aboutsummaryrefslogtreecommitdiff
path: root/test/results/quic-v2-01.pcapng.out
blob: 969443e75c36e85a9c119c89977e7c8be8ee09f7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

00492{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"quic-v2-01.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00555{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1643108746209343}
00767{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643108746209343,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746209343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643108746209343,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
02166{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746209343,"flow_idle_time":200000000,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1643108746209343,"pkt":"CAAnfrFjCgAnAAAACABFAgUAYl5AAEAR4XTAqDgBwKg4xoW1EVsE7AiU1XCaUMQIcS7WREhCV\/wIS6wx1HkzRzIARMpgEngor+SP9cKuZZ790399gfWZ0vz0FxYf3xs2l5F+jOUhVUm0eAuyWRJBLQArRRvX1qo16xZ7zI8FmeYud7mt05kYcpsLS0CK5YUUgnCsMjxal9+nmWnSgnUmuD4YMiDaT6\/KWxcW3IdsDGvbq4FeykelUyMNsUCZYyDrZ6tsJBdjOLQQFa+vzk75NiOy5EmEJ6SPOLrba70kLVHmTVrPs01TngptArQ7FyxB2fdFSCA98+vX1vy+0dxofLlBkhde4Ecbnz9YOSqzBYGBTufEgJaDB4JmPJGKd1oAGP7HmhM5nY3WzYdZ5vvX8uiInd7bKxEse8tCV2SEo4DkcuQF861+wGMhMPWJ0aZB+JogqwR55Ko7mR6S6YESBAum9bWYFXEgpEt3H4x2FczwRrrcfA9q4zQBLi8fNbFCBDZugGFHVWEWeExGDJ5N9Vm5k+5RxA76cZBEl7Ri9SCuAvo\/SVHd23+Pk6NwInTw+pU1Xi8DrCOSBpDUPy9oc9sZ0k+WLrevXGals6+J\/S3cgvga0IDGpm4KD3fPl8Mx6m2dMLi6VSzIGZitxZfQbx3pwxbh36emZdZVyxAVPQ6KsKixf3p+65+SqFGSH5IsN0vmfHJCQ5QiTTFwj56WFnghOsO3etGKlaSytkaT4qe8ZRheiBZmOeYegDYef4+iV2ZwAJRhlZArgrSyARWB4JR9MQKmc2r6sdMQGQIXKHFtJtIM5FjupxjaypWAyo21FHg0Pr82Ajw494E3kZ9bG9LGZwvm63PaW\/uzgr9hBYDLBuOu03NTnICf+thHnuXyQPXQzzH+VGtF+WeahwU6RqIydmLAGdtWh3oSwaLxdHDfQwmjlW\/kGW3cZ7xq9lxGSvY5PtPXlIWQOD3GcHgAowz48DO3fyd57+xXqrOEqRzXgYSI3ZAmKCXukVrornbFLllIzBhH\/fmW4yoI8emKYYJEMPEB5t\/20YhBtskEtZn50ef3Us2nRO2IkEmxYNIujXPh5cEVi9z+SvL+onhjjikDdkg1OMOb88MXNKAesAdJ81Dsgw53s2aapp3YuCDR8S4XCpmT4SsXeUwHmkorOfoDi8HNdKXSHWdiNQFwhNWuRv2iwE0Re4wNzacPeolWV9z7vo1ftVC0KYCnypCGOk94YggW\/E6WhIwKFaCFDmbu5TtyVWbWhyxsyHOb8WF5IuDY+zaYH4gDcAnVNC52Db3S2zQuttNi9ommHQHIbwv08Dt6PNfw0EneP0D79tGO9Zuk9B3hxnt28Wwxy433MighVva9zw6tDCeZ1RDo18oMw7RULMTnD8fpyaAjL3Ey6ypEj71EoQQ9p3mk2Jcl4pyIGR5xObSAJplg0ySrcwng5AfFRHm6b4LeGixjGI5tyQotRY7JG0P9hGhbSGTVX0DDQO6ExXPZ8eJqibwqDJ\/HVwgD5t+iO0K0wK+hq8jpO6tPZIekBQAiyVsogudvq3UQlZrCfspM6V3NHLXwDaayGcQEX3J6ErEoEWjSNjgAtQ6o5rv2Wfe+ojGm0YSN+4lCRrNbW6P1KA4pFxW9G57DqCJXNQ\/Cs5Y2v5OhZJlL\/Q1v7E\/lFUki2gYOpi4+wx+16u0e+UbybJFsLwJD0tU\/1QYr6ZfcZ4ae3fIAMg=="}
01526{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1643108746209343,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746209343,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":1252,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1252,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":1252,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1643108746209343,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web","hostname":"","quic": {"tls": {"version":"TLSv1.3","ja3":"c0ce40fbb78cbf86a14e6a38b26d6ede","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"h3-34,hq-34,h3-33,hq-33,h3-32,hq-32,h3-31,hq-31,h3-29,hq-29,h3-30,hq-30,h3-28,hq-28,h3-27,hq-27,h3,hq-interop","tls_supported_versions":"TLSv1.3,TLSv1.3 (draft),TLSv1.3 (draft),TLSv1.3 (draft)"}}}}
02174{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746211563,"flow_idle_time":200000000,"pkt_caplen":1294,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1294,"pkt_l4_len":1260,"thread_ts_usec":1643108746211563,"pkt":"CgAnAAAACAAnfrFjCABFAgUAAoAAAEARgVPAqDjGwKg4ARFbhbUE7O7hnXCaUMQIS6wx1HkzRzII64iRQkuUIpwAQJyCVjJNuDCrTNqXXWMPn6Re4L7SYVwqGIQCQc\/4z9NyAaPCA1EjtACuJoZLCrSNpYRSybpCuKQ+WoUiUllNx92L2MPAGJw7utYFPv5OGHw1\/\/sWndgkLy8hp7pR69\/u09rZKcS+JfFwJmuIf\/ksSjGDUumn50Ay2Rd6o4XXl0HmsmbBIvWvgU6hASVdT4jxaoclAPsXX8CPP0up6Fe0cJpQxAhLrDHUeTNHMgjriJFCS5QinEQVHufFpgZs2aV6du2ZRQqQKDOjoGilHODVeRgnXJ5P7T\/zsZp32p1pLUsBPppTZZgXUGe0MYPRpYRLZP6S2YwCHKWU+l73n0JGtHauiFtNycThrlHgcsb8sk5tcvU6Y6ScYjaBJZo4SvzfNpo4yZWfBNk2UYHfihFbXoBagL8Ni3TJrQD045tOl+1YfuvN63veyZsQEZqEx0dBAmyVl+9xjvqkhzopKh+NpWRz5BIklAlUFmpNduMfQ3T20hAf9mJ3AOigASJmi6bsOzfT+fmMLLJFCGGvf7Vtj5E1FZRVn4fPJh6AHDI4r32EO9lBeOo\/bRxKO\/xtuNE4dXyQrhgsAmgYHZAjkPqRu\/l7804XDa5V8jNWzrthKJ47r2cSNRYsG+fH2fUAebN4YB+rihSsIZxpHY2QnwFGSwB6H7Skxg+Iph02BLynk+Iu8t78JbQQo03RTVad7a1H2K5yGJBnwMaDh8uWKRogMWzILW0GAvr6cB6rKtZvIB6iaFRtpW21wxF6FMiWghHWS2MMSMwh35jVZuDUmDisttokt9hNGZX0VcNuKmWidzlE8BvnwG5U\/lPWrVnAvZVmrZTmpKOyI5TR7nxh84GrxxCAx17MsDCnck39parnwVt\/QNJg4GreMjaXUUPTYWQryOwbG6s95MTEr3kfYLs4mW1uf0zDrci29F2sFu\/C\/HmqkFvZ0OOGC+62wGqGORW\/vlf01u6eGRup6wAte8fwWPF\/vwQLZV4\/zxpFUgF0tAqfKM3PO4Haxa9nHsPVZrUGZMlLFWcB4nBKG1NdoHQpFnsMhBc+wza2JrPisqt5PiVyJC6OvV\/cU7ww3Rc1ZbzC4jloEENrow5U5qEqSaBP1zNwYznCuMne7LwjmE8EnIma1wUrAiD9QtQZyRcWI2tpjtba1QsGHPmDL5TsbCiu5lRo6fKqxLAw32vAkyC76P1133lt7HXruzSBRhmkFpsQbeMtEt1sNBll1ZQMowIuN84gLLCcft+MTcp3i74\/r8i865o44mVqYEl+o8X\/pbSdpT9L6gLAevV9TpMYpr+mcHT0ieagX7Jnn35uw6zjOtQWRDf+XCisrr1nKY1EVNzop8RK6vKaPR4oivRBODylVd6kbG0JUHAnr0Ix4f91IhN0iE9wN0staG0WUiyWtw\/orMSuxqBfKKdgnMAvmqdZTtqpjXi4aDVPEGseUXFoRd2eIp1NKtyrFMTN8zew2FQfUM5ZPV+mLZOckS47BcCaj33vmjmNhp4PqOibtw4GGIkqKdtzvIDU5hpFJQe3oYXwcGYY3eEEzdtrD2Vx0tDP6Yxy6KvVsm5\/mMYXMhGZoUA1zlKEtVTTbazFot35oVX4ngIUMjLuaLnu+ZQA\/SsjZCeWQrKvnx2aQ0fMdg=="}
01455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746211597,"flow_idle_time":200000000,"pkt_caplen":766,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":766,"pkt_l4_len":732,"thread_ts_usec":1643108746211597,"pkt":"CgAnAAAACAAnfrFjCABFAgLwAoEAAEARg2LAqDjGwKg4ARFbhbUC3F+UvXCaUMQIS6wx1HkzRzII64iRQkuUIpxBBHClZrSkXwcilginpQcYrC6+gYqStd9rEPJAVa\/X+ectxL4RSmYFqLCVrwpVh1cagxhOComdCEfuthVLRVGijz0VZq73gJfVJDTIt9AqzDxtaVsVpsxn9nkBr8pmVajuM19igvEhLOOlSEyBeUeB0DFdaZHW2\/JO3NISTHIWsZrZsFMVLd9gHsuxJ1cw3ZhmXfOm4UQbO0gsJiSVP1hEVffenYC7rMaAhCUYN9+RJxV5yNtMPMGyD3sgFiZTkHnxcTLuuCOpBBBkbts\/gMCM9IZChkDacnOh2OF9\/ohY3MEFlrim9kn0Lkww\/L7utDiRt6G4nl7rnCzjkcY3xLHSfS\/UQGApX0usMdR5M0cyG4HtNIk9Hu3yusEW1qJhexs\/jd2MFqPbzXoJkoBqBRJp9qv7uPIeaJrkQv0lZW4FoaNVZAxaKV+W4vwOyfLLLUAqbD+eP0q2akwmVXy9Y8QV3RpHIAEJdYstRBWUkoiGbfH\/tn+FdXpRyxXFod1a\/iZeqISyuYA2sKP1DJjEFrTzbkdHxX2JNiQQ2tZ+ApMfsQ0Q3QHD6f2C+xRLtvPcLqXP7RxXsRrD38p085fQ2lzG5FGYGgbhRGLwEvS2xYmIc5SWcIMn4zDkXXhhptIlqESYssWwykAjHZI2+hUtqOdrCizJkWiDODkpCMdaXGRR20dzaKQXdlriwcHLV5d1GvkCwMjcqS+C3ysNw8ltkxZbJAw3X1KjTK669DDz0zSittHV41nQk4SLHBtK3xCfytcsQ2Woqekdb3A1Hgo2e8QMTF4S4OsVjiekXWM847U9xQtRGGBIxOeuuzZN2uX3hL9UxceXknbMIBuTtD1iz9sd5bcqUQJpjX4\/iuJ0SwzD3dHw3Uy0h7w+q864l4fPWvhkeXfYvfcT+Icqi6TMXyciH2pSvVxaT4WJf32OcA=="}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1643108746209343,"flow_dst_last_pkt_time":1643108746211682,"flow_idle_time":200000000,"pkt_caplen":1482,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1482,"pkt_l4_len":1448,"thread_ts_usec":1643108746211682,"pkt":"CgAnAAAACAAnfrFjCABFAgW8AoFAAEARQJbAqDjGwKg4ARFbhbUFqI0nEkusMdR5M0cyUpL4ZEfPztFtyLjmn2OmmoOFNihMWWsesMFw5n967LEm+U3F1uIrGZ0+nI8gtSwIGlvtB7ID4MWl0\/sKo6dJMBAeD57sxq0Oayabd1KlwiN10yh\/lQsJ0WOzzrm0LkCUF0ZMAUZMnLg8kuMWojNNQsvBrKLfU+tRhcnqu5dWR6dkognrfPhvriPMev8kvxSERNYITnmyr\/Vj0lQ3Lx1OSoUwuH9UikPayEFWeIlxL\/9mUctbH27V9V5RXXACqkFSDRHmyA9Af9PzcJsGp2goFLbS2skjjq5zwCxOPwp6R3z8pKzorOMrwrmv7WYussG\/efhBdnvWktRXUkzyT8N9JwgHNZ8\/jHQsQwNAccN3K+RA\/f+si+jq8d4RM+bG0Ab0FtBoQ5aFdS9\/ipxRMBwZ\/4S7jjeypdIPtYoSGM1ZSYwAxLp2kwjjJcewznycRPLgd0A1IRVhlVkO9l0U0wHgGXR\/D61+xhek5SxoxmrGJl1hjy5kr82WfEAAFXyrMq7BX6fBj8clHq84w6pQSauITzwo7DG9IrYKrVc4LiQ19RUaCWpailMJo1wcFqvDzRDvpeUZGB0QZBT70Lb9xmAs6Ol5T0NQKqa1oa8psf74AsTulLnaAgWGmNzjjQShJHej24o8PRfgHt78Xxv4rdGm1\/iXw77JnZvcVWyvrJTNa4I93FEy\/REJKgi\/7hcLUwqmNRzzyuojqjZLwx8sx+h2cxCJp40aaZycR4zh0tQE6nbWJ5wgso3oMhXgX\/1ZuMGzUkjWN1f7w\/ShlmtJPc2knxrMU9QtvoenM6ssQk+\/y+1cruKFuCZhw3iZYpWCRAPgLVAaY8Ee8Gr383OWR\/7ZHsOAqImgLnvJvmnAcix4d6u9irVP2yhJ6ROGdIqv1PornUwpbZ8ZTlMxxrHQA42+iQ5Mh32Q0IP9D3k8o7uZGcAkthNmWpQ5jq9bTQ3mfcR\/mTivMKEwNTjjC+sirvHBzwrOQiwehGRQHXDFk+aoCubcKx3FJGUbRMzNB87DV0ngV4Pbd55MDt6RDNulQu5AD\/BClZDPfBNrmcr4HGYeuyGnjx1hgj\/OMyZOI9ln6YnJrCsn6oVmrnqk44TG37ssa5Q4zvWr5Q5rzQNR3P9LAdMR3ZcyHZWKDCZl1cgg3Prk01pN2o+i9ik4qN3rPstzLqMkzOWWJRrT9QhoHnTTJt8c5opVY3+emW9zzYlRMJ55g5GYXwpGP9g34+a3U3VnEZJjnF9PO6bjwpxD9Wzz+6YiCiQfwmdXSCSs64quqrKE6rcS9PvrJTJlSOnloP+g2d3gYruYcFWT3cViWz8doO5GxOwTren5yAFY1kGBx6irxXH9fHonSiPc9RwdRG9GpGoU3s+AxvaAgFCxiHjvkBNFa1SeNZQk7TSTnxRDGMjbUBd4AgaCZEpNcBucB3YN\/50Mr9f6Bd1wkdvdth\/A8uXvnWT5kvfRarqRvG0+A2mhDu3pRM1Mtnn8pu7YCYktWSm1OLNAav0CC4fYZtyeCYfmf9BiWMrxjxCn5TYcBOojL5g2dOdoTEn7msrw4IQmwkRGeCp4c+VN9x4jfY4a8Zy2N1UQZnnrxZ5Q8icUtrSepZjGmrDjffnXobpxliaShUeHU2k8kNaL7calnulR0hb0oGOdxz4KiMhNsGkBYso2lSUqmEDbNVLSDWXRB0cLEv1digmlFgKRAQIDtZLAn+ibCCw09yMKIiYcVdAGIdy6j+\/9ZNpgXI5zYb0PqgcnzS4eBrBw6d0OWGIQDMMdZWKmBR43iOhEKKxl76O983KsCSYQkFRi8Y3nVn+9iWClnRpE+3KTZ\/DUCTGZspUZ\/GmuH9\/T+A6RqfbywI255m+xu3eTaeIkujWrOIf6iHv91LnDZ6C7L9hofo9MHE7URqWsGtKdzc+E"}
01022{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1643108746211954,"flow_dst_last_pkt_time":1643108746211682,"flow_idle_time":200000000,"pkt_caplen":445,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":445,"pkt_l4_len":411,"thread_ts_usec":1643108746211954,"pkt":"CAAnfrFjCgAnAAAACABFAgGvYl9AAEAR5MTAqDgBwKg4xoW1EVsBmz5ls3CaUMQI64iRQkuUIpwIS6wx1HkzRzJAQ9W7Qo8JSqPHu5UetgBZ+G+F+PNBvNHmDjU4Gty6wD1UyvH7nGF4pEBOgkeo5VeOuUKm8qL\/TNC9KBFGuniKENfZCSd864iRQkuUIpyjmHuMOysfEuZjeLyV094Drxz8MVPGVROrKsTAkjtE0yC5YY6ZSVNFNgp5kqs2Muf+s51bnbWzYymvTeQ\/zVrijJ+7w6DXN3d2fs6W92DMyFrpTroo1dyvVTh7S7XIndvXZXZXBzgFmkj6LEXFRxbjJOPzxeU3q2WKKXIokx0hMHAdGYeSukRR0vYtEC58yJOelKEBm9mkmgGPkCZFqL1tf0cZFNEWFcjBhTm91XlwiOBDc6EgdAbNKECsJJuUQ6YpwWe+0W1Pi1Euz9DqCxySb6O9SwApazl\/KWn1MLVUomm86efh3fd9n0wLg+O4XO6A4pJd37CGxQOV\/ZNhJ4Nq6CONXenojzzkTgLwyX2cl10T+pqO96dv\/Xv9+zq6yb1i9sGQOWqQEzCW14DOZw=="}
02352{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":9,"flow_dst_packets_processed":23,"flow_first_seen":1643108746209343,"flow_src_last_pkt_time":1643108746213653,"flow_dst_last_pkt_time":1643108746213782,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":55,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":3681,"flow_dst_tot_l4_payload_len":28445,"midstream":0,"thread_ts_usec":1643108746213782,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":3,"avg":282.2,"max":2611,"stddev":585.9,"var":343297.1,"ent":3.2,"data": [2220,34,85,2611,15,161,480,75,75,407,511,344,364,20,7,7,7,5,8,6,304,236,17,5,4,4,3,7,5,393,329]},"pktlen": {"min":83,"avg":1031.9,"max":1468,"stddev":592.8,"var":351417.0,"ent":4.7,"data": [1280,1280,752,1468,431,1468,211,83,83,467,83,83,211,1468,1468,1468,1468,1468,1468,1468,1468,83,1468,1468,1468,1468,1468,1468,1468,1468,83,1468]},"bins": {"c_to_s": [0,4,0,0,0,2,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,1,0,0],"s_to_c": [0,2,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,18,0,0]},"directions": [0,1,1,1,0,0,0,1,0,1,0,1,0,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,0,1],"entropies": [7.859164715,7.830483913,7.691216469,7.861833572,7.535028458,7.857851028,7.014661312,5.904921532,5.971303463,7.551024437,6.091784954,5.908110142,7.010611057,7.856127262,7.862607956,7.865868568,7.851809502,7.870316029,7.876718044,7.846899033,7.842083454,5.832632065,7.868857384,7.869379997,7.866369724,7.853280067,7.852721214,7.849537849,7.868902206,7.856405258,5.923110962,7.879580021]},"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
01206{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":923,"source":"quic-v2-01.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":34,"flow_dst_packets_processed":889,"flow_first_seen":1643108746209343,"flow_src_last_pkt_time":1643108746226518,"flow_dst_last_pkt_time":1643108746226632,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":44,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":1440,"flow_dst_max_l4_payload_len":1440,"flow_src_tot_l4_payload_len":5301,"flow_dst_tot_l4_payload_len":1267919,"midstream":0,"thread_ts_usec":1643108746226632,"l3_proto":"ip4","src_ip":"192.168.56.1","dst_ip":"192.168.56.198","src_port":34229,"dst_port":4443,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"24": {"risk":"Missing SNI TLS Extn","severity":"Medium","risk_score": {"total":300,"client":210,"server":90}}},"confidence": {"6":"DPI"},"proto":"QUIC","proto_id":"188","proto_by_ip":"Unknown","proto_by_ip_id":0,"encrypted":1,"breed":"Acceptable","category_id":5,"category":"Web"}}
00570{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":923,"source":"quic-v2-01.pcapng","alias":"nDPId-test","packets-captured":923,"packets-processed":923,"total-skipped-flows":0,"total-l4-payload-len":1273220,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":12,"global_ts_usec":1643108746226632}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 923/923
~~ skipped flows.............: 0
~~ total layer4 data length..: 1273220 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6448789 bytes
~~ total memory freed........: 6448789 bytes
~~ total allocations/frees...: 123380/123380
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 497 chars
~~ json string max len.......: 2431 chars
~~ json string avg len.......: 1458 chars
Powered by cgit, Themed by Ted Yin.