aboutsummaryrefslogtreecommitdiff
path: root/test/results/default/whois.pcapng.out
blob: 2c05b7a225add3910d7ca728af2c94edfe8d812c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

00563{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00787{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1507397119066212}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119066212,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119066212,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_usec":1507397119066212,"pkt":"UlQAEjUCCAAnPqwxCABFAAA8folAAEAGwOgKAAIPwAAvO6ycACuFe1kCAAAAAKACchD7eAAAAgQFtAQCCAqvatNhAAAAAAEDAwY="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1507397119066212,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_usec":1507397119183017,"pkt":"CAAnPqwxUlQAEjUCCABFAAAsSF0AAEAGNyXAAC87CgACDwArrJwAl14BhXtZA2AS\/\/+y7QAAAgQFtAAA"}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1507397119183251,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1507397119183251,"pkt":"UlQAEjUCCAAnPqwxCABFAAAofopAAEAGwPsKAAIPwAAvO6ycACuFe1kDAJdeAlAQchD7ZAAA"}
00544{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":67,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":67,"pkt_l4_len":33,"thread_ts_usec":1507397119183714,"pkt":"UlQAEjUCCAAnPqwxCABFAAA1fotAAEAGwO0KAAIPwAAvO6ycACuFe1kDAJdeAlAYchD7cQAAZXhhbXBsZS5jb20NCg=="}
00949{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":1,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183017,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1507397119183714,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1507397119183714,"flow_dst_last_pkt_time":1507397119183935,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1507397119183935,"pkt":"CAAnPqwxUlQAEjUCCABFAAAoSF4AAEAGNyjAAC87CgACDwArrJwAl14ChXtZEFAQ\/\/\/KnQAAAAAAAAAA"}
00793{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":12,"packets-processed":11,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":246,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":10,"global_ts_usec":1604305198454924}
00772{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198454924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1604305198454924,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB5BrfTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="}
00570{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198454924,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":86,"pkt_l4_len":48,"thread_ts_usec":1604305198454980,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAAROArQAB4BrjTChEiiwoRMwj6EBD3\/zhGhgAAAADAAvrwy1EAAAIEBWoBAwMIAQEEAkwKAQEKEf5EAAVMBAwhAQA="}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460416,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460416,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB9Bo\/HChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1604305198454980,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_usec":1604305198460454,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAANARIQAB8BpDHChEzCAoRIosQ9\/oQPm9gn\/84RoeAEiAA9XQAAAIEBbQBAwMIAQEEAg=="}
00764{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":228,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":228,"pkt_l4_len":190,"thread_ts_usec":1604305198677924,"pkt":"AAAAAAAAAAgAAAADgQAGQwgARQAA0uAtQAB5BrdDChEiiwoRMwj6EBD3\/zhGhz5vYKBQGAICz4oAABYDAwClAQAAoQMDX5\/BMV1rPKhByzNRK4rcAwy\/wMJWuP4Xh6PiU3vD\/KoAACbALMArwDDAL8AkwCPAKMAnwArACcAUwBMAnQCcAD0APAA1AC8ACgEAAFIABQAFAQAAAAAACgAIAAYAHQAXABgACwACAQAADQAUABIEAQUBAgEEAwUDAgMCAgYBBgMAIwAAABAADgAMAmgyCGh0dHAvMS4xABcAAP8BAAEA"}
01503{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":16,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":3,"flow_dst_packets_processed":2,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677924,"flow_dst_last_pkt_time":1604305198460454,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":170,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1604305198677924,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h2,http\/1.1","blocks":0}}}
01709{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web","hostname":"","tls": {"version":"TLSv1.2","ja3":"5f48063f9f3a827056ccdabadcc3886a","ja3s":"649d6810e8392f63dc311eecb6b7098b","ja4":"t12d1908h2_d83cc789557e_16bbda4055b2","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","issuerDN":"CN=10.17.51.7","subjectDN":"CN=10.17.51.7, CN=10.17.51.7","advertised_alpns":"h2,http\/1.1","fingerprint":"DD:4E:28:9B:08:C1:D5:63:D1:B6:FC:DD:FD:91:A9:D4:E3:A8:7F:D5","blocks":0}}}
00992{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":6,"flow_dst_packets_processed":5,"flow_first_seen":1507397119066212,"flow_src_last_pkt_time":1507397119368026,"flow_dst_last_pkt_time":1507397119369277,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":13,"flow_dst_max_l4_payload_len":233,"flow_src_tot_l4_payload_len":13,"flow_dst_tot_l4_payload_len":233,"midstream":0,"thread_ts_usec":1604305198690105,"l3_proto":"ip4","src_ip":"10.0.2.15","dst_ip":"192.0.47.59","src_port":44188,"dst_port":43,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"example.com"}}
00794{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":19,"packets-processed":18,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":1806,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":20,"global_ts_usec":1623517268690274}
00773{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517268690274,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":19,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_src_last_pkt_time":1623517268690274,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":62,"pkt_l4_len":24,"thread_ts_usec":1623517268690274,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAALKUxAAAtBrE+wB4tHgqgP4AAK8\/hR0rdvNStq\/tgEgW05awAAAIEBVA="}
02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2B35AAAtBjPLwB4tHgqgP4AAK8\/hR0rdvdStrBVQGAW0T9cAACAgIERvbWFpbiBOYW1lOiBDWUJFUlBBVFJPTEJELkNPTQ0KICAgUmVnaXN0cnkgRG9tYWluIElEOiAyMTUzNDAwMTAwX0RPTUFJTl9DT00tVlJTTg0KICAgUmVnaXN0cmFyIFdIT0lTIFNlcnZlcjogd2hvaXMuUHVibGljRG9tYWluUmVnaXN0cnkuY29tDQogICBSZWdpc3RyYXIgVVJMOiBodHRwOi8vd3d3LnB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgVXBkYXRlZCBEYXRlOiAyMDIwLTA4LTI5VDA3OjQxOjUyWg0KICAgQ3JlYXRpb24gRGF0ZTogMjAxNy0wOC0xNFQxNjoxMDo1MVoNCiAgIFJlZ2lzdHJ5IEV4cGlyeSBEYXRlOiAyMDIxLTA4LTE0VDE2OjEwOjUxWg0KICAgUmVnaXN0cmFyOiBQRFIgTHRkLiBkL2IvYSBQdWJsaWNEb21haW5SZWdpc3RyeS5jb20NCiAgIFJlZ2lzdHJhciBJQU5BIElEOiAzMDMNCiAgIFJlZ2lzdHJhciBBYnVzZSBDb250YWN0IEVtYWlsOiBhYnVzZS1jb250YWN0QHB1YmxpY2RvbWFpbnJlZ2lzdHJ5LmNvbQ0KICAgUmVnaXN0cmFyIEFidXNlIENvbnRhY3QgUGhvbmU6ICsxLjIwMTM3NzU5NTINCiAgIERvbWFpbiBTdGF0dXM6IGNsaWVudFRyYW5zZmVyUHJvaGliaXRlZCBodHRwczovL2ljYW5uLm9yZy9lcHAjY2xpZW50VHJhbnNmZXJQcm9oaWJpdGVkDQogICBOYW1lIFNlcnZlcjogTlMyNS5FSUNSQS5ORVQNCiAgIE5hbWUgU2VydmVyOiBOUzI2LkVJQ1JBLk5FVA0KICAgRE5TU0VDOiB1bnNpZ25lZA0KICAgVVJMIG9mIHRoZSBJQ0FOTiBXaG9pcyBJbmFjY3VyYWN5IENvbXBsYWludCBGb3JtOiBodHRwczovL3d3dy5pY2Fubi5vcmcvd2ljZi8NCj4+PiBMYXN0IHVwZGF0ZSBvZiB3aG9pcyBkYXRhYmFzZTogMjAyMS0wNi0xMlQxNjowMDo1NlogPDw8DQoNCkZvciBtb3JlIGluZm9ybWF0aW9uIG9uIFdob2lzIHN0YXR1cyBjb2RlcywgcGxlYXNlIHZpc2l0IGh0dHBzOi8vaWNhbm4ub3JnL2VwcA0KDQpOT1RJQ0U6IFRoZSBleHBpcmF0aW9uIGRhdGUgZGlzcGxheWVkIGluIHRoaXMgcmVjb3JkIGlzIHRoZSBkYXRlIHRoZQ0KcmVnaXN0cmFyJ3Mgc3BvbnNvcnNoaXAgb2YgdGhlIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiBpbiB0aGUgcmVnaXN0cnkgaXMNCmN1cnJlbnRseSBzZXQgdG8gZXhwaXJlLiBUaGlzIGRhdGUgZG9lcyBub3QgbmVjZXNzYXJpbHkgcmVmbGVjdCB0aGUgZXhwaXJhdGlvbg0KZGF0ZSBvZiB0aGUgZG9tYWluIG5hbWUgcmVnaXN0cmFudCdzIGFncg=="}
02140{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":1258,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":1258,"pkt_l4_len":1220,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAE2Mf8AAAtBonHwB4tHgqgP4AAK8\/hR0ribdStrBVQGAW06F4AAGVlbWVudCB3aXRoIHRoZSBzcG9uc29yaW5nDQpyZWdpc3RyYXIuICBVc2VycyBtYXkgY29uc3VsdCB0aGUgc3BvbnNvcmluZyByZWdpc3RyYXIncyBXaG9pcyBkYXRhYmFzZSB0bw0KdmlldyB0aGUgcmVnaXN0cmFyJ3MgcmVwb3J0ZWQgZGF0ZSBvZiBleHBpcmF0aW9uIGZvciB0aGlzIHJlZ2lzdHJhdGlvbi4NCg0KVEVSTVMgT0YgVVNFOiBZb3UgYXJlIG5vdCBhdXRob3JpemVkIHRvIGFjY2VzcyBvciBxdWVyeSBvdXIgV2hvaXMNCmRhdGFiYXNlIHRocm91Z2ggdGhlIHVzZSBvZiBlbGVjdHJvbmljIHByb2Nlc3NlcyB0aGF0IGFyZSBoaWdoLXZvbHVtZSBhbmQNCmF1dG9tYXRlZCBleGNlcHQgYXMgcmVhc29uYWJseSBuZWNlc3NhcnkgdG8gcmVnaXN0ZXIgZG9tYWluIG5hbWVzIG9yDQptb2RpZnkgZXhpc3RpbmcgcmVnaXN0cmF0aW9uczsgdGhlIERhdGEgaW4gVmVyaVNpZ24gR2xvYmFsIFJlZ2lzdHJ5DQpTZXJ2aWNlcycgKCJWZXJpU2lnbiIpIFdob2lzIGRhdGFiYXNlIGlzIHByb3ZpZGVkIGJ5IFZlcmlTaWduIGZvcg0KaW5mb3JtYXRpb24gcHVycG9zZXMgb25seSwgYW5kIHRvIGFzc2lzdCBwZXJzb25zIGluIG9idGFpbmluZyBpbmZvcm1hdGlvbg0KYWJvdXQgb3IgcmVsYXRlZCB0byBhIGRvbWFpbiBuYW1lIHJlZ2lzdHJhdGlvbiByZWNvcmQuIFZlcmlTaWduIGRvZXMgbm90DQpndWFyYW50ZWUgaXRzIGFjY3VyYWN5LiBCeSBzdWJtaXR0aW5nIGEgV2hvaXMgcXVlcnksIHlvdSBhZ3JlZSB0byBhYmlkZQ0KYnkgdGhlIGZvbGxvd2luZyB0ZXJtcyBvZiB1c2U6IFlvdSBhZ3JlZSB0aGF0IHlvdSBtYXkgdXNlIHRoaXMgRGF0YSBvbmx5DQpmb3IgbGF3ZnVsIHB1cnBvc2VzIGFuZCB0aGF0IHVuZGVyIG5vIGNpcmN1bXN0YW5jZXMgd2lsbCB5b3UgdXNlIHRoaXMgRGF0YQ0KdG86ICgxKSBhbGxvdywgZW5hYmxlLCBvciBvdGhlcndpc2Ugc3VwcG9ydCB0aGUgdHJhbnNtaXNzaW9uIG9mIG1hc3MNCnVuc29saWNpdGVkLCBjb21tZXJjaWFsIGFkdmVydGlzaW5nIG9yIHNvbGljaXRhdGlvbnMgdmlhIGUtbWFpbCwgdGVsZXBob25lLA0Kb3IgZmFjc2ltaWxlOyBvciAoMikgZW5hYmxlIGhpZ2ggdm9sdW1lLCBhdXRvbWF0ZWQsIGVsZWN0cm9uaWMgcHJvY2Vzc2VzDQp0aGF0IGFwcGx5IHRvIFZlcmlTaWduIChvciBpdHMgY29tcHV0ZXIgc3lzdGVtcykuIFRoZSBjb21waWxhdGlvbiwNCnJlcGFja2FnaW5nLA=="}
01489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":4,"flow_src_last_pkt_time":1623517269021725,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":772,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":772,"pkt_l4_len":734,"thread_ts_usec":1623517269021725,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAC8oz5AAAtBsawwB4tHgqgP4AAK8\/hR0rnHdStrBVQGAW0LAwAACBkaXNzZW1pbmF0aW9uIG9yIG90aGVyIHVzZSBvZiB0aGlzIERhdGEgaXMgZXhwcmVzc2x5DQpwcm9oaWJpdGVkIHdpdGhvdXQgdGhlIHByaW9yIHdyaXR0ZW4gY29uc2VudCBvZiBWZXJpU2lnbi4gWW91IGFncmVlIG5vdCB0bw0KdXNlIGVsZWN0cm9uaWMgcHJvY2Vzc2VzIHRoYXQgYXJlIGF1dG9tYXRlZCBhbmQgaGlnaC12b2x1bWUgdG8gYWNjZXNzIG9yDQpxdWVyeSB0aGUgV2hvaXMgZGF0YWJhc2UgZXhjZXB0IGFzIHJlYXNvbmFibHkgbmVjZXNzYXJ5IHRvIHJlZ2lzdGVyDQpkb21haW4gbmFtZXMgb3IgbW9kaWZ5IGV4aXN0aW5nIHJlZ2lzdHJhdGlvbnMuIFZlcmlTaWduIHJlc2VydmVzIHRoZSByaWdodA0KdG8gcmVzdHJpY3QgeW91ciBhY2Nlc3MgdG8gdGhlIFdob2lzIGRhdGFiYXNlIGluIGl0cyBzb2xlIGRpc2NyZXRpb24gdG8gZW5zdXJlDQpvcGVyYXRpb25hbCBzdGFiaWxpdHkuICBWZXJpU2lnbiBtYXkgcmVzdHJpY3Qgb3IgdGVybWluYXRlIHlvdXIgYWNjZXNzIHRvIHRoZQ0KV2hvaXMgZGF0YWJhc2UgZm9yIGZhaWx1cmUgdG8gYWJpZGUgYnkgdGhlc2UgdGVybXMgb2YgdXNlLiBWZXJpU2lnbg0KcmVzZXJ2ZXMgdGhlIHJpZ2h0IHRvIG1vZGlmeSB0aGVzZSB0ZXJtcyBhdCBhbnkgdGltZS4NCg0KVGhlIFJlZ2lzdHJ5IGRhdGFiYXNlIGNvbnRhaW5zIE9OTFkgLkNPTSwgLk5FVCwgLkVEVSBkb21haW5zIGFuZA0KUmVnaXN0cmFycy4NCg=="}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_packet_id":5,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":60,"pkt_l4_len":20,"thread_ts_usec":1623517269021781,"pkt":"AAAAAAAAAAsAAAAIgQAHdAgARQAAKKgxAAAtBq5CwB4tHgqgP4AAK8\/hR0rp59StrBVQEQW08MAAAAAA"}
01307{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1604305198454924,"flow_src_last_pkt_time":1604305198677955,"flow_dst_last_pkt_time":1604305198690105,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":170,"flow_dst_max_l4_payload_len":1220,"flow_src_tot_l4_payload_len":340,"flow_dst_tot_l4_payload_len":1220,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"10.17.34.139","dst_ip":"10.17.51.8","src_port":64016,"dst_port":4343,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}},"52": {"risk":"ALPN\/SNI Mismatch","severity":"Medium","risk_score": {"total":350,"client":235,"server":115}}},"confidence": {"6":"DPI"},"proto":"TLS","proto_id":"91","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Safe","category_id":5,"category":"Web"}}
01082{"flow_event_id":6,"flow_event_name":"guessed","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","ndpi": {"flow_risk": {"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"1":"Match by port"},"proto":"Whois-DAS","proto_id":"170","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":""}}
00779{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_src_packets_processed":5,"flow_dst_packets_processed":0,"flow_first_seen":1623517268690274,"flow_src_last_pkt_time":1623517269021781,"flow_dst_last_pkt_time":1623517268690274,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1200,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":3114,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1623517269021781,"l3_proto":"ip4","src_ip":"192.30.45.30","dst_ip":"10.160.63.128","src_port":43,"dst_port":53217,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00796{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":23,"source":"cfgs\/default\/pcap\/whois.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":23,"packets-processed":23,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":4920,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":3,"total-idle-flows":3,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":30,"global_ts_usec":1623517269021781}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 23/23
~~ skipped flows.............: 0
~~ total layer4 data length..: 4920 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 3/3
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6652831 bytes
~~ total memory freed........: 6652831 bytes
~~ total allocations/frees...: 114074/114074
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 529 chars
~~ json message max len.......: 2145 chars
~~ json message avg len.......: 1336 chars
Powered by cgit, Themed by Ted Yin.