summaryrefslogtreecommitdiff
path: root/test/results/rsh-syslog-false-positive.pcap.out
blob: 53c25fd19f75d25ec7c217e00908e164630d75a8 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

00505{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":3265032704,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00568{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":2,"global_ts_usec":1464076252936094}
00777{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3}
00847{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":292,"pkt_l4_len":272,"thread_ts_usec":1464076252936094,"pkt":"RQABJL4eQAA8Bq0urB9OgawdK8kjTwICdUbR1TedTUKAGABzPQsAAAEBCAoozL9YkELf7TwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NTErMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCg=="}
00883{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076252936094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":240,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":240,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076252936094,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
01583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1464076252948094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":844,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":844,"pkt_l4_len":824,"thread_ts_usec":1464076252948094,"pkt":"RQADTL4fQAA8BqsFrB9OgawdK8kjTwICdUbSxTedTUKAGABzuVAAAAEBCAoozL9lkELg+DwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0NzUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTI2NDgxKzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NCBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45MjY0ODYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ0IFNFQVJDSCBSRVNVTFQgdGFnPTEwMSBlcnI9MCBuZW50cmllcz0xIHRleHQ9Cg=="}
00859{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1464076252968094,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"pkt_oversize":false,"pkt_caplen":303,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":20,"pkt_len":303,"pkt_l4_len":283,"thread_ts_usec":1464076252968094,"pkt":"RQABL74gQAA8Bq0hrB9OgawdK8kjTwICdUbV3TedTUKAGABzb+4AAAEBCAoozL94kELhBTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45NTc4OTUrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ1IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIK"}
00254{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"packet_id":6,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1084,"global_ts_usec":1464076253006101}
01640{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1010,"pkt_l4_len":0,"thread_ts_usec":1464076252992093,"pkt":"RQAEPL4jQAA8BqoRrB9OgawdK8kjTwICdUbbRzedTUKAGABzdzIAAAEBCAoozL+dkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5MjgrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYmFzZT0ib3U9cGVvcGxlLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYodWlkPXRvb2xib3gpKG9iamVjdENsYXNzPXBvc2l4QWNjb3VudCkoJih1aWROdW1iZXI9KikoISh1aWROdW1iZXI9MCkpKSkiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NDMrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ3IFNSQ0ggYXR0cj1vYmplY3RDbGFzcyB1aWQgdXNlclBhc3N3b3JkIHVpZE51bWJlciBnaWROdW1iZXIgZ2Vjb3MgaG9tZURpcmVjdG9yeSBsb2dpblNoZWxsIGtyYlByaW5jaXBhbE5hbWUgY24gbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcCBzaGFkb3dMYXN0Q2hhbmdlIHNoYWRvd01pbiBzaGFkb3dNYXggc2hhZG93V2FybmluZyBzaGFkb3dJbmFjdGl2ZSBzaGFkb3dFeHBpcmUgc2hhZG93RmxhZyBrcmJMYXN0UHdkQ2hhbmdlIGtyYlBhc3N3b3JkRXhwaXJhdGlvbiBwd2RBdHRyaWJ1dGUgYXV0aG9yaXplZFNlcnZpY2UgYWNjb3VudEV4cGlyZXMgdXNlckFjY291bnRDb250cm9sIG5zQWNjb3VudExvY2sgaG9zdCBsb2dpbkRpc2FibGVkIGxvZ2luRXhwaXJhdGlvblRpbWUgbG9naW5BbGxvd2VkVGltZU1hcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTg3OTQ5KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00NyBFTlRSWSBkbj0idWlkPXRvb2xib3gsb3U9YWMtYWl4LW1hcnNlaWxsZSxvdT1pbnRlcm5lLG91PXBlb3BsZSxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiCjwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45ODc5NTMrMDI6MDAgbGRhcDAxIHNsYXA="}
00254{"error_event_id":15,"error_event_name":"Captured packet size is smaller than expected packet size","datalink":12,"packet_id":7,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","size":1010,"expected":1400,"global_ts_usec":1464076253008101}
01640{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1010,"pkt_type":2048,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1010,"pkt_l4_len":0,"thread_ts_usec":1464076253006101,"pkt":"RQAFeL4kQAA8BqjUrB9OgawdK8kjTwICdUbfTzedTUKAEABzI2UAAAEBCAoozL+fkELhMTwxNjc+MjAxNi0wNS0yNFQwOTo1MDo1Mi45OTYwNzYrMDI6MDAgbGRhcDAxIHNsYXBkWzM0NTM0XTogY29ubj0xMTU5MDIzIG9wPTQ4IFNSQ0ggYmFzZT0ib3U9Z3JvdXBlcyxkYz1pbixkYz1waG0sZGM9ZWR1Y2F0aW9uLGRjPWdvdXYsZGM9ZnIiIHNjb3BlPTIgZGVyZWY9MCBmaWx0ZXI9IigmKG1lbWJlclVpZD10b29sYm94KShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjA5MSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU1JDSCBhdHRyPW9iamVjdENsYXNzIGNuIHVzZXJQYXNzd29yZCBnaWROdW1iZXIgbW9kaWZ5VGltZXN0YW1wIG1vZGlmeVRpbWVzdGFtcAo8MTY3PjIwMTYtMDUtMjRUMDk6NTA6NTIuOTk2MDk2KzAyOjAwIGxkYXAwMSBzbGFwZFszNDUzNF06IGNvbm49MTE1OTAyMyBvcD00OCBFTlRSWSBkbj0iY249aW50c2lyLWFkbWlucyxvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIKPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NjEwMSswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDggU0VBUkNIIFJFU1VMVCB0YWc9MTAxIGVycj0wIG5lbnRyaWVzPTEgdGV4dD0KPDE2Nz4yMDE2LTA1LTI0VDA5OjUwOjUyLjk5NzMzMCswMjowMCBsZGFwMDEgc2xhcGRbMzQ1MzRdOiBjb25uPTExNTkwMjMgb3A9NDkgU1JDSCBiYXNlPSJvdT1ncm91cGVzLGRjPWluLGRjPXBobSxkYz1lZHVjYXRpb24sZGM9Z291dixkYz1mciIgc2NvcGU9MiBkZXJlZj0wIGZpbHRlcj0iKCYoZ2lkTnVtYmVyPTYwMDAxKShvYmplY3RDbGFzcz1wb3NpeEdyb3VwKShjbj0qKSgmKGdpZE51bWJlcj0qKSghKGdpZE51bWJlcj0wKSkpKSIKPDE2Nz4yMDE2LTA1LTI0VDA5OjU="}
00924{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":8,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":8,"flow_dst_packets_processed":0,"flow_first_seen":1464076252936094,"flow_src_last_pkt_time":1464076253018101,"flow_dst_last_pkt_time":1464076252936094,"flow_idle_time":3285032704,"flow_src_min_l4_payload_len":240,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":958,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":4939,"flow_dst_tot_l4_payload_len":0,"midstream":1,"thread_ts_usec":1464076253018101,"l3_proto":"ip4","src_ip":"172.31.78.129","dst_ip":"172.29.43.201","src_port":9039,"dst_port":514,"l4_proto":"tcp","flow_datalink":12,"flow_max_packets":3,"ndpi": {"confidence": {"6":"DPI"},"proto":"Syslog","proto_id":"17","encrypted":0,"breed":"Acceptable","category_id":18,"category":"System"}}
00574{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":8,"source":"rsh-syslog-false-positive.pcap","alias":"nDPId-test","packets-captured":8,"packets-processed":8,"total-skipped-flows":0,"total-l4-payload-len":4939,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"total-events-serialized":13,"global_ts_usec":1464076253018101}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 8/8
~~ skipped flows.............: 0
~~ total layer4 data length..: 4939 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6035873 bytes
~~ total memory freed........: 6035873 bytes
~~ total allocations/frees...: 121495/121495
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 259 chars
~~ json string max len.......: 1645 chars
~~ json string avg len.......: 951 chars
Powered by cgit, Themed by Ted Yin.