1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
00474{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"s7comm.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"idle-scan-period":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":30000,"udp-max-idle-time":180000,"tcp-max-idle-time":7440000,"tcp-max-post-end-flow-time":120000,"max-packets-per-flow-to-send":15,"max-packets-per-flow-to-process":255}
00481{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1408528803880,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00437{"flow_id":1,"flow_packet_id":1,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":880679,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"ABsbI+s7kOa6hF5BCABFAAA+LUtAAIAGAADAqAEKwKgBKBBZAGaQRN2iAAL7EFAY+vCDswAAAwAAFhHgAAAABwDBAgEAwgIBAsABCg=="}
00515{"flow_event_id":5,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_first_seen":1408528803880,"flow_last_seen":0,"flow_min_l4_payload_len":22,"flow_max_l4_payload_len":22,"flow_tot_l4_payload_len":22,"flow_avg_l4_payload_len":22,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","ndpi": {"proto":"s7comm","breed":"Acceptable","category":"Network"}}
00437{"flow_id":1,"flow_packet_id":2,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":884414,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"pkt":"kOa6hF5BABsbI+s7CABFAAA+AM4AAB4GGGrAqAEowKgBCgBmEFkAAvsQkETduFAYEAAGowAAAwAAFhHQAAcAAwDAAQrBAgEAwgIBAg=="}
00441{"flow_id":1,"flow_packet_id":3,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":884562,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"pkt":"ABsbI+s7kOa6hF5BCABFAABBLUxAAIAGAADAqAEKwKgBKBBZAGaQRN24AAL7JlAY+tqDtgAAAwAAGQLwgDIBAAACAAAIAADwAAABAAEB4A=="}
00441{"flow_id":1,"flow_packet_id":4,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":887528,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"pkt":"kOa6hF5BABsbI+s7CABFAABDAM8AAB4GGGTAqAEowKgBCgBmEFkAAvsmkETd0VAYEAAeAAAAAwAAGwLwgDIDAAACAAAIAAAAAPAAAAEAAQDw"}
00417{"flow_id":1,"flow_packet_id":5,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":887617,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLU1AAIAGAADAqAEKwKgBKBBZAGaQRN3RAAL7QVAY+r+DpAAAAwAABwLwAA=="}
00449{"flow_id":1,"flow_packet_id":6,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":887683,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"ABsbI+s7kOa6hF5BCABFAABJLU5AAIAGAADAqAEKwKgBKBBZAGaQRN3YAAL7QVAY+r+DvgAAAwAAIQLwgDIHAAADAAAIAAgAARIEEUQBAP8JAAQBMgAE"}
00517{"flow_id":1,"flow_packet_id":7,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":894509,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"kOa6hF5BABsbI+s7CABFAAB5ANAAAB4GGC3AqAEowKgBCgBmEFkAAvtBkETd+VAYEAACRQAAAwAAUQLwgDIHAAADAAAMADQAARIIEoQBAQAAAAD\/CQAwATIABAAoAAEABAABAAAAAQACAAAAAFZWvASj1RQACXICAAAAAAAAAAAAAAAAAAAA"}
00417{"flow_id":1,"flow_packet_id":8,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":894610,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLU9AAIAGAADAqAEKwKgBKBBZAGaQRN35AAL7klAY+m6DpAAAAwAABwLwAA=="}
00449{"flow_id":1,"flow_packet_id":9,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":899252,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"ABsbI+s7kOa6hF5BCABFAABJLVBAAIAGAADAqAEKwKgBKBBZAGaQRN4AAAL7klAY+m6DvgAAAwAAIQLwgDIHAAAEAAAIAAgAARIEEUQBAP8JAAQBMgAC"}
00519{"flow_id":1,"flow_packet_id":10,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":903498,"pkt_caplen":135,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":135,"pkt_l4_len":101,"pkt":"kOa6hF5BABsbI+s7CABFAAB5ANEAAB4GGCzAqAEowKgBCgBmEFkAAvuSkETeIVAYEACdkgAAAwAAUQLwgDIHAAAEAAAMADQAARIIEoQBAQAAAAD\/CQAwATIAAgAoAAEAAgAAAAAAAAAOAAAAAAYBCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00419{"flow_id":1,"flow_packet_id":11,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":903637,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLVFAAIAGAADAqAEKwKgBKBBZAGaQRN4hAAL741AY+h2DpAAAAwAABwLwAA=="}
00451{"flow_id":1,"flow_packet_id":12,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":904205,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"ABsbI+s7kOa6hF5BCABFAABJLVJAAIAGAADAqAEKwKgBKBBZAGaQRN4oAAL741AY+h2DvgAAAwAAIQLwgDIHAAAFAAAIAAgAARIEEUQBAP8JAAQAEwAA"}
00708{"flow_id":1,"flow_packet_id":13,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":910535,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":275,"pkt_l4_len":241,"pkt":"kOa6hF5BABsbI+s7CABFAAEFANIAAB4GF5\/AqAEowKgBCgBmEFkAAvvjkETeSVAYEADS7gAAAwAA3QLwgDIHAAAFAAAMAMAAARIIEoQBAQAAAAD\/CQC8ABMAAAAkAAUAAQABAAMAAAARAAAAAwAAAAABYAAAAAAAAAAAAAAAAAAAAAAAAgABAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwACAAIAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAATKgAAAAAABAACAIAAAAACAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAABQACAAAFAAACAAAAAAAAAAAAAAAAAAAAAAUAAAAAIAAAAAA="}
00419{"flow_id":1,"flow_packet_id":14,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":14,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":910642,"pkt_caplen":61,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":61,"pkt_l4_len":27,"pkt":"ABsbI+s7kOa6hF5BCABFAAAvLVNAAIAGAADAqAEKwKgBKBBZAGaQRN5JAAL8wFAY+UCDpAAAAwAABwLwAA=="}
00451{"flow_id":1,"flow_packet_id":15,"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"s7comm.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_ts_sec":1408528803,"pkt_ts_usec":910913,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"pkt":"ABsbI+s7kOa6hF5BCABFAABJLVRAAIAGAADAqAEKwKgBKBBZAGaQRN5QAAL8wFAY+UCDvgAAAwAAIQLwgDIHAAAGAAAIAAgAARIEEUQBAP8JAAQBMQAE"}
00498{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":55,"flow_first_seen":1408528803880,"flow_last_seen":1408528804016,"flow_min_l4_payload_len":7,"flow_max_l4_payload_len":247,"flow_tot_l4_payload_len":2290,"flow_avg_l4_payload_len":41,"midstream":1,"l3_proto":"ip4","src_ip":"192.168.1.10","dst_ip":"192.168.1.40","src_port":4185,"dst_port":102,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":15}
00126{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":55,"source":"s7comm.pcap","alias":"nDPId-test"}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 55/55
~~ skipped flows.............: 0
~~ total layer4 data length..: 3390 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4821670 bytes
~~ total memory freed........: 4821670 bytes
~~ total allocations/frees...: 58413/58413
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|