aboutsummaryrefslogtreecommitdiff
path: root/test/results/stun_extra_dissection/stun_zoom.pcapng.out
blob: afc5ec1e9b7db9580698ece0fdbd1330aa8e12df (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

00581{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"reader-thread-count":1,"flow-scan-interval":10000000,"generic-max-idle-time":600000000,"icmp-max-idle-time":120000000,"udp-max-idle-time":180000000,"tcp-max-idle-time":7560000000,"max-packets-per-flow-to-send":5,"max-packets-per-flow-to-process":32,"max-packets-per-flow-to-analyse":32,"global_ts_usec":0}
00805{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":1,"packets-processed":0,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":2,"global_ts_usec":1661169535535091}
00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535535091,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzBAAEAR2WPAqCuphuBab77WImEApEJpAAEAiCESpEIJLXMzkXIYSWor3N8ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABQBKtqrmyxMEjIdswOfhTMx+y49voAoAASJCByW"}
01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535535091,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535535091,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535555383,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzJAAEAR2WHAqCuphuBab77WImEApPIXAAEAiCESpEI4RCHR9KJD4dY6X5oABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABTFtYB0ycot0Qy1S9naomjILfmurIAoAAQ+7lku"}
01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535535091,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535555383,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535607032,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD3xAADERbHSG4FpvwKgrqSJhvtYASE6sAQEALCESpEIJLXMzkXIYSWor3N8AIAAIAAEAAHwzzS0ACAAUX9ajIUvkC+s+fBB\/ykxaS5wOOuqAKAAEnxO\/9Q=="}
01152{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":3,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535555383,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607032,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"mapped_address":"93.33.105.111:8466"}}}
00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535607198,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535607198,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kzhAAEAR2VvAqCuphuBab77WImEApMlhAAEAiCESpELh2wHdYLBaO1o3kj4ABgBJRTA0RDk0M0YtQzI3MS1DOTZBLUMyN0QtRENCRDA5Nzc4NjgwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAiWY\/V4e1fy1AAIABSuLzMpSQJ1k35eeZhTIs+Mn14fOYAoAATxREob"}
00786{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":231,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":231,"pkt_l4_len":197,"thread_ts_usec":1661169535607340,"pkt":"BLFnWRHgPKn0qB\/sCABFAADZkzlAAEAR2TnAqCuphuBab77WImEAxZeyFv7\/AAAAAAAAAAAAsAEAAKQAAAAAAAAApP79\/DOP2Z8sGz4yGXA4ZlFO9zOHpZDtCkri7Pkm\/\/cH3ZMAAAAQwCvAL8ypzKjACsAJwBPAFAEAAGoAFwAA\/wEAAQAACgAIAAYAHQAXABgACwACAQAAEAASABAGd2VicnRjCGMtd2VicnRjAA0AIAAeBAMFAwYDAgMIBAgFCAYEAQUBBgECAQQCBQIGAgICABwAAkAAAA4ACwAIAAcACAABAAIA"}
01179{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535607340,"flow_dst_last_pkt_time":1661169535607032,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":657,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535607340,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}}
00800{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5}
00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535618755,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4kztAAEAR2VjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"}
01105{"flow_event_id":7,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":1,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535618755,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":156,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535618755,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00738{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535638993,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0BAAEAR2VPAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"}
01223{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":2,"flow_dst_packets_processed":0,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535638993,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":0,"flow_src_tot_l4_payload_len":312,"flow_dst_tot_l4_payload_len":0,"midstream":0,"thread_ts_usec":1661169535638993,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}},"46": {"risk":"Unidirectional Traffic","severity":"Low","risk_score": {"total":500,"client":430,"server":70}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {}}}
00740{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_src_last_pkt_time":1661169535718922,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535718922,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k0tAAEAR2UjAqCuphuBab89JImEApL\/wAAEAiCESpEJLP6Z0mpHuyXM99DsABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQVCSdtSQAdStsSN058SaFOtEGuzIAoAARNKhxK"}
00739{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":4,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535618755,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_usec":1661169535739218,"pkt":"BLFnWRHgPKn0qB\/sCABFAAC4k09AAEAR2UTAqCuphuBab89JImEApLZaAAEAiCESpEL9LPrXga3tdiwo33AABgBJN0Y0MjBCMzUtQjE2QS0wNUQ3LTEyRkEtQkU5RkI2QjE1QkIwOjIwNDBGN0VDLTNGQkYtNjFGNy0xQUMyLUFBRDVENDYxMEE4RQAAAAAlAAAAJAAEbn8A\/4AqAAj8yIRLXFnKhQAIABQChv5mW36ahJOVgp5AHXlcdTAbQoAoAAQBQcBH"}
01237{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":15,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":4,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771624,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":1244,"midstream":0,"thread_ts_usec":1661169535771624,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","advertised_alpns":"webrtc,c-webrtc","blocks":0}}}
01531{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":18,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_src_packets_processed":7,"flow_dst_packets_processed":7,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169535757744,"flow_dst_last_pkt_time":1661169535771656,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1191,"flow_dst_tot_l4_payload_len":4400,"midstream":0,"thread_ts_usec":1661169535771656,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video","tls": {"version":"DTLSv1.2","server_names":"*.cloud.zoom.us","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"323ab23be4a686962b978f9ca6735add","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1","subjectDN":"C=US, ST=California, L=San Jose, O=Zoom Video Communications, Inc., CN=*.cloud.zoom.us","advertised_alpns":"webrtc,c-webrtc","fingerprint":"FD:F2:22:45:64:31:28:BD:2D:56:D6:F4:56:01:71:88:E3:4C:2C:D9","blocks":0}}}
00617{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_packet_id":5,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"pkt_datalink":1,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_usec":1661169535812586,"pkt":"PKn0qB\/sBLFnWRHgCABFAABcD6NAADARbU2G4FpvwKgrqSJhz0kASPHKAQEALCESpEJLP6Z0mpHuyXM99DsAIAAIAAEAAHwzzS0ACAAUCL5PYVNYAABIJaSs+ThbSkIV4CuAKAAEBcrGkQ=="}
01153{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":21,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":4,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535739218,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":156,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":624,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535812586,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Proto on Non Std Port","severity":"Medium","risk_score": {"total":160,"client":140,"server":20}}},"confidence": {"6":"DPI"},"proto":"STUN","proto_id":"78","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":0,"breed":"Acceptable","category_id":14,"category":"Network","hostname":"","stun": {"mapped_address":"93.33.105.111:8466"}}}
01180{"flow_event_id":8,"flow_event_name":"detection-update","thread_id":0,"packet_id":23,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_src_packets_processed":6,"flow_dst_packets_processed":1,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169535813097,"flow_dst_last_pkt_time":1661169535812586,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":156,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":64,"flow_src_tot_l4_payload_len":969,"flow_dst_tot_l4_payload_len":64,"midstream":0,"thread_ts_usec":1661169535813097,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network","tls": {"version":"DTLSv1.2","ja3":"3e12a43c7535bb32beac3928f8fe905d","ja3s":"","ja4":"dd2d0808we_c6c2b6ec87e0_06b1ae923e2a","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","advertised_alpns":"webrtc,c-webrtc","blocks":0}}}
02194{"flow_event_id":5,"flow_event_name":"analyse","thread_id":0,"packet_id":62,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":17,"flow_dst_packets_processed":15,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536326542,"flow_dst_last_pkt_time":1661169536383924,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":50,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2576,"flow_dst_tot_l4_payload_len":5172,"midstream":0,"thread_ts_usec":1661169536383924,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"data_analysis": {"iat": {"min":5,"avg":47514.7,"max":193831,"stddev":51140.5,"var":2615352320.0,"ent":4.1,"data": [20238,79929,20296,193831,73632,247,50353,49657,26391,24351,170235,80565,10991,149570,50735,24,93581,6,7,6,7,5,8274,29660,4814,50217,80837,100195,42158,3678,58466]},"pktlen": {"min":42,"avg":270.1,"max":1080,"stddev":313.1,"var":98043.5,"ent":4.3,"data": [184,184,184,184,92,184,217,217,184,184,217,92,92,92,184,192,78,92,1080,1080,1080,1080,399,186,92,92,186,92,186,95,101,42]},"bins": {"c_to_s": [0,1,1,0,11,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],"s_to_c": [1,0,9,0,0,0,0,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]},"directions": [0,0,0,0,1,0,0,0,0,0,0,1,1,1,0,0,0,1,1,1,1,1,1,0,1,1,0,1,0,1,0,1],"entropies": [5.849215031,5.820121765,5.845112324,5.820121765,5.609286785,5.848187923,5.155805588,5.151053905,5.856935501,5.837758064,5.169487476,5.679913521,5.609286785,5.658175468,5.856935501,5.312055111,4.055345058,5.723389149,7.020439625,7.330272198,7.262623310,7.369262695,7.183655262,6.090222359,5.701650143,5.679913521,6.082654476,5.723389149,6.098002911,5.370398521,6.009067535,4.320421696]},"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
01003{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_src_packets_processed":13,"flow_dst_packets_processed":17,"flow_first_seen":1661169535535091,"flow_src_last_pkt_time":1661169536293401,"flow_dst_last_pkt_time":1661169536292551,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":1945,"flow_dst_tot_l4_payload_len":5176,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":48854,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS.Zoom","proto_id":"30.189","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Acceptable","category_id":26,"category":"Video"}}
00990{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_src_packets_processed":19,"flow_dst_packets_processed":21,"flow_first_seen":1661169535618755,"flow_src_last_pkt_time":1661169536627218,"flow_dst_last_pkt_time":1661169536805680,"flow_idle_time":200000000,"flow_src_min_l4_payload_len":49,"flow_dst_min_l4_payload_len":0,"flow_src_max_l4_payload_len":189,"flow_dst_max_l4_payload_len":1052,"flow_src_tot_l4_payload_len":2726,"flow_dst_tot_l4_payload_len":5471,"midstream":0,"thread_ts_usec":1661169536805680,"l3_proto":"ip4","src_ip":"192.168.43.169","dst_ip":"134.224.90.111","src_port":53065,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":5,"ndpi": {"confidence": {"6":"DPI"},"proto":"DTLS","proto_id":"30","proto_by_ip":"Zoom","proto_by_ip_id":189,"encrypted":1,"breed":"Safe","category_id":14,"category":"Network"}}
00815{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":70,"source":"cfgs\/stun_extra_dissection\/pcap\/stun_zoom.pcapng","alias":"nDPId-test","version":"1.7.0","ndpi_version":"4.11.0-4834-92507c0","packets-captured":70,"packets-processed":70,"pfring_active":false,"pfring_recv":0,"pfring_drop":0,"pfring_shunt":0,"total-skipped-flows":0,"total-l4-payload-len":15318,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":8,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-compressions":0,"total-compression-diff":0,"current-compression-diff":0,"global-alloc-count":0,"global-free-count":0,"global-alloc-bytes":0,"global-free-bytes":0,"total-events-serialized":28,"global_ts_usec":1661169536805680}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 70/70
~~ skipped flows.............: 0
~~ total layer4 data length..: 15318 bytes
~~ total detected protocols..: 2
~~ total active/idle flows...: 2/2
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 6656920 bytes
~~ total memory freed........: 6656920 bytes
~~ total allocations/frees...: 114111/114111
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json message min len.......: 586 chars
~~ json message max len.......: 2199 chars
~~ json message avg len.......: 1370 chars
Powered by cgit, Themed by Ted Yin.