aboutsummaryrefslogtreecommitdiff
path: root/test/results/dtls2.pcap.out
blob: 9be2f2559d7a0f19492006ff7962683e6f143445 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

00473{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dtls2.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00485{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00501{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":748597,"pkt_caplen":123,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":123,"pkt_l4_len":89,"pkt":"AAAAjZtQSEb7zh73CABFAABta10AAD8Ruf09RG6Z1CDWJ8818BEAWUhKFv7\/AAAAAAAAAAAARAEAADgAAAAAAAAAOP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAAAAQADUALwAFAAQACgD7APwA\/QEA"}
00768{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1507911659748,"flow_last_seen":0,"flow_min_l4_payload_len":81,"flow_max_l4_payload_len":81,"flow_tot_l4_payload_len":81,"flow_avg_l4_payload_len":81,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00474{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":964622,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"pkt":"AAAAjZtQSEb7zh73CABFAABYGTZAAHIRmTnUINYnPURumfARzzUARCmdFv7\/AAAAAAAAAAAALwMAACMAAAAAAAAAI\/7\/IGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UG"}
00547{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911659,"pkt_ts_usec":975796,"pkt_caplen":155,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":155,"pkt_l4_len":121,"pkt":"AAAAjZtQSEb7zh73CABFAACN5wIAAD8RPjg9RG6Z1CDWJ8818BEAeRSaFv7\/AAAAAAAAAAEAZAEAAFgAAQAAAAAAWP7\/xZOd2weR7n4d5xLXjiJT803Vm2GyIJyqcktro0p9KtUAIGQQTc4aUtGjb8ohVEQdgum4T0i11AHiQi9xw2nai\/UGABAANQAvAAUABAAKAPsA\/AD9AQA="}
01511{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":332250,"pkt_caplen":867,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":867,"pkt_l4_len":833,"pkt":"AAAAjZtQSEb7zh73CABFAANVIjBAAHIRjULUINYnPURumfARzzUDQdzuFv7\/AAAAAAAAAAEAMgIAACYAAQAAAAAAJv7\/QPrINelLG7enELoywMmLfG2olv7VWJxKvMqptASfoUAAADUAFv7\/AAAAAAAAAAIC1AsAAsgAAgAAAAACyAACxQACwjCCAr4wggGmAgkA3\/IIOdDHPtUwDQYJKoZIhvcNAQEFBQAwDTELMAkGA1UEBhMCVVMwHhcNMTQwOTEyMjEzMTE5WhcNMzcwMjE1MjEzMTE5WjA1MQswCQYDVQQGEwJVUzEmMCQGA1UEAwwdKi5yZWxheS5yb3Mucm9ja3N0YXJnYW1lcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUbKLr0+0\/DzZUkhdQPAIUSf6vOnkd3vz7LMzwfaRy4xYymZYxZ\/q5Ed6EaW6JqCZ\/oLLe25NsTXHmZDJ9bcDe9YOclIL+6LY6GeN4pfa6Hz+jx2zbKLHveils\/9ARmlq7hem2J4bSrsrAmxBAUMu5I64ihzl5jm9DYyKyUFW51pWgePj0eF8P9dMIaB69GlwcMK1R94D2eXFYtOo55DIY4k+tZnErrkNmE6s9MT8hstIKuhDP9Q4XPojoGCcUNCKm6tzoPU2WN3aKCtbekibukMkhDb6jPcXz5o9twDMuJ3vVS\/f9U54Gdx5927EWXG44Ptt7M7QKZ1DQXEVYwHoBAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGsDUuhvkBDEsohQGctVpkQYC+VB2RYrWcOG\/BuAnJAchnyGe0vUHkNpCOa1W7QJTxyQmEZgVIJXyBvl2SlD8vRwY8YZYq5ScMlHbwx6IOdYiakctDm6\/hphAz0AMeZ9ER6pMQ1b0SbrLR4SfATQmDBiycNsSO9IQH\/tWD+h7XnpYN3d6I\/deTbmPTX+BS4Ni+JKX\/\/0TDJl1LB3dzdPXVthq9rivdIMTX6GB4FfVrCPzwTueYvVVKiMK1NeQNIsIbiOhX5\/j2p5slNKg8\/0rIFgR1N+GWp975Q9KJiE\/k45+fuMu2uWIiauD7DpNeE9cFNSPZZkeJxPz8ZTFCj+\/Y4W\/v8AAAAAAAAAAwAMDgAAAAADAAAAAAAA"}
00997{"flow_event_id":6,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_first_seen":1507911659748,"flow_last_seen":1507911660332,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":1079,"flow_avg_l4_payload_len":269,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","ndpi": {"flow_risk": {"8":"Weak TLS cipher","15":"TLS (probably) not carrying HTTPS","24":"SNI TLS extension was missing"},"proto":"DTLS","breed":"Safe","category":"Web"},"tls": {"version":"DTLSv1.0","client_requested_server_name":"","ja3":"1b45c913a0c0fde5f263502e65999485","ja3s":"749bd1edea60396ffaa65213b7971718","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_256_CBC_SHA","issuerDN":"C=US","issuerDN":"C=US, CN=*.relay.ros.rockstargames.com","fingerprint":"AB:59:0E:11:EC:94:4D:D5:D3:40:7E:6E:3B:8B:6A:19:CA:B7:85:2C"}}
00782{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":353093,"pkt_caplen":325,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":325,"pkt_l4_len":291,"pkt":"AAAAjZtQSEb7zh73CABFAAE3XSMAAD8Rx209RG6Z1CDWJ8818BEBI325Fv7\/AAAAAAAAAAIBDhAAAQIAAgAAAAABAgEAoPXajyskrpyHTkXbJ8FmL57PBfY\/1TaYT0bzW3Kr\/EpwtXdjHcT+pbN8fPukJ\/mC77+vYOpZWDwhv6Nx\/DWp4Jvn+yqgQnC64Z\/WXIsAN1uH\/RV8WJNBQO\/19cBEfleSZaqoNGsu62Istna8HtfGBMBOW62\/qT4k\/3jE7EIn98BOINebIKb+ueGO2MzhHcT6EOkstFNcsc5W14JWO6dIoA0xAoGASDLKiRftqqbK+uNDPzk7xqyION59r88L7bnvJSephUmgMk9aDR6JDm0Euq5IRA2K\/nrTo7X4CfxJ3dHmr2zBkzimXJBaPSUeHK+7lDt96ihQtzG744bK2Rmtmg=="}
00516{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":355159,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AAAAjZtQSEb7zh73CABFAAB3Y5MAAD8Rwb09RG6Z1CDWJ8818BEAY5VMFP7\/AAAAAAAAAAMAAQEW\/v8AAQAAAAAAAABAmdae2R4Wrb+V6WhwK9Dq82JRkPRlJ1zLvMeBmyoW80TVchkoOoZ+xT5QgxIMaEuKJqU6++RTeS7q5JEifcpBVA=="}
00518{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":573420,"pkt_caplen":133,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":133,"pkt_l4_len":99,"pkt":"AAAAjZtQSEb7zh73CABFAAB3JpZAAHIRi7rUINYnPURumfARzzUAY7OjFP7\/AAAAAAAAAAQAAQEW\/v8AAQAAAAAAAABAmirY+WsSvTJjrUcGUksCxxC8bx15KwpJKDfXIxtf9hmYnH4fzWhB+IyZOZGqLOiHa\/\/TRA60JKjrE2I17tux7A=="}
00543{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":761893,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJjgMAAD8Rlzs9RG6Z1CDWJ8818BEAdW4SF\/7\/AAEAAAAAAAEAYGco+WgcL2DPNPnhlgoMZwrSE8MTeiXqPq9XZxgtyKrBYm+\/zP2ZCkQpYxfy4zJy2isF8x9fFs4gl4iAXi3TxoPj8gjRdySunAomOULrgtGlSf864pkw9\/Am74tsKd6QFg=="}
00498{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911660,"pkt_ts_usec":977431,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AAAAjZtQSEb7zh73CABFAABpH49AAHIRks\/UINYnPURumfARzzUAVcffF\/7\/AAEAAAAAAAEAQMi9I0ORr8tjcarcObyWfy\/EwJmHxffcONlKeaTbaeqNRRJMS6swESzF5HUChjXiu9uAJ7oG0F8OqI99YDaTy7Q="}
00543{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911666,"pkt_ts_usec":87586,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJSplAAHIRZ6XUINYnPURumfARzzUAdaBAF\/7\/AAEAAAAAAAIAYDeAbQi8gXYZJqiUpX0kkD82LOrGvMis9SW24YWvREZXMV7+bRauuHB6ZnaZKMuYGAFdsfaF7hKZN9w64y5nS25zckcrOw+\/YT55oAmro8CqfuJvgKwzBwwD3KQAjzjk0w=="}
00546{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911676,"pkt_ts_usec":21244,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJPlUAAD8R5uk9RG6Z1CDWJ8818BEAdQySF\/7\/AAEAAAAAAAIAYKJZQxQZCia5IIs3PGk4S2GIYJMhujnVmdb20Wj\/cfqCND2M3zASH4XZ+TA9v9VsO2hOuDg8RGnQMhz\/\/mXUmgJfFMejm6p1Ey4jT\/edZ7v9FfJejIaTLW877SoM2HJH8w=="}
00499{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911676,"pkt_ts_usec":236712,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AAAAjZtQSEb7zh73CABFAABpRE1AAHIRbhHUINYnPURumfARzzUAVXupF\/7\/AAEAAAAAAAMAQOxiXeILwFhz3FlnMNOzbRGp\/O07nRqIJnDwyBbfBcmTabMA18FdIrtMd7k3FNHJwgTKyTI52ElvHxHYdN3xesg="}
00546{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911691,"pkt_ts_usec":269254,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJ8X0AAD8RM8E9RG6Z1CDWJ8818BEAdfPJF\/7\/AAEAAAAAAAMAYBsxJbxcmazMF1yZgVTjATb6Zon2xvveF2DtWggeNJLukjO4pdn+D\/5eRo12Wd7\/4LZ3qt\/WbDF9H1pWcnP1HjOf9Qg27QHN1pgBe8RKEE74PJevpF0HOEG9Oj0Qqtc73g=="}
00498{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911691,"pkt_ts_usec":484678,"pkt_caplen":119,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":119,"pkt_l4_len":85,"pkt":"AAAAjZtQSEb7zh73CABFAABpFWtAAHIRnPPUINYnPURumfARzzUAVb+bF\/7\/AAEAAAAAAAQAQEAOtAoAQz3o001yodc3wtrR1khwhq9qQtJWfE5XJAcqfJdAJLX8pS9nHegbomNdxzflcV6TIhGRgTVvDEGTAX0="}
00546{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"dtls2.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1507911706,"pkt_ts_usec":647553,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":151,"pkt_l4_len":117,"pkt":"AAAAjZtQSEb7zh73CABFAACJ2GUAAD8RTNk9RG6Z1CDWJ8818BEAdWojF\/7\/AAEAAAAAAAQAYPlR045oqJCgSMh7ALVP58tRoxRJJZfJelm4LrwIvz5OUnOverhJu\/z67oZASGIM5zE03Z8YpZZX+V95itxyIN8Rawc56lHbJd\/wSy1wkJnsupWPJbKTGAml7J4a\/LW8KA=="}
00504{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":30,"flow_first_seen":1507911659748,"flow_last_seen":1507912041896,"flow_min_l4_payload_len":60,"flow_max_l4_payload_len":825,"flow_tot_l4_payload_len":3731,"flow_avg_l4_payload_len":124,"midstream":0,"l3_proto":"ip4","src_ip":"61.68.110.153","dst_ip":"212.32.214.39","src_port":53045,"dst_port":61457,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":15}
00125{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":30,"source":"dtls2.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 30/30
~~ skipped flows.............: 0
~~ total layer4 data length..: 3971 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4820989 bytes
~~ total memory freed........: 4820989 bytes
~~ total allocations/frees...: 58390/58390
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Powered by cgit, Themed by Ted Yin.