1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
00444{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"selfsigned.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255}
00545{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1588921646472,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"ts_msec":1588921646472,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubiYAAAAAsAL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4AAAAAAQCAAA="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":68,"pkt_l4_len":44,"ts_msec":1588921646472,"pkt":"AgAAAEUAAEAAAEAAQAYAAH8AAAF\/AAABC7nJlxL1FVDN7m4nsBL\/\/\/40AAACBD\/YAQMDBQEBCAoTf8z4E3\/M+AQCAAA="}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1588921646472,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":56,"pkt_l4_len":32,"ts_msec":1588921646472,"pkt":"AgAAAEUAADQAAEAAQAYAAH8AAAF\/AAAByZcLuc3ubicS9RVRgBAx1\/4oAAABAQgKE3\/M+BN\/zPg="}
00828{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":5,"flow_first_seen":1588921646472,"flow_last_seen":1588921646479,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":103,"midstream":0,"ts_msec":1588921646479,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01120{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":7,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":7,"flow_first_seen":1588921646472,"flow_last_seen":1588921646482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":1874,"flow_avg_l4_payload_len":267,"midstream":0,"ts_msec":1588921646482,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port","6":"Self-signed Certificate","9":"TLS Expired Certificate"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"localhost","ja3":"2a26b1a62e40d25d4de3babc9d532f30","ja3s":"0debd3853f330c574b05e0b6d882dc27","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=IT, ST=Some-State, O=ntop.org","subjectDN":"C=IT, ST=Some-State, O=ntop.org","alpn":"h2,http\/1.1","fingerprint":"AF:CC:98:49:F2:00:0E:05:21:18:6C:77:5F:2A:CF:10:44:6E:D8:8B"}}
00555{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":20,"flow_first_seen":1588921646472,"flow_last_seen":1588921646517,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1357,"flow_tot_l4_payload_len":2634,"flow_avg_l4_payload_len":131,"midstream":0,"ts_msec":1588921646517,"l3_proto":"ip4","src_ip":"127.0.0.1","dst_ip":"127.0.0.1","src_port":51607,"dst_port":3001,"l4_proto":"tcp","flow_datalink":0,"flow_max_packets":3}
00158{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":20,"source":"selfsigned.pcap","alias":"nDPId-test","total-events-serialized":9}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 20/20
~~ skipped flows.............: 0
~~ total layer4 data length..: 2634 bytes
~~ total detected protocols..: 1
~~ total active/idle flows...: 1/1
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4607261 bytes
~~ total memory freed........: 4607261 bytes
~~ total allocations/frees...: 99579/99579
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 163 chars
~~ json string max len.......: 1125 chars
~~ json string avg len.......: 687 chars
|