1
2
3
4
5
|
flow_datalink,l3_proto,src_ip,dst_ip,l4_proto,src_port,dst_port,flow_state,flow_src_packets_processed,flow_dst_packets_processed,flow_first_seen,flow_src_last_pkt_time,flow_dst_last_pkt_time,flow_src_min_l4_payload_len,flow_dst_min_l4_payload_len,flow_src_max_l4_payload_len,flow_dst_max_l4_payload_len,flow_src_tot_l4_payload_len,flow_dst_tot_l4_payload_len,midstream,iat_min,iat_avg,iat_max,iat_stddev,iat_var,iat_ent,iat_data,pktlen_min,pktlen_avg,pktlen_max,pktlen_stddev,pktlen_var,pktlen_ent,pktlen_data,bins_c_to_s,bins_s_to_c,directions,entropies,proto,proto_id,encrypted,breed,category,confidence_id,confidence,risks
1,ip4,192.168.12.67,91.108.9.106,udp,39968,1400,finished,16,16,1731946740900337,1731946742240391,1731946742264226,28,0,652,262,2187,1616,0,16,87224.0,633159,149549.7,22365106176.0,3.7,"24417,29543,32319,633159,629027,42410,122559,119596,598,39836,5432,31550,39459,41743,145493,160620,48042,92354,8570,65269,259,740,20867,96277,16,115515,8212,23549,57925,62023,6564",56,146.8,680,107.0,11452.5,4.8,"56,120,152,120,156,88,160,144,164,680,88,128,96,128,96,128,113,128,96,121,85,101,237,96,113,97,97,149,233,150,290,89","1,1,4,5,3,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,3,8,3,0,0,1,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,1,0,0,1,1,0,1,0,0,1,0,1,1,0,0,0,1,1,1,0,0,1,0,1,1","4.913536072,5.661914349,5.691276073,5.811409950,5.775809288,5.890800476,5.700669765,6.030949116,5.619874954,6.564280987,5.876651764,5.513857365,5.750529289,5.348012447,5.693135738,5.423637390,5.816064358,5.438713074,5.755635738,5.886013985,5.239210606,5.547117710,6.841757298,5.747772217,5.880180359,5.484240055,5.412352562,6.492302418,6.848128319,6.536720753,7.179809093,5.907988548",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,"5"
1,ip4,192.168.12.67,91.108.9.10,udp,44275,597,finished,17,15,1731946740900678,1731946742884971,1731946742282512,40,0,596,572,2244,1980,0,14,108584.7,699013,167856.0,28175654912.0,3.8,"24109,514616,513574,39727,22986,13781,37194,83729,46829,52455,14,53768,48207,41858,1057,8095,49415,47864,10095,16084,39354,38883,30006,122690,10118,52835,64016,152216,227281,304258,699013",68,160.0,624,120.1,14426.0,4.7,"68,92,68,92,148,148,116,148,116,148,148,116,116,148,116,148,116,148,148,116,212,116,116,600,624,136,148,176,116,148,116,148","0,2,4,9,1,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,0,9,4,0,1,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0","0,1,0,1,0,1,0,0,1,0,1,1,0,1,0,0,1,0,1,0,1,1,1,1,0,0,0,0,1,0,1,0","4.577797413,4.748074055,4.607209206,4.748074055,5.694154263,5.810202122,6.027616024,5.680641174,6.109596729,5.712939739,5.761246204,6.075114250,6.113822937,5.800000191,5.975891590,5.714293957,6.040631294,5.770136356,5.805100918,5.986625671,5.246948719,6.120330334,6.185070038,6.758100033,7.452787399,6.081599236,5.751521587,6.406444550,6.081621647,5.729595184,6.178562164,5.738008499",STUN.TelegramVoip,78.355,0,Acceptable,VoIP,6,DPI,""
timestamp,json_lines,json_bytes,flow_src_total_bytes,flow_dst_total_bytes,flow_new_count,flow_end_count,flow_idle_count,flow_update_count,flow_analyse_count,flow_guessed_count,flow_detected_count,flow_detection_update_count,flow_not_detected_count,flow_risky_count,packet_count,packet_flow_count,init_count,reconnect_count,shutdown_count,status_count,error_unknown_datalink,error_unknown_l3_protocol,error_unsupported_datalink,error_packet_too_short,error_packet_type_unknown,error_packet_header_invalid,error_ip4_packet_too_short,error_ip4_size_smaller_than_header,error_ip4_l4_payload_detection,error_ip6_packet_too_short,error_ip6_size_smaller_than_header,error_ip6_l4_payload_detection,error_tcp_packet_too_short,error_udp_packet_too_short,error_capture_size_smaller_than_packet,error_max_flows_to_track,error_flow_memory_alloc,flow_state_info,flow_state_finished,flow_breed_safe_count,flow_breed_acceptable_count,flow_breed_fun_count,flow_breed_unsafe_count,flow_breed_potentially_dangerous_count,flow_breed_tracker_ads_count,flow_breed_dangerous_count,flow_breed_unrated_count,flow_breed_unknown_count,flow_category_unspecified_count,flow_category_media_count,flow_category_vpn_count,flow_category_email_count,flow_category_data_transfer_count,flow_category_web_count,flow_category_social_network_count,flow_category_download_count,flow_category_game_count,flow_category_chat_count,flow_category_voip_count,flow_category_database_count,flow_category_remote_access_count,flow_category_cloud_count,flow_category_network_count,flow_category_collaborative_count,flow_category_rpc_count,flow_category_streaming_count,flow_category_system_count,flow_category_software_update_count,flow_category_music_count,flow_category_video_count,flow_category_shopping_count,flow_category_productivity_count,flow_category_file_sharing_count,flow_category_conn_check_count,flow_category_iot_scada_count,flow_category_virt_assistant_count,flow_category_cybersecurity_count,flow_category_adult_content_count,flow_category_mining_count,flow_category_malware_count,flow_category_advertisment_count,flow_category_banned_site_count,flow_category_site_unavail_count,flow_category_allowed_site_count,flow_category_antimalware_count,flow_category_crypto_currency_count,flow_category_gambling_count,flow_category_unknown_count,flow_confidence_by_port,flow_confidence_dpi_partial,flow_confidence_dpi_partial_cache,flow_confidence_dpi_cache,flow_confidence_dpi,flow_confidence_nbpf,flow_confidence_by_ip,flow_confidence_dpi_aggressive,flow_confidence_custom_rule,flow_confidence_unknown,flow_severity_low,flow_severity_medium,flow_severity_high,flow_severity_severe,flow_severity_critical,flow_severity_emergency,flow_severity_unknown,flow_l3_ip4_count,flow_l3_ip6_count,flow_l3_other_count,flow_l4_tcp_count,flow_l4_udp_count,flow_l4_icmp_count,flow_l4_other_count,flow_active_count,flow_detected_count,flow_guessed_count,flow_not_detected_count,flow_risk_1_count,flow_risk_2_count,flow_risk_3_count,flow_risk_4_count,flow_risk_5_count,flow_risk_6_count,flow_risk_7_count,flow_risk_8_count,flow_risk_9_count,flow_risk_10_count,flow_risk_11_count,flow_risk_12_count,flow_risk_13_count,flow_risk_14_count,flow_risk_15_count,flow_risk_16_count,flow_risk_17_count,flow_risk_18_count,flow_risk_19_count,flow_risk_20_count,flow_risk_21_count,flow_risk_22_count,flow_risk_23_count,flow_risk_24_count,flow_risk_25_count,flow_risk_26_count,flow_risk_27_count,flow_risk_28_count,flow_risk_29_count,flow_risk_30_count,flow_risk_31_count,flow_risk_32_count,flow_risk_33_count,flow_risk_34_count,flow_risk_35_count,flow_risk_36_count,flow_risk_37_count,flow_risk_38_count,flow_risk_39_count,flow_risk_40_count,flow_risk_41_count,flow_risk_42_count,flow_risk_43_count,flow_risk_44_count,flow_risk_45_count,flow_risk_46_count,flow_risk_47_count,flow_risk_48_count,flow_risk_49_count,flow_risk_50_count,flow_risk_51_count,flow_risk_52_count,flow_risk_53_count,flow_risk_54_count,flow_risk_55_count,flow_risk_56_count,flow_risk_unknown_count
0,65,56081,49274,68741,8,0,8,0,2,0,8,6,0,3,0,30,1,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,4,0,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,3,0,0,0,0,5,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,8,0,0,0,0,0,2,6,0,0,0,0,0,7,1,0,0,8,0,0,8,8,0,0,0,0,0,0,0,6,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0
|