aboutsummaryrefslogtreecommitdiff
path: root/test/results/tftp.pcap.out
blob: 738b6b5224a746c16267e9a2cefe20b47a1be5be (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

00438{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tftp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":256,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":255}
00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1367411051972,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"ts_msec":1367411051972,"pkt":"AFCN14tDAAu+GJpACABFAAAwAAAAAP8ROWXAqAD9wKgACsW6AEUAHD4gAAFyZmMxMzUwLnR4dABvY3RldAA="}
00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1367411051972,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00553{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":1,"flow_first_seen":1367411052077,"flow_last_seen":1367411052077,"flow_idle_time":180000,"flow_min_l4_payload_len":516,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":516,"flow_avg_l4_payload_len":516,"midstream":0,"ts_msec":1367411052077,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1367411052077,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1367411052077,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkyUAAIARI1DAqAAKwKgA\/Q11xboCDNSjAAMAAQoKCgoKCk5ldHdvcmsgV29ya2luZyBHcm91cCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSy4gU29sbGlucwpSZXF1ZXN0IEZvciBDb21tZW50czogMTM1MCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBNSVQKU1REOiAzMyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgSnVseSAxOTkyCk9ic29sZXRlczogUkZDIDc4MwoKCiAgICAgICAgICAgICAgICAgICAgIFRIRSBURlRQIFBST1RPQ09MIChSRVZJU0lPTiAyKQoKU3RhdHVzIG9mIHRoaXMgTWVtbwoKICAgVGhpcyBSRkMgc3BlY2lmaWVzIGFuIElBQiBzdGFuZGFyZHMgdHJhY2sgcHJvdG9jb2wgZm9yIHRoZSBJbnRlcm5ldAogICBjb21tdW5pdHksIGFuZCByZXF1ZXN0cyBkaXNjdXNzaW9uIGFuZCBzdWdnZXN0aW9ucyBmb3IgaW1wcm92ZW1lbnRzLgogICBQbGVhc2UgcmVmZXIgdG8gdGhlIGN1cnJlbnQgZWRpdGlvbiBvZiB0aGUgIklB"}
00445{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1367411052081,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":12,"ts_msec":1367411052081,"pkt":"AFCN14tDAAu+GJpACABFAAAgAAEAAP8ROXTAqAD9wKgACsW6DXUADKpJAAQAAQAAAAAAAAAAAAAAAAAA"}
01113{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1367411052086,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1367411052086,"pkt":"AAu+GJpAAFCN14tDCABFAAIgkycAAIARI07AqAAKwKgA\/Q11xboCDOXlAAMAAkIgT2ZmaWNpYWwgUHJvdG9jb2wKICAgU3RhbmRhcmRzIiBmb3IgdGhlIHN0YW5kYXJkaXphdGlvbiBzdGF0ZSBhbmQgc3RhdHVzIG9mIHRoaXMgcHJvdG9jb2wuCiAgIERpc3RyaWJ1dGlvbiBvZiB0aGlzIG1lbW8gaXMgdW5saW1pdGVkLgoKU3VtbWFyeQoKICAgVEZUUCBpcyBhIHZlcnkgc2ltcGxlIHByb3RvY29sIHVzZWQgdG8gdHJhbnNmZXIgZmlsZXMuICBJdCBpcyBmcm9tCiAgIHRoaXMgdGhhdCBpdHMgbmFtZSBjb21lcywgVHJpdmlhbCBGaWxlIFRyYW5zZmVyIFByb3RvY29sIG9yIFRGVFAuCiAgIEVhY2ggbm9udGVybWluYWwgcGFja2V0IGlzIGFja25vd2xlZGdlZCBzZXBhcmF0ZWx5LiAgVGhpcyBkb2N1bWVudAogICBkZXNjcmliZXMgdGhlIHByb3RvY29sIGFuZCBpdHMgdHlwZXMgb2YgcGFja2V0cy4gIFRoZSBkb2N1bWVudCBhbHNvCiAgIGV4cGxhaW5zIHRoZSByZWFzb25zIGJlaGluZCBzb21lIG9mIHRoZSBkZXNpZ24gZGVjaXNpb25zLgoKQWNrbm93bGVnZW1lbnRzCgogICBUaGUg"}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":4,"flow_first_seen":1367411052077,"flow_last_seen":1367411052088,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1367411052088,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00557{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":2,"flow_packets_processed":98,"flow_first_seen":1367411052077,"flow_last_seen":1367411052258,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":24991,"flow_avg_l4_payload_len":255,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.10","dst_ip":"192.168.0.253","src_port":3445,"dst_port":50618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00550{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":1,"flow_packets_processed":1,"flow_first_seen":1367411051972,"flow_last_seen":1367411051972,"flow_idle_time":180000,"flow_min_l4_payload_len":20,"flow_max_l4_payload_len":20,"flow_tot_l4_payload_len":20,"flow_avg_l4_payload_len":20,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"192.168.0.253","dst_ip":"192.168.0.10","src_port":50618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00547{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00447{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1626968644630,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"ts_msec":1626968644630,"pkt":"eCSvPj0DAFBWn8+KCABFAAAuYudAAEARdJqsHAVbrBwFqq5KAEUAGkfgAAJ6ei5iaW4AbmV0YXNjaWkA"}
00585{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644630,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","ndpi": {"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":1,"flow_first_seen":1626968644631,"flow_last_seen":1626968644631,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":4,"flow_tot_l4_payload_len":4,"flow_avg_l4_payload_len":4,"midstream":0,"ts_msec":1626968644631,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00432{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":101,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1626968644631,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":46,"pkt_l4_len":12,"ts_msec":1626968644631,"pkt":"AFBWn8+KeCSvPj0DCABFAAAgqt8AAEARbLCsHAWqrBwFW\/JqrkoADPveAAQAAA=="}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1626968644632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYuhAAEARcqesHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
01201{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1626968644632,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":558,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":558,"pkt_l4_len":524,"ts_msec":1626968644632,"pkt":"eCSvPj0DAFBWn8+KCABFAAIgYulAAEARcqasHAVbrBwFqq5K8moCDEJWAAMAAR+LCACcqPdgAAPs3L1untmCpufcR\/GhA5oMuEVS\/wLGCRUYA5RkCLATYQCzRPW0DIrcoKTq6cweH4fPYWDDgR3MMew+I389YwMFOnD6+MaFNxG1tLiuquiOnn\/96+5wdXG4eP3u5at3V88Pjw+\/fn59PL\/9+sevm\/vD3bff7x7+7b\/9dv9vz3\/8vD3+8d3h8Pnh8dvxbw4\/Hv7+5z\/ePH79V3\/3+OOffhzPbv\/u8OMf\/7uvjz++Pdz\/q79785erF3+5+LvDvzv\/67fbf\/V3ly+vnv\/LD9\/u\/\/7hX\/3dP\/z8+dd3z5794z\/+41\/+78t\/+fLw\/e\/+zeH\/+VWHf7z5cfiv\/9v\/5uvtf\/Gv\/38u\/P3x7ufPf\/r8\/O2rf\/Pu8Pff7r4ejr\/h59fvh+8Pv+5\/Hr4+Pj48vjv8+vH73\/\/4\/J\/\/7fl\/+uHfHM7\/q8OzP24enz3+un\/2n0+e\/aeTd4e\/\/S9\/+9\/\/+d8f\/vnf\/+0\/\/O3\/\/Nt\/\/Nv\/9rf\/ePjn\/\/mf\/6d\/\/vf\/\/D8ef\/w\/\/uVPf\/tf\/\/Yf0NDQ0NDQ0Oq0V09oN\/c3Xx4f7j8\/v3j+4oj71w+\/H\/77f\/mLv9zefLv7p\/\/ycPyn37\/d3\/z8fyXM\/8cv+vDw+P3m7vD13337eTi9PPwPx997\/G84e\/JL3uz+j0JDQ0NDQ0Or0Z7vJhoaGhoa"}
00648{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","ndpi": {"flow_risk": {"5":"Known protocol on non standard port"},"proto":"TFTP","breed":"Acceptable","category":"DataTransfer"}}
00554{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":4,"flow_packets_processed":4,"flow_first_seen":1626968644631,"flow_last_seen":1626968644632,"flow_idle_time":180000,"flow_min_l4_payload_len":4,"flow_max_l4_payload_len":516,"flow_tot_l4_payload_len":1040,"flow_avg_l4_payload_len":260,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.170","dst_ip":"172.28.5.91","src_port":62058,"dst_port":44618,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00548{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","flow_id":3,"flow_packets_processed":1,"flow_first_seen":1626968644630,"flow_last_seen":1626968644630,"flow_idle_time":180000,"flow_min_l4_payload_len":18,"flow_max_l4_payload_len":18,"flow_tot_l4_payload_len":18,"flow_avg_l4_payload_len":18,"midstream":0,"ts_msec":1626968644632,"l3_proto":"ip4","src_ip":"172.28.5.91","dst_ip":"172.28.5.170","src_port":44618,"dst_port":69,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00154{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":104,"source":"tftp.pcap","alias":"nDPId-test","total-events-serialized":22}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 104/104
~~ skipped flows.............: 0
~~ total layer4 data length..: 26069 bytes
~~ total detected protocols..: 4
~~ total active/idle flows...: 4/4
~~ total timeout flows.......: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ total memory allocated....: 4602941 bytes
~~ total memory freed........: 4602941 bytes
~~ total allocations/frees...: 99666/99666
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 159 chars
~~ json string max len.......: 1206 chars
~~ json string avg len.......: 750 chars
Powered by cgit, Themed by Ted Yin.