aboutsummaryrefslogtreecommitdiff
path: root/test/results/stun_extra_dissection/stun_dtls_rtp.pcapng.out
blob: 09fb155cd726307413c500a2a6b8e03792103b04 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

00585{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00809{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1669989925164266}
00804{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00690{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":158,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":158,"pkt_l4_len":124,"thread_ts_usec":1669989925164266,"pkt":"CL6sCxduJjb1W8R1CABFAACQVjZAAEARNZzAqAycjvpSTJRPS2kAfJZwAAEAYCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAkAARufx7\/AAgAFFXMCO6dEOYzzYk4Nclzw7fn\/+udgCgABEyaSoM="}
01123{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925164266,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":116,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":116,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1669989925164266,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
00668{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1669989925164266,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_usec":1669989925187720,"pkt":"Jjb1W8R1CL6sCxduCABFgACAAAAAACkR4mKO+lJMwKgMnEtplE8AbJ74AQEAUCESpEJvNlNoU1VSSmhORmsABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgAAIAAIAAHRcnwxD0EACAAUJIx1+vxTzWOyfafF9tFkzZIBE8qAKAAEKQoUxA=="}
00748{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":199,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":199,"pkt_l4_len":165,"thread_ts_usec":1669989925221418,"pkt":"CL6sCxduJjb1W8R1CABFAAC5VjpAAEARNW\/AqAycjvpSTJRPS2kApScvFv7\/AAAAAAAAAAAAkAEAAIQAAAAAAAAAhP79S\/RrlK87INy3ylIzfu8bizsUmZbJs1gA0ekqf6irQH0AAAAWwCvAL8ypzKjACcATwArAFACcAC8ANQEAAEQAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAIwAAAA0AFAASBAMIBAQBBQMIBQUBCAYGAQIBAA4ACQAGAAEACAAHAA=="}
01168{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925187720,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":100,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":100,"midstream":0,"thread_ts_usec":1669989925221418,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","blocks":0}}}
02159{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":1245,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1245,"pkt_l4_len":1211,"thread_ts_usec":1669989925246353,"pkt":"Jjb1W8R1CL6sCxduCABFgATPAAAAACkR3hOO+lJMwKgMnEtplE8Eu\/g7Fv79AAAAAAAAAAAAUAIAAEQAAAAAAAAARP79Y4oGJZyFb5JepAe9szJjjByvKZ37cPqVErYZyM765YAAwC8AABwAFwAA\/wEAAQAACwACAQAAIwAAAA4ABQACAAgAFv79AAAAAAAAAAECvQsAArEAAQAAAAACsQACrgACqzCCAqcwggGPoAMCAQICCQC8uqOs09h3+zANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhoYW5nb3V0czAeFw0yMjExMzAxNzM1MThaFw0yMzEyMDExNzM1MThaMBMxETAPBgNVBAMMCGhhbmdvdXRzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1yxLV4kqNHdkASeF5xg7eBecoZkE9HEL3CyKnnV5t7toYNS4OeGhbcQbMPNSDSOnmlHbqdcw6ZEJuQgiDVPLlIYRs\/6teD1Rrh95uPxCli\/eawXofQ+85GwLd8HPu\/1Tf1KkdH7bTnI5ggNxJzvUIn7OvPEXLAxPOh7I3RCas4Cd7k+Oz1YQmbnYZfKYy3jnzIQ+h556EgecvjI9tDtX+SanJAa9c9M8yzK9YkbAGCSQV5haW7yBvttXD17QF64g2wM65j0g3uTJ7UrtyneMAht0I4sc8aCq7AhuwJnWwhakL3taKN6y6c2q98Okz0ECUeQ60147X\/ysmxI0vfS3wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAtFce+YJ3fArKQ4fKZHaF7w6Kn2kogyZChKZ\/Hr8mqr4iyQ2HgF5a8PPh\/BB+aDDMa7k4IZueAjh2a\/Y+Q0YKmwP4sMWrhKZjyg7loocB2Z93+BngDSUrNEnyPyOCN9ZeSj5sPLdOKtCQveKhJ+JpqKozl98tw1LmmE96d9gwb8f6Jld\/hD\/ZPjp3oucWhOyUvDDg08IOTCFjgw\/DGttdJzZkBMJyh7kfx4YrHfF2HYOOyG44BVLSsU+mtF8zjy4+slDyAC9GrxyBkpvINa2tR2uuH0fel3keaZjEPRwf6GZDs55po6e3PVX9sXBZAq9CvabFKHqC+YA5YP3U1cKkrFv79AAAAAAAAAAIBNAwAASgAAgAAAAABKAMAHSCbQVZZ8KrFVukce1QIPdZ2T96RMNZBLJbxPJsZqAz6HggEAQCRDe7GpBuvs6Fbe\/duaPnRzi+TuxO1aOrBXscZ4djas+UCamAjEbmU07x7uRr5uMpZqZI27NlR5\/7+AkrBrh6rckT+uo7sd5UZV7HyRKFUxK2YjkrS1HzkNFKp7RfB27LVg6pCeGHysEbHV8V8dPks1hAl834D9n2PtxaDwfhvehWA9hQk338ICURUX5EX+U\/IHQMBEcJVinCclbAzJDu0zMO+EESVFt0\/FVowcSbYpZ7fqrDjqh\/OFcjlRHUxdumeVRsT9idi1zgvn9NhIKP0\/enEfBqbQOpwI22cdU8fNKIJCPoeYSiIDy\/ceLYeDc6iY09Tn2ER0Y7KuhmW5eKbFv79AAAAAAAAAAMAJQ0AABkAAwAAAAAAGQIBQAASBAMIBAQBBQMIBQUBCAYGAQIBAAAW\/v0AAAAAAAAABAAMDgAAAAAEAAAAAAAA"}
01343{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":2,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925221418,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":116,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":157,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":273,"flow_dst_tot_l4_payload_len":1303,"midstream":0,"thread_ts_usec":1669989925246353,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP","tls": {"version":"DTLSv1.2","ja3":"c14667d7da3e6f7a7ab5519ef78c2452","ja3s":"1f5d6a6d0bc5d514dd84d13e6283d309","ja4":"dd2d110700_c45550529adf_d9dd6182da81","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"CN=hangouts","subjectDN":"CN=hangouts","fingerprint":"AF:DD:BF:F5:59:23:0C:D1:B0:9F:B1:04:2E:89:DF:4C:1B:AB:BE:CC","blocks":0}}}
00693{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1669989925331729,"flow_dst_last_pkt_time":1669989925246353,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":162,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":162,"pkt_l4_len":128,"thread_ts_usec":1669989925331729,"pkt":"CL6sCxduJjb1W8R1CABFAACUVj1AAEARNZHAqAycjvpSTJRPS2kAgIetAAEAZCESpEJHeElSOVZ4WXVGUjkABgAfZWEzV3RfOWFBU29vZWdvS0FBaUtBaUFERUE6OGpiNgDAVwAEAAMACoAqAAjHmPZBrcBKnwAlAAAAJAAEbn8e\/wAIABRPuZAhjSuP3zBrIerigzXVUm4nSYAoAAQ65t8C"}
02226{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":32,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":18,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989925844909,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":65,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":2558,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1669989925844909,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":29,"avg":43515.6,"max":258068,"stddev":58201.4,"var":3387401984.0,"ent":4.0,"data": [23454,57152,58633,110311,426,107899,55,29,31904,33185,42585,42763,84060,83239,24775,643,393,2519,24830,54,50,34247,28143,7940,22933,203231,6659,19573,19853,258068,19379]},"pktlen": {"min":68,"avg":221.2,"max":1231,"stddev":244.4,"var":59721.8,"ent":4.4,"data": [144,128,185,1231,148,573,128,109,598,573,598,109,149,117,141,93,125,121,97,93,97,113,93,68,93,93,127,112,112,128,469,112]},"bins": {"c_to_s": [0,0,10,5,1,0,0,0,0,0,0,0,0,0,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [0,1,5,4,0,0,0,0,0,0,0,0,0,1,0,0,0,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,1,0,0,1,1,1,0,1,0,1,0,1,0,0,0,0,1,1,1,0,1,1,0,0,0,0,0,1,0],"entropies": [5.970281124,5.844405174,4.975852966,7.376402378,5.926150799,6.767900467,5.873587608,5.727212906,7.417241573,6.742666721,7.399977684,5.666547298,6.284676552,5.878243446,6.278099537,5.456246376,6.045804977,5.932724476,5.656750679,5.431894302,5.443003178,5.773984909,5.547308922,5.480338573,5.456245899,5.525803089,6.089138508,6.235580444,6.295892239,6.029528141,7.452062130,6.164150715]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
00816{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":40,"packets-processed":39,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":6775,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":2,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":13,"global_ts_usec":1710679657055887}
00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":0,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":0,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657055887,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657055887,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657055887,"pkt":"CL6sCxduSKRyNpegCABFAAA08+VAAIAGV4zAqAy2jvpS+cQtDZbxQLjKAAAAAIAC+vBI\/gAAAgQFtAEDAwgBAQQC"}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1710679657055887,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_usec":1710679657058869,"pkt":"SKRyNpegCL6sCxduCABFgAA0AABAAG8GW\/KO+lL5wKgMtg2WxC3d8CUA8UC4y4AS\/\/9BHQAAAgQFhAEBBAIBAwMI"}
00547{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1710679657060611,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1710679657060611,"pkt":"CL6sCxduSKRyNpegCABFAAAo8+dAAIAGV5bAqAy2jvpS+cQtDZbxQLjL3fAlAVAQAQOAvQAA"}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1710679657060888,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_usec":1710679657060888,"pkt":"CL6sCxduSKRyNpegCABFAAAo8+hAAIAGV5XAqAy2jvpS+cQtDZbxQLjL3fAlAVAQAgB\/wAAA"}
00587{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"pkt_datalink":1,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_usec":1710679657061095,"pkt":"CL6sCxduSKRyNpegCABFAABE8+lAAIAGV3jAqAy2jvpS+cQtDZbxQLjL3fAlAVAYAgCAvgAAAAMACCESpEJNeko1THZzcmRlbGMAGQAEEQAAAA=="}
00989{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":44,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657058869,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1710679657061095,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"","stun": {}}}
01016{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":46,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":3,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657061095,"flow_dst_last_pkt_time":1710679657063848,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":28,"flow_dst_max_l4_payload_len":80,"flow_src_tot_l4_payload_len":28,"flow_dst_tot_l4_payload_len":80,"midstream":0,"thread_ts_usec":1710679657063848,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com","stun": {}}}
02238{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":71,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657765266,"flow_dst_last_pkt_time":1710679657791909,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":656,"flow_src_tot_l4_payload_len":1320,"flow_dst_tot_l4_payload_len":1924,"midstream":0,"thread_ts_usec":1710679657791909,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":0,"avg":46625.8,"max":509459,"stddev":117745.2,"var":13863926784.0,"ent":2.8,"data": [2982,4724,277,207,4964,15,4148,4126,3916,466724,509459,1184,218,46646,1080,55404,53567,7433,0,8588,49659,55453,222,48997,10062,51393,4524,8018,5673,16613,19125]},"pktlen": {"min":40,"avg":142.1,"max":696,"stddev":150.7,"var":22704.0,"ent":4.4,"data": [52,52,40,40,68,40,120,192,116,40,180,196,148,172,84,40,40,140,204,236,40,172,40,696,40,172,140,648,40,160,40,160]},"bins": {"c_to_s": [8,0,0,2,5,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [6,1,2,3,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,1,0,0,0,1,1,0,1,0,1,0,0,0,1,1,0,1,0,0,1,0,1,1,0,0,1,1,0,0,1,1],"entropies": [4.776611805,5.000318050,4.831686974,4.834183693,5.321198940,4.834183693,5.795867443,6.212464809,5.776382446,4.784183979,5.991631985,6.163437843,5.951478004,6.109816074,5.892313004,4.981687069,4.881687641,6.144776344,6.237818718,5.382826805,5.031687260,6.101328850,5.031687260,6.564705849,4.881687164,6.057666779,5.976850510,7.406529903,4.784183979,5.974988937,4.981687069,5.932507992]},"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}}
01015{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":25,"flow_dst_packets_processed":14,"flow_first_seen":1669989925164266,"flow_src_last_pkt_time":1669989926044388,"flow_dst_last_pkt_time":1669989925832608,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":61,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":545,"flow_dst_max_l4_payload_len":1203,"flow_src_tot_l4_payload_len":3152,"flow_dst_tot_l4_payload_len":3623,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.156","dst_ip":"142.250.82.76","src_port":37967,"dst_port":19305,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.GoogleCall","proto_id":"30.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":1,"breed":"Acceptable","category_id":10,"category":"VoIP"}}
01047{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":28,"flow_dst_packets_processed":35,"flow_first_seen":1710679657055887,"flow_src_last_pkt_time":1710679657948817,"flow_dst_last_pkt_time":1710679657936697,"flow_idle_time":7580000000,"flow_src_min_l4_payload_len":0,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":196,"flow_dst_max_l4_payload_len":1108,"flow_src_tot_l4_payload_len":1968,"flow_dst_tot_l4_payload_len":12540,"midstream":0,"thread_ts_usec":1710679657948817,"l3_proto":"ip4","src_ip":"192.168.12.182","dst_ip":"142.250.82.249","src_port":50221,"dst_port":3478,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"STUN.GoogleCall","proto_id":"78.404","proto_by_ip":"Google","proto_by_ip_id":126,"encrypted":0,"breed":"Acceptable","category_id":10,"category":"VoIP","hostname":"turn.l.google.com"}}
00822{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":102,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_dtls_rtp.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":102,"packets-processed":102,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":21283,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":3,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":25,"global_ts_usec":1710679657948817}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 102/102
~~ skipped flows.............: 0
~~ total layer4 data length..: 21283 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6648989 bytes
~~ total memory freed........: 6648989 bytes
~~ total allocations/frees...: 114136/114136
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 552 chars
~~ json message max len.......: 2243 chars
~~ json message avg len.......: 1396 chars
Powered by cgit, Themed by Ted Yin.