,199031,310273,46,50,545295,719,22308,59473]},"pktlen": {"min":40,"avg":56.6,"max":75,"stddev":12.8,"var":163.2,"ent":5.0,"data": [52,52,46,52,52,48,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,40,63,40,70,68,72,46,46,67,40]},"bins": {"c_to_s": [12,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [13,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,1,0,1,1,1,1,0,0,0,1],"entropies": [4.631521702,4.863714218,4.609350204,4.985801697,5.140452385,4.993162155,4.757925987,4.730641365,5.272469521,4.609350204,5.640918255,5.577627659,5.864722729,5.438069820,4.565871716,5.780129910,4.730641365,5.837696075,5.730319500,4.671928406,5.671802044,5.704510212,4.621928692,5.604105949,4.671928406,5.568077564,5.579674721,5.540976048,4.522393703,4.478915215,5.614377499,4.671928406]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
00774{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3544,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111286462067,"flow_dst_last_pkt_time":1476111286462067,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1476111286462067,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3544,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1476111286462067,"flow_dst_last_pkt_time":1476111286462067,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111286462067,"pkt":"EP7tAkntxOodxQGGCABFAAA0be5AAHQGRQJf7TDQwKgCbslnGvTjPDftAAAAAIACIAD7xAAAAgQFrAEDAwIBAQQC"}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3545,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1476111286462067,"flow_dst_last_pkt_time":1476111286462174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111286462174,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmNAAIAGAADAqAJuX+0w0Br0yWdPW3mt4zw37oASIABT+gAAAgQFtAEDAwgBAQQC"}
00531{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3546,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1476111286499568,"flow_dst_last_pkt_time":1476111286462174,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1476111286499568,"pkt":"EP7tAkntxOodxQGGCABFAAAobe9AAHQGRQ1f7TDQwKgCbslnGvTjPDfuT1t5rlAQQTpSNgAAAAAAAAAA"}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3547,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1476111286499568,"flow_dst_last_pkt_time":1476111286510841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111286510841,"pkt":"xOodxQGGEP7tAkntCABFAAA0AmRAAIAGAADAqAJuX+0w0Br0yWdPW3mu4zw37lAYAQRT+gAAUkZCIDAwNC4wMDEK"}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3548,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1476111286549120,"flow_dst_last_pkt_time":1476111286510841,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1476111286549120,"pkt":"EP7tAkntxOodxQGGCABFAAA0bfFAAHQGRP9f7TDQwKgCbslnGvTjPDfuT1t5ulAYQTf4GQAAUkZCIDAwNC4wMDEK"}
01173{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":3548,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111286549120,"flow_dst_last_pkt_time":1476111286510841,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":12,"flow_dst_max_l4_payload_len":12,"flow_src_tot_l4_payload_len":12,"flow_dst_tot_l4_payload_len":12,"midstream":0,"thread_ts_usec":1476111286549120,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
02384{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":3575,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111287358990,"flow_dst_last_pkt_time":1476111287224950,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":287,"flow_dst_tot_l4_payload_len":185,"midstream":0,"thread_ts_usec":1476111287358990,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":2,"avg":53542.1,"max":538844,"stddev":125065.9,"var":15641482240.0,"ent":3.0,"data": [107,37501,48667,49552,38334,36850,46381,48516,45667,1708,45497,182,37420,547,413,36764,2984,39898,772,181,762,824,181,2,1005,501772,46,703,538844,2,97724]},"pktlen": {"min":40,"avg":56.8,"max":75,"stddev":12.6,"var":158.0,"ent":5.0,"data": [52,52,46,52,52,48,46,40,46,40,59,46,69,74,74,62,46,75,40,74,72,40,68,72,63,40,70,68,72,46,46,67]},"bins": {"c_to_s": [13,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [12,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,1,0,1,0,1,1,0,0,1,0,1,0,0,1,0,0,1,0,0,0,1,1,1,1,0,0,0],"entropies": [4.518056870,4.878231525,4.652828693,5.022342682,5.176993847,4.993162155,4.698037148,4.711769104,4.609350204,4.730641365,5.204673767,4.652828693,5.591832638,5.651554108,5.655132294,5.470327854,4.565871716,5.718621254,4.680641174,5.781727314,5.694025517,4.621928692,5.533761978,5.648954391,5.381884575,4.621928692,5.550290108,5.491440296,5.523682594,4.505982876,4.565872192,5.593677998]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
01221{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":2485,"flow_dst_packets_processed":1058,"flow_first_seen":1476111264364066,"flow_src_last_pkt_time":1476111280884547,"flow_dst_last_pkt_time":1476111280846496,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":64000,"flow_dst_tot_l4_payload_len":300,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":59791,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
01220{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":684,"flow_dst_packets_processed":324,"flow_first_seen":1476111286462067,"flow_src_last_pkt_time":1476111290613528,"flow_dst_last_pkt_time":1476111290394024,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":35,"flow_dst_max_l4_payload_len":34,"flow_src_tot_l4_payload_len":17754,"flow_dst_tot_l4_payload_len":212,"midstream":0,"thread_ts_usec":1476111290613528,"l3_proto":"ip4","src_ip":"95.237.48.208","dst_ip":"192.168.2.110","src_port":51559,"dst_port":6900,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"30": {"risk":"Desktop\/File Sharing","severity":"Low","risk_score": {"total":600,"client":480,"server":120}}},"confidence": {"6":"DPI"},"proto":"VNC","proto_id":"89","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":12,"category":"RemoteAccess"}}
00845{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":4551,"source":"cfgs\/default\/pcap\/vnc.pcap","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.13.0-5086-e946f49","ndpi_api_version":11807,"size_per_flow":1408,"packets-captured":4551,"packets-processed":4551,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":82266,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":21,"global_ts_usec":1476111290613528}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 4551/4551
~~ skipped flows.............: 0
~~ total layer4 data length..: 82266 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 7623796 bytes
~~ total memory freed........: 7623796 bytes
~~ total allocations/frees...: 130438/130438
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 533 chars
~~ json message max len.......: 2389 chars
~~ json message avg len.......: 1460 chars
Powered by cgit, Themed by Ted Yin.